| ¡¡ | Chinese Journal of Computers Full Text |
| Title | A Direct Anonymous Attestation Scheme in Multi-Domain Environment |
| Authors | CHEN Xiao-Feng FENG Deng-Guo |
| Address | (State Key Laboratory of Information Security, Institute of Software, Chinese Academy of Sciences, Beijng 100190) (Graduate University of Chinese Academy of Sciences, Beijing 100190) |
| Year | 2008 |
| Issue | No.7(1122¡ª1130) |
| Abstract & Background | Abstract In this paper, the authors analyze the direct anonymous scheme for trusted computing platform and find the deficiency of direct anonymous scheme in multi-domain environments.Then, the authors extend the direct anonymous scheme so that the new scheme can be suitable for multi-domain environment. The new scheme can protect the privacy of trusted computing platform in multi-domain environment, meanwhile the authors analyze the security aspects of the proposed scheme, it is showed that the scheme meet the security requirements of unforgeability and anonymity, finally the authors analyze the efficiency of the proposed scheme and validate the proposed scheme through the experiments. Keywords trusted computing platform; direct anonymous attestation; multi-domain environment; trusted platform module Background This work is supported by the National Natural Science Foundation of China under grant Nos.60673083, 60603017 and the National High Technology Research and Development Program of China(863 Plan) under grant Nos.2007AA01Z412, 2006AA01Z454. In trusted computing platform proposed by TCG group, the TPM is the core component.In order to protect the privacy of trusted computing platform, the TCG group proposed the Direct Anonymous Attestation scheme.In the Direct Anonymous Attestation scheme, the trusted computing platform can anonymously attest the platform¡¯s identity to verifier without the help of a trusted third party.But when extending to the multi-domain environment, the situation becomes complicated, the corporations can build their own DAA issuers, there will exist several security domains which is autonomous in some way, every security domain will have their own DAA issuer, every involved parties trust the DAA issuer within the same security domain, the trusted computing platform can¡¯t communicate with the verifier located in another security domain. In this paper£¬the authors analyze the deficiency of the original direct anonymous scheme,and propose an extended direct anonymous scheme named IDAA. The IDAA can provide the anonymity for trusted computing platform in multi-domain environment. The authors analyze the security of the proposed IDAA scheme and shows that the proposed scheme meets the security requirements of unforgeability and anonymity. Finally they give the performance analysis of the IDAA scheme. |