Direct anonymous attestation

Direct anonymous attestation

The Direct Anonymous Attestation (DAA) is a cryptographic protocol which enables the remote authentication of a trusted platform whilst preserving the user's privacy. The protocol has been adopted by the Trusted Computing Group (TCG) in the latest version of its Trusted Platform Module (TPM) specification [ [ TPM Specification] ] as a result of privacy concerns (see also Loss of Internet anonymity).

Historical perspective

In principle the privacy issue could be resolved using any standard signature scheme (or public key encryption) and a single key pair. Manufacturers would embed the private key into every TPM produced and the public key would be published as a certificate. Signatures produced by the TPM must have originated from the private key, by the nature of the technology, and since all TPMs use the same private key they are indistinguishable ensuring the user's privacy. This rather naive solution relies upon the assumption that there exists a "global secret". One only needs to look at the precedent of Content Scramble System (CSS), an encryption system for DVDs, to see that this assumption is fundamentally flawed. Furthermore this approach fails to realize a secondary goal, the ability to detect rogue TPMs, that is a TPM that has been compromised and had its secrets extracted.

The solution first adopted by the TCG (TPM specification v1.1) required a trusted third-party, namely a "privacy certificate agency" (privacy CA). Each TPM has an embedded RSA key pair called an Endorsement Key (EK) which the privacy CA is assumed to know. In order to attest the TPM generates a second RSA key pair called an Attestation Identity Key (AIK). It sends AIK, signed by EK, to the privacy CA who checks its validity and issues a certificate for the AIK. The host/TPM is now able to authenticate itself with respect to the certificate. This approach permits two possibilities to detecting rogue TPMs: firstly the privacy CA should maintain a list of EKs known to be rogue and reject requests from them, secondly if a privacy CA receives too many requests from a particular EK it may wish reject them. The number of permitted requests should be subject to a risk management exercise. This solution is problematic since the privacy CA must take part in every transaction and thus must provide high availability whilst remaining secure. Furthermore privacy requirements may be violated if the privacy CA and verifier collude. Although the latter issue can probably be resolved using blind signatures, the first remains.


The DAA protocol is based on three entities and two different steps. The entities are the TPM platform, the DAA Issuer and the DAA verifier. The issuer is charged to verify the TPM platform during the Join step and to issue DAA credential to the platform. The platform uses the DAA credential with the verifier during the Sign step. Through a zero-knowledge proof the verifier can verify the credential without attempting to violate the platform's privacy. DAA also supports anonymity revocation: at the time a TPM proves that it is certified, a third (passive) party can be designed who will later on be able to identify the TPM in case of misuse. [ [ Trusted Computing Group Software Stack Specification (TSS) 1.2 FAQ] ]

Privacy properties

The protocol allows differing degrees of privacy. Interactions are always anonymous, but the user/verifier may negotiate as to whether the verifier is able to link transactions. This would allow user profiling and/or the rejection of requests originating from a host which has made too many requests.

ee also

* Cryptographic protocol
* Digital credential
* Trusted platform module
* Privacy enhancing technologies


External links

* E. Brickell, J. Camenisch, and L. Chen: "Direct anonymous attestation". In Proceedings of 11th ACM Conference on Computer and Communications Security, ACM Press, 2004. ( [ PDF] )
* E. Brickell, J. Camenisch, and L. Chen: "Direct anonymous attestation" . ( [] )
* [ "Interdomain User Authentication and Privacy"] by Andreas Pashalidis - section 6 provides a useful introduction to DAA
* [ "IBM idemix (identity mixer)"] an 'anonymous credential system' under development by IBM
* Heiko Stamer - [ Implementing Direct Anonymous Attestation for the TPM Emulator Project ]

Wikimedia Foundation. 2010.

Игры ⚽ Нужно решить контрольную?

Look at other dictionaries:

  • Direct Anonymous Attestation — The Direct Anonymous Attestation (DAA) is a cryptographic protocol which enables the remote authentication of a trusted platform whilst preserving the user s privacy. The protocol has been adopted by the Trusted Computing Group (TCG) in the… …   Wikipedia

  • Trusted Computing — (TC) is a technology developed and promoted by the Trusted Computing Group. The term is taken from the field of trusted systems and has a specialized meaning. With Trusted Computing the computer will consistently behave in specific ways, and… …   Wikipedia

  • Digital credential — Digital credentials are the digital equivalent of paper based credentials. Just as a paper based credential could be a passport, a Driver s license, a membership certificate or some kind of ticket to obtain some service, such as a cinema ticket… …   Wikipedia

  • Fritz-Chip — Das Trusted Platform Module (TPM) ist ein Chip, der als Teil der TCG Spezifikation (vorher TCPA) Computer oder andere Geräte, die die Befehle des TPM ausführen können, beschränkt. Dies dient beispielsweise den Zielen des Lizenzschutzes und des… …   Deutsch Wikipedia

  • Trusted Platform Module — Das Trusted Platform Module (TPM) ist ein Chip, nach der TCG Spezifikation, die einen Computer oder ähnliche Geräte um grundlegende Sicherheitsfunktionen erweitert. Diese Funktionen können beispielsweise den Zielen des Lizenzschutzes und/oder… …   Deutsch Wikipedia

  • Topics in cryptography — This article is intended to be an analytic glossary , or alternatively, an organized collection of annotated pointers.Classical ciphers*Autokey cipher *Permutation cipher*Polyalphabetic substitution **Vigenère cipher*Polygraphic substitution… …   Wikipedia

  • DAA — or Daa may refer to: Daa, a place in Tanzania Danmarks Adels Aarbog, (Yearbook of the Danish Nobility), a genealogical publication Data access arrangement Data Authentication Algorithm Days After Anthesis Decare, a metric area unit equivalent to… …   Wikipedia

  • DAA — Die Abkürzung DAA (rsp. daa) steht als Abkürzung für: die Deutsche Angestellten Akademie Deutsche Anwaltsakademie beim DAV (Deutscher Anwaltverein) den Deutschen Aufzugsausschuss, siehe Deutscher Aufzugsausschuss Direct Access Archive, Abbild des …   Deutsch Wikipedia

  • Trusted Computing Group — Infobox Company company name = Trusted Computing Group company company type = Consortium location city = Beaverton, Oregon [ [ us/ Trusted Computing Group: Contact Us ] ] location country = USA… …   Wikipedia

  • biblical literature — Introduction       four bodies of written works: the Old Testament writings according to the Hebrew canon; intertestamental works, including the Old Testament Apocrypha; the New Testament writings; and the New Testament Apocrypha.       The Old… …   Universalium

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”