Skip to main content
SpringerLink
Log in

Anonymous Authentication with TLS and DAA

  • Conference paper
Book cover Trust and Trustworthy Computing (Trust 2010)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 6101))

Included in the following conference series:

Abstract

Anonymous credential systems provide privacy-preserving authentication solutions for accessing services and resources. In these systems, copying and sharing credentials can be a serious issue. As this cannot be prevented in software alone, these problems form a major obstacle for the use of fully anonymous authentication systems in practice. In this paper, we propose a solution for anonymous authentication that is based on a hardware security module to prevent sharing of credentials. Our protocols are based on the standard protocols Transport Layer Security (TLS) and Direct Anonymous Attestation (DAA). We present a detailed description and a reference implementation of our approach based on a Trusted Platform Module (TPM) as hardware security module. Moreover, we discuss drawbacks and alternatives, and provide a pure software implementation to compare with our TPM-based approach.

Full version available at http://security.polito.it/tc/daa/anon_auth_full.pdf

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Ardagna, C., Camenisch, J., Kohlweiss, M., Leenes, R., Neven, G., Priem, B., Samarati, P., Sommer, D., Verdicchio, M.: Exploiting cryptography for privacy-enhanced access control: A result of the PRIME project. Journal of Computer Security 18, 123–160 (2010)

    Google Scholar 

  2. Armknecht, F., Gasmi, Y., Sadeghi, A.R., Stewin, P., Unger, M., Ramunno, G., Vernizzi, D.: An efficient implementation of Trusted Channels based on Openssl. In: Proceedings of the 3rd ACM Workshop on Scalable Trusted Computing (STC 2008), pp. 41–50. ACM, New York (2008)

    Chapter  Google Scholar 

  3. Balfe, S., Lakhani, A.D., Paterson, K.G.: Securing peer-to-peer networks using Trusted Computing. In: Trusted Computing, pp. 271–298. IEEE Press, Los Alamitos (2005)

    Google Scholar 

  4. Barić, N., Pfitzmann, B.: Collision-free accumulators and fail-stop signature schemes without trees. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 480–494. Springer, Heidelberg (1997)

    Google Scholar 

  5. Bichsel, P., Binding, C., Camenisch, J., Groß, T., Heydt-Benjamin, T., Sommer, D., Zaverucha, G.: Cryptographic protocols of the identity mixer library. Technical Report RZ 3730 (#99740), IBM Research (2009)

    Google Scholar 

  6. Bichsel, P., Camenisch, J., Groß, T., Shoup, V.: Anonymous credentials on a standard Java Card. In: Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS 2009). ACM Press, New York (2009)

    Google Scholar 

  7. Blake-Wilson, S., Nystrom, M., Hopwood, D., Mikkelsen, J., Wright, T.: Transport Layer Security (TLS) Extensions. RFC 4366 (Proposed Standard), Obsoleted by RFC 5246 (April 2006)

    Google Scholar 

  8. Brickell, E., Camenisch, J., Chen, L.: Direct Anonymous Attestation. In: Proceedings of the 11th ACM Conference on Computer and Communications Security (CCS 2004), pp. 132–145. ACM Press, New York (2004)

    Chapter  Google Scholar 

  9. Brickell, E., Chen, L., Li, J.: Simplified security notions of Direct Anonymous Attestation and a concrete scheme from pairings. International Journal of Information Security 8(5), 315–330 (2009)

    Article  Google Scholar 

  10. Camenisch, J., Lysyanskaya, A.: An efficient system for non-transferable anonymous credentials with optional anonymity revocation. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 93–118. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  11. Camenisch, J., Lysyanskaya, A.: Signature schemes and anonymous credentials from bilinear maps. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 56–72. Springer, Heidelberg (2004)

    Google Scholar 

  12. Chaum, D.: Untraceable electronic mail, return addresses, and digital pseudonyms. Commun. ACM 24(2), 84–88 (1981)

    Article  Google Scholar 

  13. Chaum, D.: Security without identification: Transaction systems to make big brother obsolete. ACM Commun. 28(10), 1030–1044 (1985)

    Article  Google Scholar 

  14. Chen, L.: A DAA scheme requiring less TPM resources. In: Proceedings of the 5th China International Conference on Information Security and Cryptology, Inscrypt 2009 (2010); Also available at Cryptology ePrint Archive, Report 2010/008

    Google Scholar 

  15. Chen, L., Morrissey, P., Smart, N.: Pairings in Trusted Computing. In: Galbraith, S.D., Paterson, K.G. (eds.) Pairing 2008. LNCS, vol. 5209, pp. 1–17. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  16. Dierks, T., Rescorla, E.: The Transport Layer Security (TLS) Protocol Version 1.2. RFC 5246 (Proposed Standard) (August 2008)

    Google Scholar 

  17. Gajek, S., Manulis, M., Pereira, O., Sadeghi, A.R., Schwenk, J.: Universally composable security analysis of TLS. In: Baek, J., Bao, F., Chen, K., Lai, X. (eds.) ProvSec 2008. LNCS, vol. 5324, pp. 313–327. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  18. Goldman, K., Perez, R., Sailer, R.: Linking remote attestation to secure tunnel endpoints. In: Proceedings of the first ACM workshop on Scalable Trusted Computing (STC 2006), pp. 21–24. ACM, New York (2006)

    Chapter  Google Scholar 

  19. Goldschlag, D.M., Reed, M.G., Syverson, P.F.: Onion routing. ACM Commun. 42(2), 39–41 (1999)

    Article  Google Scholar 

  20. Leung, A., Mitchell, C.J.: Ninja: Non identity based, privacy preserving authentication for ubiquitous environments. In: Krumm, J., Abowd, G.D., Seneviratne, A., Strang, T. (eds.) UbiComp 2007. LNCS, vol. 4717, pp. 73–90. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  21. Lindell, A.Y.: Anonymous authentication. Aladdin Knowledge Systems Inc. (2006), http://www.aladdin.com/blog/pdf/AnonymousAuthentication.pdf

  22. Nguyen, L., Safavi-Naini, R.: Dynamic k-times anonymous authentication. In: Ioannidis, J., Keromytis, A.D., Yung, M. (eds.) ACNS 2005. LNCS, vol. 3531, pp. 318–333. Springer, Heidelberg (2005)

    Google Scholar 

  23. Reiter, M.K., Rubin, A.D.: Crowds: Anonymity for web transactions. ACM Trans. Inf. Syst. Secur. 1(1), 66–92 (1998)

    Article  Google Scholar 

  24. Robertson, J.: Supergeek pulls off ‘near impossible’ crypto chip hack. News article at NZ Herald (February 2010), http://www.nzherald.co.nz/technology/news/article.cfm?c_id=5&objectid=10625082&pnum=0

  25. Santesson, S.: TLS Handshake Message for Supplemental Data. RFC 4680 (Proposed Standard) (October 2006)

    Google Scholar 

  26. Schechter, S., Parnell, T., Hartemink, A.: Anonymous authentication of membership in dynamic groups. In: Franklin, M.K. (ed.) FC 1999. LNCS, vol. 1648, pp. 184–195. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  27. Smyth, B., Ryan, M., Chen, L.: Direct Anonymous Attestation (DAA): Ensuring privacy with corrupt administrators. In: Stajano, F., Meadows, C., Capkun, S., Moore, T. (eds.) ESAS 2007. LNCS, vol. 4572, pp. 218–231. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  28. Syverson, P.F., Tsudik, G., Reed, M.G., Landwehr, C.E.: Towards an analysis of onion routing security. In: Federrath, H. (ed.) Designing Privacy Enhancing Technologies. LNCS, vol. 2009, pp. 96–114. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  29. Trusted Computing Group: TCG Software Stack Specification Version 1.2, Level 1, Errata A

    Google Scholar 

  30. Trusted Computing Group: TCG TPM Specification, Version 1.2, Revision 103

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Dip. di Automatica e Informatica, Politecnico di Torino, Italy

    Emanuele Cesena, Gianluca Ramunno & Davide Vernizzi

  2. Horst Görtz Institute for IT Security, Ruhr-University Bochum, Germany

    Hans Löhr & Ahmad-Reza Sadeghi

Authors
  1. Emanuele Cesena
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Hans Löhr
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Gianluca Ramunno
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Ahmad-Reza Sadeghi
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Davide Vernizzi
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Heinz College, Carnegie Mellon University, 5000 Forbes Avenue, HBH 2105C, 15213, Pittsburgh, PA, USA

    Alessandro Acquisti

  2. Department of Computer Science, 6211 Sudikoff Laboratory, Dartmouth College, 03755-3510, Hanover, NH, USA

    Sean W. Smith

  3. System Security Lab, Ruhr University Bochum, Universitätsstr. 150, 44780, Bochum, Germany

    Ahmad-Reza Sadeghi

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Cesena, E., Löhr, H., Ramunno, G., Sadeghi, AR., Vernizzi, D. (2010). Anonymous Authentication with TLS and DAA. In: Acquisti, A., Smith, S.W., Sadeghi, AR. (eds) Trust and Trustworthy Computing. Trust 2010. Lecture Notes in Computer Science, vol 6101. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-13869-0_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-13869-0_4

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-13868-3

  • Online ISBN: 978-3-642-13869-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation