Abstract
Anonymous credential systems provide privacy-preserving authentication solutions for accessing services and resources. In these systems, copying and sharing credentials can be a serious issue. As this cannot be prevented in software alone, these problems form a major obstacle for the use of fully anonymous authentication systems in practice. In this paper, we propose a solution for anonymous authentication that is based on a hardware security module to prevent sharing of credentials. Our protocols are based on the standard protocols Transport Layer Security (TLS) and Direct Anonymous Attestation (DAA). We present a detailed description and a reference implementation of our approach based on a Trusted Platform Module (TPM) as hardware security module. Moreover, we discuss drawbacks and alternatives, and provide a pure software implementation to compare with our TPM-based approach.
Full version available at http://security.polito.it/tc/daa/anon_auth_full.pdf
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Ardagna, C., Camenisch, J., Kohlweiss, M., Leenes, R., Neven, G., Priem, B., Samarati, P., Sommer, D., Verdicchio, M.: Exploiting cryptography for privacy-enhanced access control: A result of the PRIME project. Journal of Computer Security 18, 123–160 (2010)
Armknecht, F., Gasmi, Y., Sadeghi, A.R., Stewin, P., Unger, M., Ramunno, G., Vernizzi, D.: An efficient implementation of Trusted Channels based on Openssl. In: Proceedings of the 3rd ACM Workshop on Scalable Trusted Computing (STC 2008), pp. 41–50. ACM, New York (2008)
Balfe, S., Lakhani, A.D., Paterson, K.G.: Securing peer-to-peer networks using Trusted Computing. In: Trusted Computing, pp. 271–298. IEEE Press, Los Alamitos (2005)
Barić, N., Pfitzmann, B.: Collision-free accumulators and fail-stop signature schemes without trees. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 480–494. Springer, Heidelberg (1997)
Bichsel, P., Binding, C., Camenisch, J., Groß, T., Heydt-Benjamin, T., Sommer, D., Zaverucha, G.: Cryptographic protocols of the identity mixer library. Technical Report RZ 3730 (#99740), IBM Research (2009)
Bichsel, P., Camenisch, J., Groß, T., Shoup, V.: Anonymous credentials on a standard Java Card. In: Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS 2009). ACM Press, New York (2009)
Blake-Wilson, S., Nystrom, M., Hopwood, D., Mikkelsen, J., Wright, T.: Transport Layer Security (TLS) Extensions. RFC 4366 (Proposed Standard), Obsoleted by RFC 5246 (April 2006)
Brickell, E., Camenisch, J., Chen, L.: Direct Anonymous Attestation. In: Proceedings of the 11th ACM Conference on Computer and Communications Security (CCS 2004), pp. 132–145. ACM Press, New York (2004)
Brickell, E., Chen, L., Li, J.: Simplified security notions of Direct Anonymous Attestation and a concrete scheme from pairings. International Journal of Information Security 8(5), 315–330 (2009)
Camenisch, J., Lysyanskaya, A.: An efficient system for non-transferable anonymous credentials with optional anonymity revocation. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 93–118. Springer, Heidelberg (2001)
Camenisch, J., Lysyanskaya, A.: Signature schemes and anonymous credentials from bilinear maps. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 56–72. Springer, Heidelberg (2004)
Chaum, D.: Untraceable electronic mail, return addresses, and digital pseudonyms. Commun. ACM 24(2), 84–88 (1981)
Chaum, D.: Security without identification: Transaction systems to make big brother obsolete. ACM Commun. 28(10), 1030–1044 (1985)
Chen, L.: A DAA scheme requiring less TPM resources. In: Proceedings of the 5th China International Conference on Information Security and Cryptology, Inscrypt 2009 (2010); Also available at Cryptology ePrint Archive, Report 2010/008
Chen, L., Morrissey, P., Smart, N.: Pairings in Trusted Computing. In: Galbraith, S.D., Paterson, K.G. (eds.) Pairing 2008. LNCS, vol. 5209, pp. 1–17. Springer, Heidelberg (2008)
Dierks, T., Rescorla, E.: The Transport Layer Security (TLS) Protocol Version 1.2. RFC 5246 (Proposed Standard) (August 2008)
Gajek, S., Manulis, M., Pereira, O., Sadeghi, A.R., Schwenk, J.: Universally composable security analysis of TLS. In: Baek, J., Bao, F., Chen, K., Lai, X. (eds.) ProvSec 2008. LNCS, vol. 5324, pp. 313–327. Springer, Heidelberg (2008)
Goldman, K., Perez, R., Sailer, R.: Linking remote attestation to secure tunnel endpoints. In: Proceedings of the first ACM workshop on Scalable Trusted Computing (STC 2006), pp. 21–24. ACM, New York (2006)
Goldschlag, D.M., Reed, M.G., Syverson, P.F.: Onion routing. ACM Commun. 42(2), 39–41 (1999)
Leung, A., Mitchell, C.J.: Ninja: Non identity based, privacy preserving authentication for ubiquitous environments. In: Krumm, J., Abowd, G.D., Seneviratne, A., Strang, T. (eds.) UbiComp 2007. LNCS, vol. 4717, pp. 73–90. Springer, Heidelberg (2007)
Lindell, A.Y.: Anonymous authentication. Aladdin Knowledge Systems Inc. (2006), http://www.aladdin.com/blog/pdf/AnonymousAuthentication.pdf
Nguyen, L., Safavi-Naini, R.: Dynamic k-times anonymous authentication. In: Ioannidis, J., Keromytis, A.D., Yung, M. (eds.) ACNS 2005. LNCS, vol. 3531, pp. 318–333. Springer, Heidelberg (2005)
Reiter, M.K., Rubin, A.D.: Crowds: Anonymity for web transactions. ACM Trans. Inf. Syst. Secur. 1(1), 66–92 (1998)
Robertson, J.: Supergeek pulls off ‘near impossible’ crypto chip hack. News article at NZ Herald (February 2010), http://www.nzherald.co.nz/technology/news/article.cfm?c_id=5&objectid=10625082&pnum=0
Santesson, S.: TLS Handshake Message for Supplemental Data. RFC 4680 (Proposed Standard) (October 2006)
Schechter, S., Parnell, T., Hartemink, A.: Anonymous authentication of membership in dynamic groups. In: Franklin, M.K. (ed.) FC 1999. LNCS, vol. 1648, pp. 184–195. Springer, Heidelberg (1999)
Smyth, B., Ryan, M., Chen, L.: Direct Anonymous Attestation (DAA): Ensuring privacy with corrupt administrators. In: Stajano, F., Meadows, C., Capkun, S., Moore, T. (eds.) ESAS 2007. LNCS, vol. 4572, pp. 218–231. Springer, Heidelberg (2007)
Syverson, P.F., Tsudik, G., Reed, M.G., Landwehr, C.E.: Towards an analysis of onion routing security. In: Federrath, H. (ed.) Designing Privacy Enhancing Technologies. LNCS, vol. 2009, pp. 96–114. Springer, Heidelberg (2001)
Trusted Computing Group: TCG Software Stack Specification Version 1.2, Level 1, Errata A
Trusted Computing Group: TCG TPM Specification, Version 1.2, Revision 103
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Cesena, E., Löhr, H., Ramunno, G., Sadeghi, AR., Vernizzi, D. (2010). Anonymous Authentication with TLS and DAA. In: Acquisti, A., Smith, S.W., Sadeghi, AR. (eds) Trust and Trustworthy Computing. Trust 2010. Lecture Notes in Computer Science, vol 6101. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-13869-0_4
Download citation
DOI: https://doi.org/10.1007/978-3-642-13869-0_4
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-13868-3
Online ISBN: 978-3-642-13869-0
eBook Packages: Computer ScienceComputer Science (R0)