Abstract
Direct anonymous attestation (DAA) is a mechanism for a remote user to
provide a verifier with some assurance it is using software and/or
hardware from trusted sets of software and/or hardware respectively.
In addition, the user is able to control if and when a verifier
is able to link two signatures: to determine whether or not they were
produced by the same platform. The verifier is never able to tell which
which particular platform produced a given signature or pair of signatures.
We first address a problem with the proof of security for
the original DAA scheme of Brickell, Camenisch and Chen. In particular, we
construct an adversary that can tell if
its in a simulation or not. We then provide the necessary changes to the
simulator such that the adversary can no longer do this and prove this fact,
hence repairing the proof.
Our main contribution is a security analysis of the Chen, Morrissey and Smart (CMS)
DAA scheme. This scheme uses asymmetric bilinear pairings and was proposed without
a proof of security. We use the well
established simulation based security model of Brickell, Camenisch and Chen and
also use a similar proof technique to theirs. We prove the CMS scheme is secure
in the
random oracle model relative to the bilinear Lysyanskaya, Rivest, Sahai and Wolf
(LRSW)
assumption, the hardness of discrete logarithms in the groups used and collision
resistance of the hash functions used in the scheme.
| Translated title of the contribution | On Proofs of Security for DAA Schemes |
|---|---|
| Original language | English |
| Title of host publication | Provable Security - PROVSEC 2008 |
| Publisher | Springer Berlin Heidelberg |
| Pages | 167-175 |
| Volume | 5324 |
| Publication status | Published - 2008 |
Bibliographical note
Other page information: 167-175Conference Proceedings/Title of Journal: ProvSec 2008
Other identifier: 2000942