Research On Some Key Technologies Of Anonymous Remote Attestaion Based On Group Signatures In Trusted Computing Enviroment

With the information technology being widely used in people’s life and work, information security and privacy protection have been paid more and more attention. However, the traditional security defense technique is unable to effectively ensure the security and privacy of computing platform. For this reason, the trusted computing (TC) emerge as the times require, providing a new and effective security measure for the computing platform. In the architecture of the trusted computing, remote attestation is one of the core functions of the trusted computing, whose purpose is to prove the trusted property of the computing platform to the remote verifier. However, in the trusted computing environment, the existing remote attestation approaches have some shortcomings, like low performance, poor extendibility, easy to expose the privacy of the platform, which would directly lead to the difficulty of making the trusted computing general and applicable. Therefore, this paper focuses on the core problem of the remote verification in the trusted computing environment, and presents the corresponding solutions to make up for the existing shortcomings of the remote attestation and promote the development of the trusted computing.The approaches of remote attestation in the trusted computing environment include: privacy certificate authority (PCA) anonymous digital certificate system, direct anonymous attestation and remote binary attestation which is based on the former two methods. In practical the three approaches all have drawbacks and shortcomings. Therefore, based on the research of group signature, this paper solves the existing problems of the three methods. Our works and contributions are as follows:(1) Aiming at the existing security and performance problems, we propose a new dynamic group signature scheme which is anonymous against adaptive chosen ciphertext attack (CCA). Firstly, we propose the new security model of group signature and formally define the security properties that the group signature should satisfy. Secondly, using the Goth-Sahan proof system and verifiable encryption technology, we propose the concrete construction of the scheme based on the decisional linear assumption and q-strong Diffie-Hellman assumption, and the scheme is with the characteristic that group members can join dynamically. Then, in the standard model, we give the strictly security proof for the proposed group signature scheme that it is with CCA anonymity, traceability and unframeability. Finally, we compare this scheme with other existing schemes on security and performance, it turns out that the proposed group signature is better than the existing others.(2) Aiming at the security and performance of the direct anonymous attestation, firstly we propose a new security model which can capture the security demands more accurately than the existing security models. Secondly, using the secure two-party computation protocol, we propose the highly active construction method of the scheme based on decisional Diffie-Hellman assumption,q-strong Diffie-Hellman assumption. Then we give the strictly security proof for the proposed scheme based on the new security model, to prove that the scheme is with user controllable untraceability, anonymity, unframeability and so on. Finally, we detailedly compare with the existing direct anonymous attestation scheme on performance, it turns out the new proposed direct anonymous attestation scheme is more efficient.(3)Aiming at the bottle-neck problem of platform configuration information revealing and verification performance in trusted computing environment remote binary attestation, we propose a new property-based attestation scheme. By transforming the binary platform configuration information into property information, the scheme reduces the reveal of platform configuration information and the burden of the verifier. Firstly, we propose the new security model of the property-based attestation scheme, and define the security notions which the new property-based attestation scheme should have. Secondly, using group signature and the local verifier revocation technology, we present the concrete construction of the scheme which provides the online and offline property certificate checking mechanisms. Then, based on the proposed security model, we engage in the security prove for the scheme in random oracle model, to prove that it satisfies the correctness, proof unforgeability, configuration privacy. Finally, we compare the scheme with the existing similar scheme on computational cost and the length of the attestation respectively, it turns out that the scheme has the advantages of practicability and efficiency than others.(4) Aiming at the bottle-neck of the performance of the privacy CA anonymous digital certificate system and collusive privacy attack, firstly, based on the dynamic group signature scheme with CCA anonymity which is proposed in this paper, we propose a new anonymous digital certificate system architecture which is based on group signature scheme, solving the existing problems above of the original anonymous digital certificate system. Then, according to this architecture, we propose the implementation of the core protocol in the system. On the basis of this work, we design the prototype system for the proposed anonymous digital certificate based on group signature scheme. Finally, we test the functions that joining privacy groups, applying and issuing AIK (Attestation Identity Key) certificate, remote attestation.