| This thesis makes a detailed analysis on the three schemes designed to solve anonymous authentication in TCP(Trusted Computing Platform) and emphatically discussed proposal DAA (Direct Anonymous Attestation ,BCC scheme in the paper) in TPM specification Version 1.2. They are as follows:(1) The principles, complicated arithmetic and key steps of DAA protocol are mainly described in the TPM(Trusted Platform Module) specification Version 1.2, it takes on consideration of problems such as authentication and confidentiality of information transmission between entities. Based on the principles of DAA, the author designs a security protocol for TCP identification—AI-DAA which can realize not only the identity authentication and privacy protection in TCP, but also the identity authentication and data confidentiality between protocol entities.(2) In order to optimize this protocol and find out performance bottlenecks, it is necessarily important to consult quantitative analyses and to measure the performance load of DAA's entities. This paper analyzes the protocol processing and proposes a distribution measurement method for performance load, of which the basic performance unit is machine period. This method firstly needs to analyze all kinds of complicated arithmetic in DAA protocol and choose a better one, and then counts the number of basic arithmetic which is the large integer single-precision multiplication, single-precision addition, memory read and memory write, etc. Finally, the every entity performance and the whole performance burden in DAA, whose unit is the machine period, are summed. Theoretical analysis shows this method can not only provide an accurate ,careful and effective counting of entity's performance load and overall performance load, but also know performance load had platform-independent characteristics by measurement. This work provides a foundation for further optimizing of DAA protocol.(3) This paper proposed a new and direct Anonymous Attestation—TMZ-DAA ,based on the discrete logarithm problem of GF(p) EC(Elliptic Curves). The scheme is still belong to ECC-DAA, and the scheme's process and framework is almost same as these of other schemes. But compared to other schemes, the scheme's main operations are point addition and scalar multiplication of elliptic curves system, the whole complexity is largely decreased, and the scheme's key and signature length are much shorter. Meanwhile, the scheme reduces the computational cost of each entity in Join protocol, Sign protocol and Verify algorithm, including TPM, Host, Issuer, Verifier. It gives a practical solution to ECC-based TPM in protecting the privacy of the TPM. |
PDF Full Text Request