Research On The DAA And Its Application In Trusted Computing Platform

With the popularization of computers and the rapid development of network, the protection of secret information and privacy has become more and more important. However, the leakage of user privacy is a serious problem in the current network. Identity authentication technology is an important mechanism of information security. Communication between the two sides is permitted only after identity authentication for each other. But in traditional, identity authentication may disclose the relevant information of the identity when authenticate themselves to the verifier. A security chip, called trusted platform module (TPM) is integrated into a platform to ensure the safety of the platform that is a Trusted Computing platform. There are two types of authentication in Trusted Computing:Privacy CA and direct anonymous attestation scheme, which can prove themselves while preserving the privacy of the user of the platform. Because of the efficiency bottlenecks of Privacy CA, Trusted Computing adopt direct anonymous attestation scheme (DAA) to achieve authentication.In order to resist to Rudolph attack, collaboration of issuer and verifier attack, get the same degree of privacy as the Privacy CA solution, this paper proposes a new DAA scheme called T-DAA, based on original DAA scheme and Privacy CA scheme. DAA scheme is consist of DAA Join protocol and DAA signature protocol. In DAA Join protocol, the TPM platform obtains a DAA certificate from issuer and then authentic itself; In DAA Sign protocol, the platform use the DAA certificate and TPM secret f to sign a message or AIK and generate the proof of the signature of the platform. Because of the attacks mention above in original DAA scheme, this paper adopt the idea of the original DAA and Privacy CA, a trust third party is taken count into the T-DAA scheme. So the T-DAA scheme can resist to Rudolph, and get better privacy than original DAA scheme. This paper also analyzes the implementation of the original DAA protocol in TSS, analyzes and develops the detail of the T-DAA scheme based on original DAA scheme. And then simulate and run the T-DAA scheme under Fedora10. Make sure the T-DAA scheme can run in the Trusted Computing platform and test and verify it.