Reasearch And Application Of Remote Identity Attestation For TPM

Identity authentication technology is one of important mechanism of information security, communication between the parties need to verify each other. However, traditional Identity authentication disclosure identity is inevitable. In order to meet modern communicated requirement of security and privacy, trusted computing propose two schemes for identity authentication, which can protect privacy, while attesting identity.This paper based on DAA and Privacy CA scheme, and the improved DAA scheme by Chen L in2009, we mainly research and application of remote identity attestation for TPM, and propose based-bilinear pairing and strong anonymous DAA protocol. This protocol includes Setup, Join, Sign and Signature Verification, and introduces help-part. In the Join protocol, the platform authentic itself and obtains a DAA certificate from issuer, the protocol of Sign, the platform use TPM secret f and the DAA certificate to generate a Signature to attest the platform trusted. The function of Signature Verification is that the verifier verify signature. Then we analyze the anonymity, Rudolph attack and security properties of the protocol. This scheme can effectively prevent disclosure the secret of TPM and make the platform more privacy.Another part of the paper is to research the based-bilinear pairing and strong anonymous DAA protocol. As in traditional multicast environment, there is less research on the group member’s identity. The paper proposes TPM-based multicast member identity attestation protocol. Before joining the multicast, member needs to attest itself to the group manager. The protocol includes five parts:setup, Join protocol, AIK generates protocol, member attestation and group manager verification. Then we give a security analyze to the member attestation.in order to protest terminal security, and we discuss the multicast key management for TPM. Finally, in the the virtual machine of VMware-workstation-6.0.2-59824and SUSE11.1, Tpm_Emulator simulate TPM chip, and then the experiment show that this member identity attestation scheme is feasible.