Design And Implementation Of Privacy CA System Based On Dynamic Group Signatures

In order to solve the privacy of the user in the remote authorization process in the trusted computing environment, Trusted Computing Group (TCG) proposed the Privacy CA scheme. The scheme protects the privacy of user by introducting a trusted third party CA that issues an AIK credential for users. Verifier judges the authenticity of trusted platform by verifying the AIK credential of the trusted computing platform to solve the privacy exposure problem of the attestation of trusted computing platform and protect the privacy of users. However, the scheme has two drawbacks. One is that the Privacy CA needs to be involved into every transaction of the remote authorization, which will cause the efficiency bottleneck of the whole certification system; the other is that if the Privacy CA and the verifier collude, or the Privacy CA is corrupted, the verifier will be able to uniquely identify a identity of a user. That will result in that the privacy of the user is not protected.In order to solve the drawbacks of the Privacy CA scheme, the paper proposes an efficient dynamic group signature scheme, which is based on BSZ security model and constructed by using the subgroup decision assumption and the l-SDH assumption, then strictly proves the security in the standard model. The proof shows that the scheme has traceability, anonymity, and non-frameability. In terms of performance, compared with the existing group signature scheme, the proposed scheme has advantages of short signature length, low communication cost and computational cost, and allows the user to dynamically join a group. Another work of the paper is the construction of the Privacy CA system based on the dynamic group signature. The sytem includes four types of entities which are respectively called Privacy CA, CA, verifer and user. Compared with traditional Privacy CA, due to Privacy CA does not need to be involved in each transaction of the certification so that the system can resolve the performance bottleneck of the traditional privacy of CA. Because of the features of the anonymity and non-frameability of group signature, the disclosure of privacy caused by the collusion in the traditional privacy CA is avoided. This paper uses Linux operating system platform and Java language to implement the Privacy CA system based on the dynamic group signature in the trusted computing platform. The system consists of client, privacy CA server and CA server. By tested, the system is able to complete the main operations such as adding themember of privacy group, issuing, searching and downloading the AIK credential.