A Trusted DAA Authentication Model Based On TPM

Computer technology deeply affects people’s lifestyles and behavior. To provide users with a safe and effective authentication service is one of the core tasks. Public key infrastructure is a widely used authentication solution, and the trusted computing technology provides a new solution for the identity authentication too.Firstly the related technologies like the theory of identity authentication, PKI, X.509 digital certificate and SSL protocol are introduced, then the direct anonymous attestation(DAA) is introduced detailed. On the basis of these technologies a credible DAA authentication model based on TPM is designed. To begin with construct a secure elliptic hyperbolic E based on elliptic hyperbolic ECC-DAA scheme by ISSUER initializing, Then generate a DAA certificate, and present to the platforms through zero-knowledge proof, so the platforms obtain their DAA certificate; After that the DAA two-way anonymous authentication get on between the two platforms, when it completion, the platform be a state of mutual trust CA, and trust the sub-certificate issued by other side; Finally, design sub-certificate based on X.509 certificates, and authentication between platforms get on by sub-certificate during the trust CA state. It is through obtaining DAA certificate, DAA two-way anonymous authentication and sub-certification three modules to achieve the trusted authentication between two TPM platforms, solve the issues of certificates can’t be updated in timely, certificate updating needs a third party CA in traditional PKI technology, and standardize the model usable range and certificate update cycle. Then the single sign-on technology is introduced, combining with trusted DAA authentication, SAML2.0,and ID-FF1.2, a new SSO model of the cloud computing environments is proposed, which can make sure the system security and reduce the performance lose due to the introduction of TPM. simulation experiments shows that the design of trusted DAA authentication model can be safe and convenient to realize the identity authentication between the platforms, to ensure the safety to the user identity information.