A delegation based cross trusted domain direct anonymous attestation scheme

Abstract

Direct Anonymous Attestation (DAA) is a complex cryptographic protocol for remote attestation and provides both signer authentication and privacy. It was adopted by the Trusted Computing Group (TCG) as a technical standard. However, the DAA scheme in TCG specifications is designed for the single trusted domain attestation, and cannot be deployed in different trusted domain directly. It limits its application range in mobile networks, cloud computing, Internet of Things networks when users and authentication servers belong to different domains. Based on delegation of the trusted relationship, a new cross trusted domain direct anonymous attestation scheme is proposed in this paper. The proxy signature is used for trusted relationship delegation among different domains, and the DAA method is used for the computation platform authentication when a trusted platform accessing different trusted domains. Then the authentication protocol is designed and analyzed under Canetti–Krawczyk (CK) model for the platform remote attestation. The further analysis shows that our proposal can resist platform masquerade attacks and replay attacks, and the authentication protocol is provably secure. The security of the DAA remote attestation system is enhanced by the session key agreement. Finally, a prototype implementation and some experiments are given, the results show that the proposed scheme is effective and suitable for cross domain applications.