Download presentation

Presentation is loading. Please wait.

Published byAustin McKenzie Modified about 1 year ago

1
The Attestation Mechanism in Trusted Computing

2
A Simple Remote Attestation Protocol Platform TPM Verifier Application A generates PK A & SK A 2) computes hash #A 3) Cert{PK A, #A}SK AIK 4) Cert AIK { PK A, #A}, Cert CA { PK AIK } 6) looks up #A in DB 5) verifies the signatures 7)... PK TPM & SK TPM (Endorsement key) 1) PK A DB #A“ok” PK AIK & SK AIK (Attestation Identity Key)

3
Privacy Concerns The attestation key could be used to track internet activity and compromise privacy. 1 st solution: trusted third party. 2 nd solution: Direct anonymous attestation. -E. Brickell, J. Camenisch, and L. Chen

4
DAA - Joining Platform TPM DAA Issuer 2) DAA, Cert CA {PKT PM } 3) Sig Issuer (DAA) PK TPM & SK TPM (Endorsement key) 1) generates DAA key *Sig Issuer (DAA) is (c,e,s) such that c e = a daa b s d mod n key=(a,b,d,n)

5
DAA – Attestation (1) Platform TPM PK TPM & SK TPM (Endorsement key) DAA key Verifier 4) Sig AIKi {PK A, #A} PK AIKi & SK AIKi (Attestation Identity Keys) 1) Generate AIK i 3) Compute Sig DAA {AIK i, verifier, time} Application A 2) Compute #A

6
DAA – Attestation (2) Platform TPM PK TPM & SK TPM (Endorsement key) DAA key Verifier 4) Sig AIKi {PK A, #A} PK AIKi & SK AIKi (Attestation Identity Keys) 5) ZKP that establishes that the TPM posesses: Sig Issuer {DAA} and Sig DAA {AIK i, verifier, time} Application A 1) Generate AIK i 3) Compute Sig DAA {AIK i, verifier, time} 2) Compute #A

Similar presentations

© 2017 SlidePlayer.com Inc.

All rights reserved.

Ads by Google