基于直接匿名证言的可信平台身份证明协议的设计

直接匿名证言(DAA)既解决了隐私CA的瓶颈问题,又实现对TPM的认证和匿名,是当前可信计算平台身份证明最好的理论解决方案之一,TCG在TPMv1.2中将其作为解决平台身份证明问题的标准.但该标准中仅仅重点描述了DAA实现认证和匿名的原理、复杂运算和关键步骤,并没有给出具体和完整的协议流程.基于DAA基本原理设计了可信平台身份证明的安全协议:AI-DAA.该协议不仅能够实现可信平台身份认证和隐私保护,而且还能保证协议实体之间的双向身份认证和信息传输的机密性.协议安全性分析表明,AI-DAA不仅能防止消息重放攻击,而且还能抵御中间人攻击.

Design of Attestation of Identity Protocol for Trusted Platform Module Based on Direct Anonymous Attestation

DAA(direct anonymous attestation),that is one of the best theoretical solutions for attestation of identity of trusted platform module(TPM),not only resolves the bottleneck of privacy CA,but also achieves authentication and anonymity to TPM,so it becomes a standard in TPM1.2.However,only authentication and anonymity principle,complex calculations and key steps of DAA are described in TPM1.2,the specific and the complete protocol process is not given.In this paper,based on the principles of DAA,AI-DAA,which is the security protocol for attestation of identity of TPM,is designed.It can ensure not only attestation of identity and privacy,but also bidirectional authentication between the protocol entities,and confidentiality of the transmission information.It is showed by security analysis that AI-DAA not only can prevent message replay attacks,but also resist the middle attacks.