Cryptology ePrint Archive: Report 2017/200

Anonymous Attestation with Subverted TPMs

Jan Camenisch and Manu Drijvers and Anja Lehmann

Abstract: Various sources have revealed that cryptographic standards and components have been subverted to undermine the security of users, reigniting research on means to achieve security in presence of such subverted components. In this paper we consider direct anonymous attestation (DAA) in this respect. This standardized protocol allows a computer with the help of an embedded TPM chip to remotely attest that it is in a healthy state. Guaranteeing that different attestations by the same computer cannot be linked was an explicit and important design goal of the standard in order to protect the privacy of the user of the computer. Surprisingly, none of the standardized or otherwise proposed DAA protocols achieves privacy when the TPM is subverted, but they all rely on the honesty of the TPM. As the TPM is a piece of hardware, it is hardly possible to tell whether or not a given TPM follows the specified protocol. In this paper we study this setting and provide a new protocol that achieves privacy also in presence of subverted TPMs.

Category / Keywords: cryptographic protocols / Direct Anonymous Attestation, Subliminal channel, Anonymity, Privacy, Universal Composability, Trusted Platform Module

Original Publication (with major differences): IACR-CRYPTO-2017

Date: received 27 Feb 2017, last revised 28 Jun 2017

Contact author: mdr at zurich ibm com

Available format(s): PDF | BibTeX Citation

Version: 20170628:145434 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]