1 / 6

The Attestation Mechanism in Trusted Computing

The Attestation Mechanism in Trusted Computing. Platform. 4) Cert AIK { PK A , #A}, Cert CA { PK AIK }. Application A. Verifier. generates PK A & SK A. 5) verifies the signatures. 6) looks up #A in DB. 7). 1) PK A. 3) Cert{PK A , #A}SK AIK. #A. “ok”. TPM. 2) computes hash #A. DB.

anaya
Download Presentation

The Attestation Mechanism in Trusted Computing

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Attestation Mechanism in Trusted Computing

  2. Platform 4) CertAIK{PKA, #A}, CertCA{PKAIK} Application A Verifier generates PKA & SKA 5) verifies the signatures 6) looks up #A in DB 7) ... 1) PKA 3) Cert{PKA, #A}SKAIK #A “ok” TPM 2) computes hash #A DB PKTPM & SKTPM (Endorsement key) PKAIK & SKAIK (Attestation Identity Key) A Simple Remote Attestation Protocol

  3. Privacy Concerns • The attestation key could be used to track internet activity and compromise privacy. • 1st solution: trusted third party. • 2nd solution: Direct anonymous attestation. -E. Brickell, J. Camenisch, and L. Chen

  4. DAA - Joining Platform 2) DAA, CertCA{PKTPM} DAA Issuer TPM 1) generates DAA key key=(a,b,d,n) PKTPM & SKTPM (Endorsement key) 3) SigIssuer(DAA) *SigIssuer(DAA) is (c,e,s) such that ce = adaa bs d mod n

  5. DAA – Attestation (1) 1) Generate AIKi 2) Compute #A Platform 3) Compute SigDAA{AIKi, verifier, time} 4) SigAIKi{PKA, #A} Application A Verifier TPM PKTPM & SKTPM (Endorsement key) PKAIKi & SKAIKi (Attestation Identity Keys) DAA key

  6. DAA – Attestation (2) 1) Generate AIKi 2) Compute #A Platform 3) Compute SigDAA{AIKi, verifier, time} 4) SigAIKi{PKA, #A} Application A Verifier TPM 5) ZKP that establishes that the TPM posesses: SigIssuer{DAA} and SigDAA{AIKi, verifier, time} PKTPM & SKTPM (Endorsement key) PKAIKi & SKAIKi (Attestation Identity Keys) DAA key

More Related