Politecnico di Torino (logo)

Direct Anonymous Attestation

Lorenzo De Siena

Direct Anonymous Attestation.

Rel. Antonio Lioy, Ignazio Pedone. Politecnico di Torino, Corso di laurea magistrale in Ingegneria Informatica (Computer Engineering), 2022

PDF (Tesi_di_laurea) - Tesi
Licenza: Creative Commons Attribution Share Alike.

Download (2MB) | Preview

Today, the rapid expansion of the Internet of Things and Cloud Computing is bringing up increasing issues in keeping systems secure and trustworthy. One of the tools to achieve a better degree of security is the Trusted Platform Module (TPM), which consists of a tamper-resistant device that allows verification of the system state through Remote Attestation. This leads to new issues regarding user privacy, thus giving rise to the need to create a privacy-preserving way of performing system state attestation. The Direct Anonymous Attestation (DAA) is a set of cryptographic schemes used to create anonymous digital signatures through the help of the TPM. After acquiring a credential from the group membership issuer, the platform can generate signatures on behalf of the group. Such signatures can be verified by a verifier who will not be able to identify the signer among group members. The DAA also grants the ability to revoke any malicious credentials and invalidate additional signatures. We have created an implementation of a hybrid DAA scheme from the implementation provided by Wesemeyer et al. based on Chen and Li's proposed DAA scheme. The hybrid scheme brings pseudo-anonymity advantages provided by DAA and at the same time allows for the use of pre-existing, higher performance implementations typical of traditional Remote Attestation. The implementation consists of six modules that execute the various steps of a Remote Attestation using DAA and perform the functions of the different actors involved. The Issuer and Verifier have been implemented as http servers that expose the APIs to perform a DAA. The group Member, instead, performs the setup of the TPM and, by contacting the provided APIs, joins the group requesting a credential to the Issuer. Then it generates, certifies, and exchanges an Attestation key (AK) with the Verifier. Once the AK has been agreed upon, the Member can perform cycles of remote attestation with the Verifier providing an attestation of PCR registers associated with the BIOS and IMA Measurement Log. Lastly, the Verifier checks the attestation and the measurements logs alerting eventual validation problems.

Relators: Antonio Lioy, Ignazio Pedone
Academic year: 2022/23
Publication type: Electronic
Number of Pages: 98
Corso di laurea: Corso di laurea magistrale in Ingegneria Informatica (Computer Engineering)
Classe di laurea: New organization > Master science > LM-32 - COMPUTER SYSTEMS ENGINEERING
Aziende collaboratrici: Politecnico di Torino
URI: http://webthesis.biblio.polito.it/id/eprint/25392
Modify record (reserved for operators) Modify record (reserved for operators)