research-article

Flexible and scalable digital signatures in TPM 2.0

Authors:

Jiangtao LiAuthors Info & Claims

CCS '13: Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security

Pages 37 - 48

https://doi.org/10.1145/2508859.2516729

Published: 04 November 2013 Publication History

Abstract

Trusted Platform Modules (TPM) are multipurpose hardware chips, which provide support for various cryptographic functions. Flexibility, scalability and high performance are critical features for a TPM. In this paper, we present the new method for implementing digital signatures that has been included in TPM version 2.0. The core part of this method is a single TPM signature primitive, which can be called by different software programmes, in order to implement signature schemes and cryptographic protocols with different security and privacy features. We prove security of the TPM signature primitive under the static Diffie-Hellman assumption and the random oracle model. We demonstrate how to call this TPM signature primitive to implement anonymous signatures (Direct Anonymous Attestation), pseudonym systems (U-Prove), and conventional signatures (the Schnorr signature). To the best of our knowledge, this is the first signature primitive implemented in a limited hardware environment capable of supporting various signature schemes without adding additional hardware complexity compared to a hardware implementation of a conventional signature scheme.

References

[1]

ISO/IEC 11889:2009 Information technology "Security techniques" Trusted platform module.

[2]

Michael Backes, Matteo Maffei, and Dominique Unruh. Zero-knowledge in the applied pi-calculus and automated verification of the direct anonymous attestation protocol. In Proceedings of IEEE Symposium on Security and Privacy, pages 202--215. IEEE Computer Society, 2008.

Digital Library

[3]

D. Bernhard, G. Fuchsbauer, E. Ghadafi, N. P. Smart, and B. Warinschi. Anonymous attestation with user-controlled linkability. International Journal of Information Security, 12(3):219--249, 2013.

Digital Library

[4]

Stefan A. Brands. Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy. MIT Press, August 2000.

Digital Library

[5]

Ernie Brickell, Jan Camenisch, and Liqun Chen. Direct anonymous attestation. In Proceedings of the 11th ACM Conference on Computer and Communications Security, pages 132--145. ACM Press, 2004.

Digital Library

[6]

Ernie Brickell, Liqun Chen, and Jiangtao Li. A new direct anonymous attestation scheme from bilinear maps. In Proceedings of 1st International Conference on Trusted Computing, volume 4968 of LNCS, pages 166--178. Springer, 2008.

Digital Library

[7]

Ernie Brickell, Liqun Chen, and Jiangtao Li. Simplified security notions of direct anonymous attestation and a concrete scheme from pairings. International Journal of Information Security, 8(5):315--330, 2009.

Digital Library

[8]

Ernie Brickell, Liqun Chen, and Jiangtao Li. A (corrected) DAA scheme using batch proof and verification. In Proceedings of 3rd International Conference on Trusted Systems, volume 7222 of LNCS, pages 304--337. Springer, 2011.

Digital Library

[9]

Ernie Brickell and Jiangtao Li. Enhanced Privacy ID: A direct anonymous attestation scheme with enhanced revocation capabilities. In Proceedings of the 6th ACM Workshop on Privacy in the Electronic Society, pages 21--30, October 2007.

Digital Library

[10]

Ernie Brickell and Jiangtao Li. A pairing-based DAA scheme further reducing TPM resources. In Proceedings of 3rd International Conference on Trust and Trustworthy Computing, volume 6101 of LNCS, pages 181--195. Springer, 2010.

Digital Library

[11]

Jan Camenisch and Anna Lysyanskaya. Signature schemes and anonymous credentials from bilinear maps. In Advances in Cryptology -- CRYPTO '04, volume 3152 of LNCS, pages 56--72. Springer, 2004.

[12]

David Chaum and Hans Van Antwerpen. Undeniable signatures. In Advances in Cryptology -- CRYPTO '89, volume 435 of LNCS, pages 212--216. Springer, 1989.

Digital Library

[13]

Liqun Chen. A DAA scheme using batch proof and verification. In Proceedings of the 3rd International Conference on Trust and Trustworthy Computing, volume 6101 of LNCS, pages 166--180. Springer, 2010.

Digital Library

[14]

Liqun Chen, Paul Morrissey, and Nigel P. Smart. Pairings in trusted computing. In Proceedings of the 2nd International Conference on Pairing-Based Cryptography, volume 5209 of LNCS, pages 1--17. Springer, 2008.

Digital Library

[15]

Liqun Chen, Siaw-Lynn Ng, and Guilin Wang. Threshold anonymous announcement in VANETs. IEEE Journal on Selected Areas in Communications, Special Issue on Vehicular Communications and Networks, 2010.

Digital Library

[16]

Liqun Chen, Dan Page, and Nigel P. Smart. On the design and implementation of an efficient DAA scheme. In Proceedings of the 9th Smart Card Research and Advanced Application IFIP Conference. Springer, 2010.

Digital Library

[17]

Xiaofeng Chen and Dengguo Feng. Direct anonymous attestation for next generation TPM. Journal of Computers, 3(12):43--50, 2008.

[18]

Kurt Dietrich. Anonymous client authentication for transport layer security. In Communications and Multimedia Security, volume 6109 of LNCS, pages 268--280, 2010.

Digital Library

[19]

Taher El Gamal. A public key cryptosystem and a signature scheme based on discrete logarithms. In Advances in Cryptology -- CRYPTO '84, volume 196 of LNCS, pages 10--18. Springer, 1985.

Digital Library

[20]

Amos Fiat and Adi Shamir. How to prove yourself: Practical solutions to identification and signature problems. In Advances in Cryptology -- CRYPTO '86, volume 263 of LNCS, pages 186--194. Springer, 1987.

Digital Library

[21]

Warwick Ford and Burton S. Kaliski. Server-assisted generation of a strong secret from a password. In Proceedings of the IEEE 9th International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises, pages 176--180, 2000.

Digital Library

[22]

He Ge and Stephen R. Tate. A direct anonymous attestation scheme for embedded devices. In Proceeding of 10th International Conference on Practice and Theory in Public Key Cryptography, volume 4450 of LNCS, pages 16--30. Springer, 2007.

Digital Library

[23]

Adrian Leung and Chris J. Mitchell. Ninja: Non identity based, privacy preserving authentication for ubiquitous environments. In Proceedings of 9th International Conference on Ubiquitous Computing, volume 4717 of LNCS, pages 73--90. Springer, 2007.

Digital Library

[24]

Microsoft U-Prove Community Technology. U-Prove cryptographic specification version 1.1, 2013.http://www.microsoft.com/u-prove.

[25]

Torben P. Pedersen. Non-interactive and information-theoretic secure verifiable secret sharing. In Advances in Cryptology -- CRYPTO '91, volume 576 of LNCS, pages 129--140. Springer, 1991.

Digital Library

[26]

David Pointcheval and Jacques Stern. Security arguments for digital signatures and blind signatures. Journal of Cryptology, 13(3):361--396, 2000.

Digital Library

[27]

Carsten Rudolph. Covert identity information in direct anonymous attestation (DAA). In Proceedings of the IFIP TC-11 22nd International Information Security Conference (SEC), pages 443--448. Springer, 2007.

[28]

Claus P. Schnorr. Efficient identification and signatures for smart cards. Journal of Cryptology, 4(3):161--174, 1991.

Digital Library

[29]

Ben Smyth, Mark Ryan, and Liqun Chen. Direct anonymous attestation (DAA): Ensuring privacy with corrupt administrators. In Proceedings of 4th European Workshop on Security and Privacy in Ad-hoc and Sensor Networks, volume 4572 of LNCS, pages 218--231. Springer, 2007.

Digital Library

[30]

Trusted Computing Group. TCG TPM specification 1.2, 2003. http://www.trustedcomputinggroup.org.

[31]

Trusted Computing Group. TCG TPM specification 2.0, 2013. http://www.trustedcomputinggroup.org/resources/trusted_platform_module_specifications_in_public_review.

[32]

David Wooten. Private communications.

Cited By

Wang XMa J(2025)Cloud-Network-End Collaborative Security for Wireless Networks: Architecture, Mechanisms, and ApplicationsTsinghua Science and Technology10.26599/TST.2023.901015830:1(18-33)Online publication date: Feb-2025
https://doi.org/10.26599/TST.2023.9010158
Dushku EGiannetsos TDragoni N(2025)Direct Anonymous AttestationEncyclopedia of Cryptography, Security and Privacy10.1007/978-3-030-71522-9_1742(674-678)Online publication date: 8-Jan-2025
https://doi.org/10.1007/978-3-030-71522-9_1742
Schermann RBussa SUrian RToegl RSteger C(2024)PAKA: Pseudonymous Authenticated Key Agreement without bilinear cryptographyProceedings of the 19th International Conference on Availability, Reliability and Security10.1145/3664476.3669925(1-10)Online publication date: 30-Jul-2024
https://dl.acm.org/doi/10.1145/3664476.3669925
Show More Cited By

Index Terms

Flexible and scalable digital signatures in TPM 2.0
1. Security and privacy
2. Social and professional topics
  1. Computing / technology policy
    1. Computer crime

Recommendations

Security Arguments for Digital Signatures and Blind Signatures

Since the appearance of public-key cryptography in the seminal Diffie--Hellman paper, many new schemes have been proposed and many have been broken. Thus, the simple fact that a cryptographic algorithm withstands cryptanalytic attacks for several years ...
Transitive signatures: new schemes and proofs

We present novel realizations of the transitive signature primitive introduced by Micali and Rivest, enlarging the set of assumptions on which this primitive can be based, and also providing performance improvements over existing schemes. More ...
Designated confirmer signatures with unified verification
IMACC'11: Proceedings of the 13th IMA international conference on Cryptography and Coding

After the introduction of designated confirmer signatures (DCS) by Chaum in 1994, considerable researches have been done to build generic schemes from standard digital signatures and construct efficient concrete solutions. In DCS schemes, a signature ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '13: Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security

November 2013

1530 pages

ISBN:9781450324779

DOI:10.1145/2508859

General Chair:
Ahmad-Reza Sadeghi
TU Darmstadt, CASED, Intel ICRI-SC, Germany
,
Program Chairs:
Virgil Gligor
Carnegie Mellon University, USA
,
Moti Yung
Columbia University, USA

Copyright © 2013 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 04 November 2013

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CCS'13

Sponsor:

SIGSAC

CCS'13: 2013 ACM SIGSAC Conference on Computer and Communications Security

November 4 - 8, 2013

Berlin, Germany

Acceptance Rates

CCS '13 Paper Acceptance Rate 105 of 530 submissions, 20%;

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

47
Total Citations
View Citations
1,303
Total Downloads

Downloads (Last 12 months)58
Downloads (Last 6 weeks)8

Reflects downloads up to 20 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Wang XMa J(2025)Cloud-Network-End Collaborative Security for Wireless Networks: Architecture, Mechanisms, and ApplicationsTsinghua Science and Technology10.26599/TST.2023.901015830:1(18-33)Online publication date: Feb-2025
https://doi.org/10.26599/TST.2023.9010158
Dushku EGiannetsos TDragoni N(2025)Direct Anonymous AttestationEncyclopedia of Cryptography, Security and Privacy10.1007/978-3-030-71522-9_1742(674-678)Online publication date: 8-Jan-2025
https://doi.org/10.1007/978-3-030-71522-9_1742
Schermann RBussa SUrian RToegl RSteger C(2024)PAKA: Pseudonymous Authenticated Key Agreement without bilinear cryptographyProceedings of the 19th International Conference on Availability, Reliability and Security10.1145/3664476.3669925(1-10)Online publication date: 30-Jul-2024
https://dl.acm.org/doi/10.1145/3664476.3669925
Yao ZSeyed Talebi SChen MAmiri Sani AAnderson THui PAmiri Sani ANurmi PLiu Y(2023)Minimizing a Smartphone's TCB for Security-Critical Programs with Exclusively-Used, Physically-Isolated, Statically-Partitioned HardwareProceedings of the 21st Annual International Conference on Mobile Systems, Applications and Services10.1145/3581791.3596864(233-246)Online publication date: 18-Jun-2023
https://dl.acm.org/doi/10.1145/3581791.3596864
Fanchang FYadav AKhan AAzam SYadav D(2023)Trusted Computing Data Transaction Scheme based on Blockchain2023 7th International Conference on I-SMAC (IoT in Social, Mobile, Analytics and Cloud) (I-SMAC)10.1109/I-SMAC58438.2023.10290482(276-281)Online publication date: 11-Oct-2023
https://doi.org/10.1109/I-SMAC58438.2023.10290482
Schermann RUrian RSteger C(2023)Integration of the TPM in the AACKA Protocol2023 26th Euromicro Conference on Digital System Design (DSD)10.1109/DSD60849.2023.00097(678-685)Online publication date: 6-Sep-2023
https://doi.org/10.1109/DSD60849.2023.00097
Hwang J(2023)Dynamic Anonymous Credential Systems With Controllable Anonymity and UnlinkabilityIEEE Access10.1109/ACCESS.2023.334361011(142015-142029)Online publication date: 2023
https://doi.org/10.1109/ACCESS.2023.3343610
Chen LEl Kassem NNewton C(2023)How To Bind A TPM’s Attestation Keys With Its Endorsement KeyThe Computer Journal10.1093/comjnl/bxad037Online publication date: 21-Apr-2023
https://doi.org/10.1093/comjnl/bxad037
Chen LDong CEl Kassem NNewton CWang Y(2023)Hash-Based Direct Anonymous AttestationPost-Quantum Cryptography10.1007/978-3-031-40003-2_21(565-600)Online publication date: 10-Aug-2023
https://doi.org/10.1007/978-3-031-40003-2_21
Schermann RUrian RToegl RBock HSteger C(2022)Enabling Anonymous Authenticated Encryption with a Novel Anonymous Authenticated Credential Key Agreement (AACKA)2022 IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)10.1109/TrustCom56396.2022.00093(646-655)Online publication date: Dec-2022
https://doi.org/10.1109/TrustCom56396.2022.00093
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents