Anonymous attestations made practical

Amira Barki, Nicolas Desmoulins, Saïd Gharout, Jacques Traoré

Abstract

Direct Anonymous Attestation (DAA) is a privacy preserving authentication protocol initially designed for Trusted Platform Modules (TPMs). This cryptographic protocol, and some of its extensions such as Intel's Enhanced Privacy ID (EPID), have been widely deployed in millions of chips. Usually part of the attestation computation is delegated to the host (in most cases, either a PC or a smartphone) embedding the TPM, which is generally much more powerful. However, in Machine-to-Machine (M2M) and Internet of Things (IoT) use cases, the host may be as resource constrained as the TPM. Furthermore, any malware residing in the host may enable the tracking of the TPM owner. In this paper, we propose an efficient DAA scheme, defined on elliptic curves, that involves bilinear pairings computations only on the verifier's side. Consequently, all computations on the platform side required to verify the validity of a group signing key or to generate a DAA can be, contrarily to previous solutions, entirely carried out by a resource constrained TPM. Our DAA scheme, which is more efficient than all existing DAA schemes, is formally proven secure under a variant of the LRSW assumption and can be extended to support private key and signature based revocations as well as group signing keys with attributes. As it is suitable for resource constrained environments such as SIM cards, our DAA scheme can be of particular interest for M2M applications involving a SIM card. More precisely, we show how to design a privacy-preserving authentication protocol for embedded SIMs (eSIM) so as to cope with a real issue that has arisen at GSM Association (GSMA). By implementing our DAA scheme on a Global Platform compliant SIM card, we show its efficiency and suitability for real-world use cases. Actually, a TPM can be anonymously authenticated in only 169 ms.