Anonymous credential systems provide privacy-preserving authentication solutions for accessing services and resources. In these systems, copying and sharing credentials can be a serious issue. As this cannot be prevented in software alone, these problems form a major obstacle for the use of fully anonymous authentication systems in practice. In this paper, we propose a solution for anonymous authentication that is based on a hardware security module to prevent sharing of credentials. Our protocols are based on the standard protocols Transport Layer Security (TLS) and Direct Anonymous Attestation (DAA). We present a detailed description and a reference implementation of our approach based on a Trusted Platform Module (TPM) as hardware security module. Moreover, we discuss drawbacks and alternatives, and provide a pure software implementation to compare with our TPM-based approach.

Anonymous authentication with TLS and DAA / Cesena, Emanuele; Loehr, H.; Ramunno, Gianluca; Sadeghi, A. R.; Vernizzi, Davide. - STAMPA. - 6101:(2010), pp. 47-62. (Intervento presentato al convegno Third International Conference, TRUST 2010 tenutosi a Berlin (Germany) nel June 21-23, 2010) [10.1007/978-3-642-13869-0_4].

Anonymous authentication with TLS and DAA

CESENA, EMANUELE;RAMUNNO, GIANLUCA;VERNIZZI, DAVIDE
2010

Abstract

Anonymous credential systems provide privacy-preserving authentication solutions for accessing services and resources. In these systems, copying and sharing credentials can be a serious issue. As this cannot be prevented in software alone, these problems form a major obstacle for the use of fully anonymous authentication systems in practice. In this paper, we propose a solution for anonymous authentication that is based on a hardware security module to prevent sharing of credentials. Our protocols are based on the standard protocols Transport Layer Security (TLS) and Direct Anonymous Attestation (DAA). We present a detailed description and a reference implementation of our approach based on a Trusted Platform Module (TPM) as hardware security module. Moreover, we discuss drawbacks and alternatives, and provide a pure software implementation to compare with our TPM-based approach.
2010
9783642138683
File in questo prodotto:
Non ci sono file associati a questo prodotto.
Pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11583/2318168
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo