Formal Analysis and Applications of Direct Anonymous Attestation

Slides:

Advertisements

Similar presentations

ACHIEVING NETWORK LEVEL PRIVACY IN WIRELESS SENSOR NETWORKS.

Advertisements

Wenmao Liu Harbin Institute of Technology China. Outline ITS & VANETs Security Issues and Solutions An autonomous architecture Conclusion.

Potential Smart Grid standardisation work in ETSI Security and privacy aspects Carmine Rizzo on behalf of Scott CADZOW, C3L © ETSI All rights reserved.

Trusted Ring: A Security Enhancing Software Architecture Michael DiRossi, Inventor The Johns Hopkins University Applied Physics Laboratory.

Claudia Diaz, Hannelore Dekeyser, Markulf Kohlweiss, Girma Nigusse K.U.Leuven IDIS Workshop 29/05/2008 [Work done in the context of the ADAPID project]

Analysis of Direct Anonymous Attestation (DAA) Sudip Regmi Ilya Pirkin.

The Attestation Mechanism in Trusted Computing. A Simple Remote Attestation Protocol Platform TPM Verifier Application A generates PK A & SK A 2) computes.

Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.

1 Minimal TCB Code Execution Jonathan McCune, Bryan Parno, Adrian Perrig, Michael Reiter, and Arvind Seshadri Carnegie Mellon University May 22, 2007.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

Ragib Hasan Johns Hopkins University en Spring 2010 Lecture 5 03/08/2010 Security and Privacy in Cloud Computing.

Trusted Computing Initiative Beyond trustworthy. Trusted Computing  Five Key Concepts >Endorsement Key >Secure Input and Output >Memory Curtain / Protected.

Trusted Computing Platform Alliance – Introduction and Technical Overview – Joe Pato HP Labs MIT 6.805/ October 2002.

outline Purpose Design Implementation Market Conclusion presentation Outline.

Applied Cryptography for Network Security

APPLAUS: A Privacy-Preserving Location Proof Updating System for Location-based Services Zhichao Zhu and Guohong Cao Department of Computer Science and.

Cloud Usability Framework

Chapter 10: Authentication Guide to Computer Network Security.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Best Practices in Deploying a PKI Solution BIEN Nguyen Thanh Product Consultant – M.Tech Vietnam

Who am I? Mats Ohlin Swedish Defence Materiel Administration (FMV) IT Security area –International Standardisation: ISO/IEC JTC 1/SC 27/WG 3 (Security.

Secure Electronic Transaction (SET)

Privacy Issues in Vehicular Ad Hoc Networks.

Trusted Computing Platform Alliance

Anual Workshop February 5th, Anonymous yet reliable ePoll application Italo Dacosta SecAnon-DistriNet.

Csci5233 Computer Security1 Bishop: Chapter 14 Representing Identity.

Network Security Lecture 26 Presented by: Dr. Munam Ali Shah.

1 NEW GENERATION SECURE COMPUTING BASE. 2 INTRODUCTION  Next Generation Secure Computing Base,formerly known as Palladium.  The aim for palladium is.

Risks of data manipulation and theft Gateway Average route travelled by an sent via the Internet from A to B Washington DC A's provider Paris A.

Protecting Sensitive Labels in Social Network Data Anonymization.

ANNA UNIVERSITY, CHENNAI PROJECT VIVA FINAL YEAR MCA( ) 04/07/2013.

A Security Architecture Concept for Vehicular Network Nodes 蔡嘉翔許閔傑.

Cosc 4765 Trusted Platform Module. What is TPM The TPM hardware along with its supporting software and firmware provides the platform root of trust. –It.

Survey on Privacy-Related Technologies Presented by Richard Lin Zhou.

Scalable Distributed Service Integrity Attestation for Software-as-a-Service Clouds.

出處 :2010 2nd International Conference on Signal Processing Systems (ICSPS) 作者 :Zhidong Shen 、 Qiang Tong 演講者 : 碩研資管一甲吳俊逸.

. 1. Computer Security Concepts 2. The OSI Security Architecture 3. Security Attacks 4. Security Services 5. Security Mechanisms 6. A Model for Network.

SANDRA GUASCH CASTELLÓ PHD EVOTING WORKSHOP LUXEMBOURG, 15-16/10/2012 SUPERVISOR: PAZ MORILLO BOSCH Verifiable Mixnets.

An Introduction to Trusted Platform Technology Siani Pearson Hewlett Packard Laboratories, UK

WISTP’08 ©LAM /05/2008 A Self-Certified and Sybil-Free Framework for Secure Digital Identity Domain Buildup Christer Andersson Markulf Kohlweiss.

0 Penn State, NSRC Industry Day, Trent Jaeger – Past Projects and Results Linux Security –Aim to Build Measurable, High Integrity Linux Systems.

The FIDO Approach to Privacy Hannes Tschofenig, ARM Limited 1.

Privacy Preserving Payments in Credit Networks By: Moreno-Sanchez et al from Saarland University Presented By: Cody Watson Some Slides Borrowed From NDSS’15.

m-Privacy for Collaborative Data Publishing

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Privacy-Enhanced Web Service Composition. Abstract Data as a Service (DaaS) builds on service-oriented technologies to enable fast access to data resources.

Mona: Secure Multi-Owner Data Sharing for Dynamic Groups in the Cloud.

VANETs. Agenda System Model → What is VANETs? → Why VANETs? Threats Proposed Protocol → AOSA → SPCP → PARROTS Evaluation → Entropy → Anonymity Set → Tracking.

Csci5233 Computer Security1 Bishop: Chapter 14 Representing Identity.

Manu Drijvers, Joint work with Jan Camenisch, Anja Lehmann. March 9 th, 2016 Universally Composable Direct Anonymous Attestation.

T Special Course in OS Security (Dan Forsberg) – Two possible steps from integrity-based remote attestation to the next level Property.

29/Jul/2009 Young Hoon Park.  M.Bellare, D.Micciancio, B.Warinschi, Foundations of Group Signatures: Formal Definitions, Simplified Requirements, and.

Computer Security module October 2008 Mark D. Ryan HP Labs, Bristol University of Birmingham Trusted Platform Module (TPM) introduction.

Computer Security module October 2009 Mark D. Ryan University of Birmingham Trusted Platform Module (TPM) introduction.

Information Security, Theory and Practice.

Intrusion Tolerant Architectures

Signing transactions anonymously with Identity Mixer in Hyperledger

Anonymity, Unlinkability, Undetectability, Unobservability, Pseudonymity and Identity Management – A Consolidated Proposal for Terminology Authors: Andreas.

PLUG-N-HARVEST ID: H2020-EU

MSc Thesis: Mohammad Khodaei Supervisor: Prof. Panos Papadimitratos

Cloud Security 李芮，蒋希坤，崔男 2018年4月.

Re(AC)t Reputation and Anonymous Credentials for Access Control (t=2)

Formal Analysis of V2X Revocation Protocols

Cryptography and Network Security

Presentation transcript:

Formal Analysis and Applications of Direct Anonymous Attestation 14th November 2018 RISE Annual Conference Jorden Whitefield sudo_jorden j.whitefield@surrey.ac.uk

Intelligent Transportation Systems: Security & Privacy Challenges Protect the users from the System (i.e., privacy) Anonymity (conditional) Pseudonymity Unlinkability Unobservability Protect System from the Users Authentication & Authorisation Accountability Data Trustworthiness Contradictory position between users and infrastructure Image source: “Trustworthy People-Centric Sensing: Privacy, Security and User Incentives Road-Map” #universityofsurrey

Direct Anonymous Attestation Anonymous Digital Signature scheme Strong but privacy-preserving authentication Hardware-backed attestation using Trusted Platform Modules (TPM) Properties of DAA: Correctness Valid signatures only producible by honest platforms, and are verifiable and linkable where specified. User-controlled Anonymity Identity of a user cannot be revealed from signature. User-controlled Traceability Host controls whether signatures can be linked. Standardised in ISO/IEC 20008 2013 #uniofsurrey

Vehicular Pseudonym System - VPKI #universityofsurrey

Vehicular DAA Pseudonym System “Privacy-Enhanced Capabilities for VANETS Using Direct Anonymous Attestation.” In 2017 IEEE Vehicular Networking Conference, VNC 2017 #universityofsurrey

EPSRC UK Funded Project Demonstrate the applicability of our DAA V2X architecture Project in collaboration with Thales UK Thales eSecurity Pervasive Intelligence Nexcom VTC 6200 Intel Atom D510 Dual Core 1.6GHz 2GB RAM #universityofsurrey

ETSI Standards 100 to 150 message per second Preliminary Results CREATE: 10 ms SIGN: 84 ms VERIFY: 510 ms Implementation details HOST: Java TPM: Raspberry Pi Model B Infineon development TPM C with IBM TSS ISSUER: Java Spring ETSI Standards 100 to 150 message per second #universityofsurrey

Formal Analysis Summary Proofs and Disproofs obtained using the Tamarin Prover https://tamarin-prover.github.io/ Found an attack when the integrity of one TPM is compromised, the security of all TPMs cannot be guaranteed. #universityofsurrey

@sudo_jorden jwhitefield.co.uk