Presentation is loading. Please wait.

Presentation is loading. Please wait.

Analysis of Direct Anonymous Attestation (DAA) Sudip Regmi Ilya Pirkin.

Similar presentations


Presentation on theme: "Analysis of Direct Anonymous Attestation (DAA) Sudip Regmi Ilya Pirkin."— Presentation transcript:

1 Analysis of Direct Anonymous Attestation (DAA) Sudip Regmi Ilya Pirkin

2 Protocol Diagram (Simple Model) Issuer PKI Verifier Platform – {Commit(f),Ni} 1.Join Request – {Commit(f),Ni} Authenticated by EK, using SPK – {DAA- Certificate(Ni, Commit(f), 2. Join Response – {DAA- Certificate(Ni, Commit(f),PKI)} {basename, nonce} 3. Sign Request {basename, nonce} {m, Signature(m, DAA- Certificate, Nv, nonce}} 4. Sign Response - {m, Signature(m, DAA- Certificate, Nv, nonce}}

3 Security Properties Correctness Correctness The verifier completes the protocol for message m only if: The verifier completes the protocol for message m only if: m was signed by an honest TPM using a DAA-Certificate and verifier’s basename; m was signed by an honest TPM using a DAA-Certificate and verifier’s basename; The DAA-Certificate was issued by an honest Issuer for the TPM before signing message m. The DAA-Certificate was issued by an honest Issuer for the TPM before signing message m. The issuer which the verifier knows is the same as the issuer which generated DAA-Certificate(f) used in the signature The issuer which the verifier knows is the same as the issuer which generated DAA-Certificate(f) used in the signature TPM is not on the rogue list TPM is not on the rogue list

4 Security Properties Anonymity – A transaction of an honest platform cannot be linked with its Endorsement Key (EK). Anonymity – A transaction of an honest platform cannot be linked with its Endorsement Key (EK). Checked by comparing pseudonyms in the sign response and the join request. If they are equal anonymity breaks Checked by comparing pseudonyms in the sign response and the join request. If they are equal anonymity breaks Unlinkability – Transactions of an honest platform with different Verifiers are not linkable. Unlinkability – Transactions of an honest platform with different Verifiers are not linkable. Checked by comparing PKI, pseudonyms in sign responses. Transactions are linkable if: Checked by comparing PKI, pseudonyms in sign responses. Transactions are linkable if: Values are the same if came from the same TPM Values are the same if came from the same TPM Values are different if came from different TPM Values are different if came from different TPM

5 Level of Abstraction Simple Model Simple Model Treats host and TPM as one player – the platform. Ignores any interactions between these two players Treats host and TPM as one player – the platform. Ignores any interactions between these two players Only four messages and three player Only four messages and three player Simple Message Format. Simple Message Format. Full Model Full Model Considers interaction between Host and TPM Considers interaction between Host and TPM Messages reflect actual protocol messages with the exception of the interactive proofs of knowledge Messages reflect actual protocol messages with the exception of the interactive proofs of knowledge

6 Modeling Approach Primitives are secure Primitives are secure Interactive Proof of Knowledge is modeled by limiting Adversary’s capabilities Interactive Proof of Knowledge is modeled by limiting Adversary’s capabilities Can’t replay Join Request Can’t replay Join Request Can’t modify Join Request Can’t modify Join Request

7 Adversary’s Capabilities Modeled Can intercept messages on the network Can intercept messages on the network Checks for use of different PK in DAA-Certificate Checks for use of different PK in DAA-Certificate Checks to see if he can link two transactions (Join Request with Sign Response, Sign Response with another Sign Response) Checks to see if he can link two transactions (Join Request with Sign Response, Sign Response with another Sign Response) Can replay intercepted messages blindly Can replay intercepted messages blindly Replays Sign Response for a seen Sign Request Randomly Replays Sign Response for a seen Sign Request Randomly Constructs a Sign Response in response to a seen Sign Request(Constructs from an earlier Join and Sign Response) Constructs a Sign Response in response to a seen Sign Request(Constructs from an earlier Join and Sign Response) Constructs a Sign Request with the issuer's basename. (The idea is to make the TPM to generate the same pseudonym as in the join protocol) Constructs a Sign Request with the issuer's basename. (The idea is to make the TPM to generate the same pseudonym as in the join protocol)

8 Attacks in Simple Model Issuer Verifier Platform 1. Join Request 2. Join Response 3. Sign Request 4. Sign Response For each new Join Request a new Public Key is Used For each new Join Request a new Public Key is Used Fix – Make sure that same is used in as many as n participant to guarantee n-anonymity Fix – Make sure that same is used in as many as n participant to guarantee n-anonymity Rudolph DAA Attack on Anonymity Rudolph DAA Attack on Anonymity Murphi outputs: Error: intruder linked PKI from the same TPM Murphi outputs: Error: intruder linked PKI from the same TPM

9 Attacks in Simple Model Issuer Intruder Platform Join Request Join Response Sign Request Sign Response Anonymity Attack – Intruder uses Issuer’s basename Anonymity Attack – Intruder uses Issuer’s basename Join Request and Sign Responses have same pseudonym Join Request and Sign Responses have same pseudonym Fix – Include the type of the basename into pseudonym. Fix – Include the type of the basename into pseudonym. Murphi outputs: Error: intruder linked pseudonyms in join and sign requests Murphi outputs: Error: intruder linked pseudonyms in join and sign requests

10 Attacks in Simple Model Issuer Verifier1 Platform Join Request Join Response Sign Request 1 Sign Response 1 Unlinkability Attack – bsn_v1 = bsn_v2 Unlinkability Attack – bsn_v1 = bsn_v2 Sign Response 1 and Sign Response 2 have same basenames Sign Response 1 and Sign Response 2 have same basenames Intruder Sign Response 2 Sign Request 2

11 Issues in Simple Model EK is not verified against a revocation list (Rogue Tagging Feature is not setup correctly) EK is not verified against a revocation list (Rogue Tagging Feature is not setup correctly) Correctness Issue – Intruder forwards Platform1’s Messages to Platform2. Correctness Issue – Intruder forwards Platform1’s Messages to Platform2. Verifier1 Intruder Platform1Platform2 Platform1 and Platform2 are on different networks, each correctly joined their issuers Platform1 and Platform2 are on different networks, each correctly joined their issuers Intruder redirects the sign request to a different network Intruder redirects the sign request to a different network Verifier does not check which network the platform is in Verifier does not check which network the platform is in How far does anonymity extends? How far does anonymity extends?

12 Full model – join protocol

13 Full model – sign protocol

14 Conclusion The protocol is well designed The protocol is well designed Using interactive PK and nonces to ensure freshness and integrity of messages Using interactive PK and nonces to ensure freshness and integrity of messages Hashes cover all possible parameters Hashes cover all possible parameters High level of description makes it difficult to verify corner conditions. High level of description makes it difficult to verify corner conditions. Correctness in anonymous system is different from peer-to-peer. Correctness in anonymous system is different from peer-to-peer. Managed to model known attacks, no new findings Managed to model known attacks, no new findings Cross-site attack should be taken care of by users Cross-site attack should be taken care of by users Too Detailed Model runs out of memory Too Detailed Model runs out of memory


Download ppt "Analysis of Direct Anonymous Attestation (DAA) Sudip Regmi Ilya Pirkin."

Similar presentations


Ads by Google