Projects per year
Abstract
This article introduces a definition of privacy for Direct Anonymous Attestation schemes. The definition is expressed as an equivalence property which is suited to automated reasoning using Blanchet's ProVerif. The practicality of the definition is demonstrated by analysing the RSA-based Direct Anonymous Attestation protocol by Brickell, Camenisch & Chen. The analysis discovers a vulnerability in the RSA-based scheme which can be exploited by a passive adversary and, under weaker assumptions, corrupt issuers and verifiers. A security fix is identified and the revised protocol is shown to satisfy our definition of privacy.
Original language | English |
---|---|
Pages (from-to) | 300-317 |
Journal | Science of Computer Programming |
Volume | 111 |
Issue number | 2 |
Early online date | 27 Apr 2015 |
DOIs | |
Publication status | Published - 1 Nov 2015 |
Keywords
- Accountability
- Applied pi calculus
- Direct Anonymous Attestation
- Privacy
- Trusted computing
Projects
- 2 Finished
-
Leadership Fellowships 2009 : Analysing Security and Privacy Properties
Engineering & Physical Science Research Council
1/04/10 → 30/09/15
Project: Research Councils
-
Verifying Interoperability requirements in Pervasive Systems
Engineering & Physical Science Research Council
8/10/08 → 7/03/13
Project: Research Councils