Skip to main content
Log in

An efficient anonymous remote attestation scheme for trusted computing based on improved CPK

  • Published:
Electronic Commerce Research Aims and scope Submit manuscript

Abstract

The platform remote attestation (RA) is one of the main features of trusted computing platform proposed by the trusted computing group (TCG). The privacy certificate authority (CA) solution of RA requires users to pay for multiple certificates, and the direct anonymous attestation (DAA) solution leads to inefficiency. TCG RA also suffers from limitations of platform configuration privacy. This paper proposed a RA scheme based on an improved combined public key cryptography (ICPK) (abbreviated to RA-ICPK). RA-ICPK is a certificate-less scheme without using public key infrastructure CA signature or DAA signature, which combines commitment scheme, zero-knowledge proof and ring signature (RS) to own the property of unforgeability and privacy. RA-ICPK is mainly based on elliptic curve cryptography without bilinear pair computing, and only carries out zero-knowledge proof one time. RA-ICPK need not depend on trusted third parties to check trusted platform modules identity and integrity values revocations.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Al-Riyami, S.S., Paterson, K.G.: Certificateless public key cryptography. In: Laih, C.S. (ed.) Lecture notes in computer science (LNCS). ASIACRYPT 2003, vol. 2894, pp. 452–473. Springer, Berlin (2003)

    Google Scholar 

  2. Antoniou, G., Batten, L.: E-commerce: Protecting purchaser privacy to enforce trust. Electronic Commerce Research 11(4), 421–456 (2011)

    Article  Google Scholar 

  3. Bender, A., Katz, J., Morselli, R.: Ring signatures: Stronger definitions, and constructions without random oracles. In: Halevi, S., Rabin, T. (eds.) Lecture notes in computer science (LNCS). The third theory of cryptography conference (TCC 2006), New York, USA, vol. 3876, pp. 60–79. Springer, Berlin (2006)

    Google Scholar 

  4. Brickell, E., Camenisch, J., & Chen, L. (2004). Direct anonymous attestation. In Proceedings of the 11th ACM conference on computer and communications security (CCS ’04) (pp. 132-145). New York: ACM Press

  5. Chen, X., & Feng, D., : Direct anonymous attestation based on bilinear maps. Journal of Software 21(8), 2070–2078 (2010)

    Article  Google Scholar 

  6. Chen, L., Landfermann, R., & Löhr, H. (2006). A protocol for property-based attestation. In Proceedings of the 1st ACM workshop on scalable trusted computing, Nova Scotia, Canada (pp. 7-16). New York: ACM Press

  7. Chen, L., Löhr, H., Manulis, M., et al. (2008). Property-based attestation without a trusted third party. In T. Wu, C. Lei, V. Rijmen, et al. (Eds.), Lecture notes in computer science (LNCS): Vol. 5222. The 11th international conference on information security (ISC ’08, pp. 31-46). Berlin: Springer

  8. Chinese Bureau of Cryptography Administration: Functionality and interface specification of cryptographic support platform for trusted computing (in Chinese). (2007). Retrieved August 23, 2012, from http://www.oscca.gov.cn/UpFile/File64.PDF

  9. Chinese Bureau of Cryptography Administration. (2010a, December). SM3 cryptographic hash algorithm (in Chinese). Retrieved October 10, 2012, from http://www.oscca.gov.cn/UpFile/20101222141857786

  10. Chinese Bureau of Cryptography Administration. (2010b, December). State public key cryptographic algorithm SM2 based on elliptic curves (in Chinese). Retrieved August 23, 2012, from http://www.oscca.gov.cn/UpFile/2010122214822692

  11. Chung, Y.F., Wu, Z.Y., Chen, T.S.: Ring signature scheme for ECC-based anonymous signcryption. Computer Standards and Interfaces 31, 669–674 (2009)

    Article  Google Scholar 

  12. Feng, D., Qin, Y.: A property-based attestation protocol for TCM. SCIENCE CHINA Information Sciences 53(3), 454–464 (2010)

    Article  Google Scholar 

  13. Isaac, J.T., Zeadally, S., Cámara, J.S.: A lightweight secure mobile Payment protocol for vehicular ad-hoc networks (VANETs). Electronic Commerce Research 12(1), 97–123 (2012)

    Article  Google Scholar 

  14. Kambourakis, G., Gritzalts, S., Park, J.H.: Device authentication in wireless and pervasive environments. Intelligent Automation and Soft Computing 16(3), 399–418 (2010)

    Article  Google Scholar 

  15. Koukopoulos, D.,& Styliaras, G., : Design of trustworthy smartphone-based multimedia services in cultural environments. Electronic Commerce Research 13(2), 129–150 (2013)

    Article  Google Scholar 

  16. Liu, J., Zhao, J., Zhao, Y.: Study of remote automated anonymous attestation in trusted computing. Chinese Journal of Computers 32(7), 1304–1310 (2009)

    Article  Google Scholar 

  17. Morid, M.A., Shajari, M.: An enhanced e-commerce trust model for community based centralized systems. Electronic Commerce Research 12(4), 409–427 (2012)

    Article  Google Scholar 

  18. Nan, X., Chen, Z.: A profile to network security techniques. National Defense Industry Press, Beijing (2003). (in Chinese)

    Google Scholar 

  19. Pedersen, T. P. (1991). Non-interactive and information-theoretic secure verifiable secret sharing. In J. Feigenbaum (Ed.), Lecture notes in computer science (LNCS): Vol. 576. The annual international cryptology conference: Advances in cryptology (CRYPTO 1991, pp. 129-140). Berlin: Springer

  20. Poritz, J., Schunter,M., Herreweghen, E. V., et al. (2004). Property attestation-Scalable and privacyfriendly security assessment of peer computers. IBM Research Report RZ3548 (pp. 223-238)

  21. Rivest, R.L., Shamir, A., Tauman, Y.: How to leak a secret. In: Boyd, C. (ed.) Lecture notes in computer science (LNCS). ASIACRYPT 2001, vol. 2248, pp. 552–565. Springer, Berlin (2001)

    Google Scholar 

  22. Rong, K., Li, Y.: A optimized scheme of the CPK seed matrix. Journal of Computer Engineering and Applications 42(24), 120–121 (2006). (in Chinese)

    Google Scholar 

  23. Sadeghi, A., & Stüble, C. (2004). Property-based attestation for computing platforms: Caring about properties, not mechanisms. In Proceedings of the 2004 workshop on new security paradigms (NSPW '04), Nova Scotia, Canada (pp. 67-77). New York: ACM Press

  24. Schmidt, A.U., Leicher, A., Brett, A., et al.: Tree-formed verification data for trusted platforms. Computers and Security 32, 19–35 (2013)

    Article  Google Scholar 

  25. Trusted Computing Group, TCG. (2007, August). TCG specification architecture overview specification revision 1.4. Retrieved August 6, 2012, from http://www.trustedcomputinggroup.org/files/resource_files/AC652DE1-1D09-3519-ADA026A0C05CFAC2/TCG_1_4_Architecture_Overview.

  26. Trusted Computing Group, TCG. (2010a, April). TCG mobile abstraction layer specification version 1.0 revision 2.03 Retrieved June 7, 2013, from http://www.trustedcomputinggroup.org/files/static_page_files/3D9503D5-1A4B-B294-D02404634C7AFEA0/tcg-mtm-mobile-abstraction-layer-1.0r2.03 .

  27. Trusted Computing Group, TCG. (2010b, April). TCG mobile trusted module specification version 1.0 revision 7.02 Retrieved June 7, 2013, from http://www.trustedcomputinggroup.org/files/static_page_files/3D843B67-1A4B-B294-D0B5B407C36F4B1D/Revision_7.02-_29April2010-tcg-mobile-trusted-module-1.0.

  28. Trusted Computing Group, TCG. (2011, March). TPM main part 1 design principles specification level 2 version 1.2, revision 116 Retrieved August 6, 2012, from http://www.trustedcomputinggroup.org/files/static_page_files/72C26AB5-1A4B-B294-D002BC0B8C062FF6/TPM%20Main-Part%201%20Design%20Principles_v1.2_rev116_01032011.

  29. Xing H. (2009). Research and applications of the key technologies of combined public key. Master Thesis, Engineering Master Dissertation of National University of Defense Technology (in Chinese)

  30. Yu, F., Li, T., Lin, Y., et al. (2011). Hierarchical-CPK-based trusted computing cryptography scheme. In J. M. Alcaraz Calero, L. T. Yang, F. G. Mármol, et al. (Eds.), Lecture notes in computer science (LNCS): Vol. 6906. The 8th international conference on autonomic and trusted computing (ATC 2011), Banff, Canada, (pp. 149–163). Berlin: Springer.

  31. Zarmpou, T., Saprikis, V., Markos, A., et al.: Modeling users' acceptance of mobile services. Electronic Commerce Research 12(2), 225–248 (2012)

    Article  Google Scholar 

Download references

Acknowledgments

This work was supported by the National Natural Science Foundation of China under Grant No. 61103220. This work was partially supported by Chinese National Programs for Fundamental Research and Development (973 Program) under Grant No. 2014CB340600 and the National Natural Science Foundation of China under Grant Nos.: 61272451, 91118003, 61170022, 61202387. The authors are grateful to the anonymous referees, whose comments and suggestions helped to improve the article’s structure and contents.

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Chen Jing.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Fajiang, Y., Jing, C., Yang, X. et al. An efficient anonymous remote attestation scheme for trusted computing based on improved CPK. Electron Commer Res 19, 689–718 (2019). https://doi.org/10.1007/s10660-019-09366-3

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10660-019-09366-3

Keywords

Mathematics Subject Classification

Navigation