Dr Nada El Kassem

A trusted platform module is identified by its endorsement key, while it uses an attestation key to provide attestation services, for example, signing a set of platform configuration registers, providing a timestamp or certifying another of its keys. This paper addresses the problem of how a certificate authority binds the endorsement and attestation keys together. This is necessary for the authority to be able to reliably certify the attestation key. This key binding also enables the authority to revoke the attestation key should the endorsement key be compromised. We study all of the existing solutions and show that they either do not solve the problem or cannot be implemented with a real trusted platform module (or both). We propose a new solution which addresses this problem. We develop a security model for our solution and provide a rigorous security proof under this model. We have also implemented the solution using a real trusted platform module, and our implementation results show that this solution is feasible and efficient.

The elliptic curve-based Enhanced Privacy ID (EPID) signature scheme is broadly used for hardware enclave attestation by many platforms that implement Intel Software Guard Extensions (SGX) and other devices. This scheme has also been included in the Trusted Platform Module (TPM) specifications and ISO/IEC standards. However, it is insecure against quantum attackers. While research into quantum-resistant EPID has resulted in several lattice-based schemes, Boneh et al. have initiated the study of EPID signature schemes built only from symmetric primitives. We observe that for this line of research, there is still room for improvement. In this paper, we propose a new hash-based EPID scheme, which includes a novel and efficient signature revocation scheme. In addition, our scheme can handle a large group size (up to 260 group members), which meets the requirements of rapidly developing hardware enclave attestation applications. The security of our scheme is proved under the Universal Composability (UC) model. Finally, we have implemented our EPID scheme, which, to our best knowledge, is the first implementation of EPID from symmetric primitives.

Direct Anonymous Attestation (DAA) was designed for the Trusted Platform Module (TPM) and versions using RSA and elliptic curve cryptography have been included in the TPM specifications and in ISO/IEC standards. These standardised DAA schemes have their security based on the factoring or discrete logarithm problems and are therefore insecure against quantum attackers. Research into quantum-resistant DAA has resulted in several lattice-based schemes. Now in this paper, we propose the first post-quantum DAA scheme from symmetric primitives. We make use of a hash-based signature scheme, which is a slight modification of SPHINCS+, as a DAA credential. A DAA signature, proving the possession of such a credential, is a multiparty computation-based non-interactive zero-knowledge proof. The security of our scheme is proved under the Universal Composability (UC) model. While maintaining all the security properties required for a DAA scheme, we try to make the TPM’s workload as low as possible. Our DAA scheme can handle a large group size (up to \documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$2^{60}$$\end{document} group members), which meets the requirements of rapidly developing TPM applications.

The Cloud-Edges (CE) framework, wherein small groups of Internet of Things (loT) devices are serviced by local edge devices, enables a more scalable solution to loT networks. The trustworthiness of the network may be ensured with Trusted Platform Modules (TPMs). This small hardware chip is capable of measuring and reporting a representation of the state of an loT device. When connecting to a network, the loT platform might have its state signed by the TPM in an anonymous way to prove both its genuineness and secure state through the Direct Anonymous Attestation (DAA) protocol. Currently standardised DAA schemes have their security supported on the factoring and discrete logarithm problems. Should a quantum-computer become available in the next few decades, these schemes will be broken. There is therefore a need to start developing a post-quantum DAA protocol. This paper presents a Lattice-based DAA (LDAA) scheme to meet this requirement. The security of this scheme is proved in the Universally Composable (UC) security model under the hardness assumptions of the Ring Inhomogeneous Short Integer Solution (Ring-ISIS) and Ring Learning With Errors (Ring-LWE) problems. Compared to the only other DAA scheme with conjectured post-quantum security available in related art, the storage requirements of the TPM are reduced twofold and the signature sizes 5 times. Moreover, experimental results show that the signing and verification operations are accelerated 1.1 and 2.0 times, respectively. (C) 2019 Elsevier B.V. All rights reserved.

Currently standardized Direct Anonymous Attestation (DAA) schemes have their security based on the factoring and the discrete logarithm problems, and are therefore insecure against quantum attackers. This paper presents a quantum-safe lattice-based Direct Anonymous Attestation protocol that can be suitable for inclusion in a future quantum-resistant TPM. The security of our proposed scheme is proved in the Universal Composability (UC) model under the assumed hardness of the Ring-SIS, Ring-LWE, and NTRU problems. The signature size of our proposed DAA scheme is around 2MB, which is (at least) two orders of magnitude smaller compared to existing post-quantum DAA schemes.