ISSN 1000-1239 CN 11-1777/TP

• Paper • Previous Articles     Next Articles

An Efficient Property-Based Attestation Scheme with Flexible Checking Mechanisms of Property Certificate Status

Zhou Fucai1, Yue Xiaohan2, Bai Hongbo3, and Xu Jian1   

  1. 1(College of Software, Northeastern University, Shenyang 110819) 2(College of Information Science and Engineering, Shenyang University of Technology, Shenyang 110870) 3(College of Information Science and Engineering, Northeastern University, Shenyang 110819)
  • Online:2013-10-15

Abstract: Remote binary attestation scheme of the trusted computing platform guarantees the integrity and hence the trustworthiness of the platform can be demonstrated to remote parties. However, as pointed out recently, the binary attestation has some shortcomings, particularly in applications. The major problem of the binary attestation is that it reveals the information about the configuration of a platform (hardware and software) or applications, which may lead to privacy issues, such as discrimination services, anonymity violations, etc. In order to solve the problems of platform configuration information leakage caused by the traditional binary attestation in the trusted computing environment, we propose a new privacy-preserving property-based attestation (PBA) scheme, which has flexible checking mechanisms of property certificate status, low computational cost and provable security in the random oracle model. By making use of the ideas of the verifier-local revocation and tracing signatures in the group signature, we present new certificate checking mechanisms, which include offline checking mechanism and online checking mechanism. Moreover, we design the model of the scheme, define the security model of the scheme, give concrete construction of the scheme in detail, and formally prove the security of this scheme in the random oracle model. We prove that this scheme satisfies the correctness, attestation unforgeability and configuration privacy. Finally, compared with other existing PBA schemes, the proposed PBA is more practical and efficient in both the computational cost and attestation length.

Key words: trusted computing, property-based attestation (PBA), verifier-local revocation, attestation unforgeability, configuration privacy