15:00
Direct Anonymous Attestation (DAA) is a protocol that allows a security chip embedded in a platform such as laptop to authenticate itself as a genuine chip. Different authentications are not linkeable, thus the protocol protects the privacy of the platform. The first DAA protocol was proposed by Brickell, Chen, and Camenisch and was standardized in 2004 by the Trusted Computing Group (TCG). Implementations of this protocols were rather slow because it is based on RSA. Later, alternative and faster protocols were proposed based on elliptic curves. Recently the specification by the TCG was updated to allow for DAA protocols based on elliptic curves. Unfortunately, the new standard does not allow for provably secure DAA protocols. In this talk, we will review some of the history of DAA and then discuss the latest protocols, security models, and finally a provably secure realization of DAA based on elliptic curves.