D03c.12 OpenSSL engine/DAA enhancement source code and documentation

Deliverable Open_T

D03c.6 OpenSSL engine/DAA enhancement design specification

Deliverable Open_T

Anonymous authentication with TLS and DAA

Anonymous credential systems provide privacy-preserving authentication solutions for accessing services and resources. In these systems, copying and sharing credentials can be a serious issue. As this cannot be prevented in software alone, these problems form a major obstacle for the use of fully anonymous authentication systems in practice. In this paper, we propose a solution for anonymous authentication that is based on a hardware security module to prevent sharing of credentials. Our protocols are based on the standard protocols Transport Layer Security (TLS) and Direct Anonymous Attestation (DAA). We present a detailed description and a reference implementation of our approach based on a Trusted Platform Module (TPM) as hardware security module. Moreover, we discuss drawbacks and alternatives, and provide a pure software implementation to compare with our TPM-based approach

The trusted platform agent

The Trusted Platform Agent (TPA) is designed to minimize the effort of writing applications that use Trusted Computing (TC) technology and employ the Trusted Platform Module (TPM). Writing applications for TC requires a TCG software stack (TSS), but there are still a number of tedious and repetitive operations to be carried out. One way to reduce these is by linking an application with the TPA library to avoid the complexity of the TSS interface. This also simplifies tasks in which TC primitives need to be integrated with other commonly needed functions, such as cryptographic or network-related functions. © 2006 IEEE