Title: Enhanced privacy ID from bilinear pairing for hardware authentication and attestation

Authors: Ernie Brickell; Jiangtao Li

Addresses: Intel Architecture Group, Intel Corporation, 2111 NE 25th Ave., Hillsboro, OR 97124, USA. ' Intel Labs, Intel Corporation, 2111 NE 25th Ave., Hillsboro, OR 97124, USA

Abstract: Enhanced privacy ID (EPID) is a cryptographic scheme that enables the remote authentication and attestation of a hardware device while preserving the privacy of the device. EPID can be seen as a direct anonymous attestation scheme with enhanced revocation capabilities. In EPID, a device can be revoked if the private key embedded in the hardware device has been extracted and published widely so that the revocation manager finds the corrupted private key. In addition, the revocation manager can revoke a device based on the signatures the device has created, if the private key of the device is not known. In this paper, we introduce a new security notion of EPID including the formal definitions of anonymity and unforgeability. We also give a construction of an EPID scheme from bilinear pairing. Our EPID scheme is efficient and provably secure in the random oracle model under the strong Diffie-Hellman assumption and the decisional Diffie-Hellman assumption.

Keywords: hardware authentication; trusted computing; privacy; anonymity; direct anonymous attestation; DAA; cryptographic protocol; group signatures; revocation; trust; trustworthiness; cryptography; remote authentication; security; unforgeability.

DOI: 10.1504/IJIPSI.2011.043729

International Journal of Information Privacy, Security and Integrity, 2011 Vol.1 No.1, pp.3 - 33

Available online: 11 Nov 2011 *

Full-text access for editors Access for subscribers Purchase this article Comment on this article