Privacy and Attestation Technologies

This proposal aims to investigate two related cryptographic protocols. These protocols not only use similar building blocks, but they also have similar aims. Namely to provide strong security gaurantees re authenticity, whilst at the same time ensuring user privacy.Group signatures were introduced in 1991 by Chaum and van Heyst. Such schemes provide for members of a group to anonymously sign a message on behalf of the whole group. As an example application, they allow an employee of a company to sign a document in such a way that the verifier need only know that is was signed by an employee, but not the particular employee involved. Control of the group membership is provided by a group manager, who can add members to the group, and also reveal the identity of signers in the case of disputes. In some situations these two tasks, adding members and revoking anonymity, are separated into two roles.Direct Anonymous Attestation (DAA) is a mechanism for a remote user to provide a verifier with some assurance, via a signature, that he uses software and/or hardware from a trusted sets of software and/or hardware respectively. In addition, the user is able to control if and when a verifier is able to link two such signatures, i.e. to determine whether or not they were produced by the same platform. The verifier is never able to tell which particular platform produced a given signature or pair of signatures. As such this is a very similar anonymity guarantee to that provided by group signatures, In fact, one can think of group signatures as non-interactive versions of DAA schemes which offer in addition to the guarantees of the later the ability to trace users. The close relation between these primitives is also visible in the techniques used for already proposed DAA and group signature schemes which are again quite similar.To understand the uses and importance of DAA protocols consider the following example. A user wants to send a confidential document from his or her desktop to a shared printer. The user wants to be assured that the printer hardware or software has not been tampered with. In particular, the user wants to be assured that a copy of the confidential document does not get sent from the printer to somewhere else, or stored on the printer. In this particular scenario, the printer can use DAA to provide the desktop of the user with some assurance that it has not been tampered with.

Companies developing security solutions involving protocols will benefit from having better understanding of these two key protocols. The combination of an academic investigating team with the external partners outlined in the main proposal means we have a good chance to produce novel yet highly relevant results. That the cryptographic schemes we will look at have real importance in the future is evidenced by the existing deployments of the DAA protocol in the TPM on on many PC motherboards, and the need for greater privacy enhancing techniques as more transactions are performed on-line. The UK as a whole will benefit by the production and deployment of more secure systems, and the training of new researchers and technologists in the area. Communication and Dissemination: The primary form of written dissemination will be journal and conference publication, and accepted online resources such as the IACR e-print archive. The nature of research in computer security is that timely publication in relevant conferences is just as important as journal publications, and the important conferences such as Eurocrypt, Crypto and ACM CCS, are often as competitive and as prestigious as a leading journal. In addition these conferences sometimes have a sizeable industrial participation compared to normal academic conferences. Hence, we will try and target our publications to these conferences, so as to obtain the greatest impact. Industrial Engagement: UoB has undertaken an initiative to improve the rate and quality of spin-out companies to capitalise on existing and future research and IP. Two such companies, Identum (purchased by Trend Micro in 2008) and XMOS, represent the result of this initiative and in addition to the industrial backers outlined in the main proposal are well placed to act as a means of placing any research results into an industrial context. Prof. Smart was the lead academic behind Identum, which resulted in the commercialisation of academic research within UoB being used to support a new company. Upon it's purchase by Trend Micro the ex-Identum Bristol-based team have now become the worldwide cryptographic centre of expertise for Trend Micro. Prof. Smart has been advising the writers, at both Trend Micro and Voltage, of the soon to be finalised IEEE standard on pairing-based cryptography, both in terms of actual content but also in terms of the technical presentation. With Dr Chen from Hewlett-Packard Laboratories we are starting the process of standardising our DAA protocol based on pairings via the Trusted Computing Group . In this process the TCG will require further security analysis and investigation, which is precisely what this grant proposal aims to provide. Thus, the proposal will not only fund new blue-skies style research, it will also contribute to producing impact of existing recent research which was funded by EPSRC. Human Capital Creation: One of the main goals in our view of projects such as this, is the training of the next generation of researchers, both at the PhD and the PDRA level. We feel it important to take a longer term view of research impact. As a result our view of building human capital, involves undergraduates and using the research to perform outreach activities. The cryptography group at UoB have a long track record of developing human capital, with previous PDRAs having gone on to a wide range of positions, from full Professor's in Universities across Europe, through to working in, both large and small, companies as technical contributors. In addition summer research internships for undergraduates have been used successfully in the past to develop career aspirations in our brightest undergraduates. The main proposal includes a number of mechanisms to increase the impact of the human capital which will be created via the project.