Improving the security of direct anonymous attestation under host corruptions

Hyoseung Kim, Kwangsu Lee, Jong Hwan Park, Dong Hoon Lee

Research output: Contribution to journalArticlepeer-review


Direct anonymous attestation (DAA) enables a platform including a trusted platform module (TPM) to produce a signature in order to remotely attest that it is in a certified state while preserving its anonymity. A main feature of DAA is that a TPM and a host together act as a signer, where the TPM is less powerful but trustworthy, whereas the host is more powerful but vulnerable to corruptions. Although DAA is standardized and widely implemented in various fields, current security notions for DAA have been defined ambiguously in terms of host corruptions. In this study, we redefine DAA security notions, including static and dynamic host corruptions, and formalize them as concrete security models in a game-based framework. Compared with the recent simulation-based security notions (without subverted TPMs) by Camenisch et al., the proposed notions cover a broader range of realistic attack scenarios for DAA and reach the expected level of security that DAA originally desires. Furthermore, we present a DAA instantiation with the security improvement by demonstrating that a variant of the LRSW–DAA by Camenisch et al. is provably secure in the new game-based security models.

Original languageEnglish
Pages (from-to)475-492
Number of pages18
JournalInternational Journal of Information Security
Issue number4
Publication statusPublished - 2021 Aug


  • Anonymous attestation
  • DAA
  • Host corruption
  • LRSW
  • TPM

ASJC Scopus subject areas

  • Software
  • Information Systems
  • Safety, Risk, Reliability and Quality
  • Computer Networks and Communications


Dive into the research topics of 'Improving the security of direct anonymous attestation under host corruptions'. Together they form a unique fingerprint.

Cite this