1

DAA (Direct Anonymous Attestation) is not the only scheme to achieve anonymous attestation. In general, these schemes allow an entity to stay anonymous throughout the attestation process. The concern here is not the attestation but key revocation. TPM/FIDO DAA scheme requires to keep a rogue list of compromised private keys to make revocation possible. But the assumption of compromised device will have its private key leaked publicly is naïve. In fact in many scenarios, a hacker may not reveal a compromised key. Such key can be used for attack such as denial of service attack etc... Since device identity is anonymous to service provider, there is no way for service provider to differentiate an attacker from genuine user.

What making it worse is having the private key stored/protected using hardware key store or HSM (Hardware Security Module). A hacker may have the knowledge to hack and extract the private key from a HSM using zero-day vulnerability. Since private key is designed not to output private key in plain. Therefore, even if a user acknowledge his device is compromised, but there is no way for him to inform the authority since it is not possible to extract the private key as a normal user.

Therefore, DAA sound like a wonderful technology but is not commercially viable? Considering the fact that the DAA scheme is already introduced in FIDO specification. I'm curious to find out why is this scheme accepted in FIDO with the aforementioned weakness. Maybe I missed something and someone can answer it

Consy
  • 111
  • 3
  • I'm not sure that asking if something is commercially viable can be answered objectively at security. Making market predictions is tricky even if that was on topic here. Note that this is a repost from the crypto site, but with indication that it was reposted here. – Maarten Bodewes Nov 03 '19 at 00:33
  • I'm not sure what you are asking. The focus of this question seems to be about a specific technology only and not about some real-world problem. But commercial products are usually not about implementing technologies but instead about solving real-world problems. The technology is only a method to achieve a goal and not the goal itself. So it might simply be that there is currently no real-world use case for this kind of technology at all or that existing real-world problems can already be tackled in other ways and don't need DAA. – Steffen Ullrich Nov 03 '19 at 06:49
  • @SteffenUllrich The real-world problem is to enable anonymous attestation with ability to perform revocation of rogue users. Considering the fact that the DAA scheme is already introduced in FIDO specification. I'm curious to find out why is this scheme accepted in FIDO/TPM with the aforementioned weakness. Maybe I missed something and someone can answer it – Consy Nov 03 '19 at 12:03
  • 1
    @Consy: it is not uncommon at all that specification are done without any commercial implementations being available first. In fact, this is likely the usual case with specification which are not created by a single vendor. Often there is only some proof of concept code. – Steffen Ullrich Nov 03 '19 at 12:42

0 Answers0