Based on delegation of trusted relationship, a ross-domain direct anonymous attestation scheme for wireless mobile networks is proposed. A proxy signature is used for delegation among domains, and the direct anonymous attestation (DAA) method is used for mobile terminal authentication when a terminal roaming to another domain. The remote attestation system is security-enhanced by a key agreement. The authentication protocol is analyzed in Canetti-Krawczyk (CK) model, and the results show that the protocol is secure. Further analysis shows that this proposal can resist reply attacks and platform masquerade attacks; the scheme is effective and suitable for the mobile trusted computing platforms.%基于信任委托的思想,提出一种移动环境下的跨可信域的直接匿名(direct anonymous attestation,简称DAA)证明方案,采用代理签名技术和直接匿名证明方法,实现对移动终端在多可信域之间漫游时的可信计算平台认证,并在认证过程中协商会话密钥,增强了远程证明体系的安全性.利用Canetti-Krawczyk(CK)模型对方案的认证协议的认证安全性和匿名安全性进行了形式化分析和证明.分析表明,该方案能够抵抗平台伪装攻击和重放攻击,其性能适用于无线网络环境.
展开▼