Virtualization makes virtual machines with a wide range of security requirements run simultaneously on the same commodity hardware. Direct Anonymous Attestation (DAA) for virtual machine is a cryptographic mechanism that enables remote attestation of virtual machine instances (VMIs) while preserving privacy under the user's control. However, Trusted Platform Module (TPM) with only limited storage space and communication capability is an indispensable component in remote attestation of multiply VMIs. In this paper, an optimized direct anonymous attestation protocol is proposed based on a hierarchical group signature without random oracles from asymmetric pairing. The analysis result of the proposed protocol shows that cost of TPM is lower than the most efficient CMS-DAA scheme to date, the computational cost of host and verifier are highly reduced. Furthermore, security of the proposed scheme is similar to CMS-DAA.
展开▼
