Di­rect An­ony­mous At­te­sta­ti­on: En­han­cing Cloud Ser­vice User Pri­va­cy

Ul­rich Gre­ve­ler, Den­nis Löhr, Ben­ja­min Jus­tus

Ab­stract

We in­tro­du­ce a pri­va­cy en­han­cing cloud ser­vice ar­chi­tec­tu­re based on the Di­rect An­ony­mous At­te­sta­ti­on (DAA) sche­me. In order to pro­tect user data, the ar­chi­tec­tu­re pro­vi­des cloud users with the abi­li­ties of con­trol­ling the extent of data sharing among their ser­vice ac­counts. A user is then enab­led to link Cloud Ser­vice ap­p­li­ca­ti­ons in such a way, that his/her per­so­nal data are shared only among de­si­gna­ted ap­p­li­ca­ti­ons. The an­ony­mi­ty of the plat­form iden­ti­ty is pre­ser­ved while the in­te­gri­ty of the hard­ware plat­form (re­pre­sen­ted by Trusted Com­pu­ting con­fi­gu­ra­ti­on re­gis­ter va­lues) is pro­ven to the re­mo­te ser­vers. Mo­re­over, the cloud ser­vice pro­vi­der can as­sess user ac­count ac­tivi­ties, which leads to ef­fi­ci­ent se­cu­ri­ty en­force­ment me­a­su­res.

Tags: Cloud Ser­vices, Di­rect An­ony­mous At­te­sta­ti­on, Pri­va­cy En­han­cing, Trusted Ma­nage­ment