This article introduces a definition of privacy for Direct Anonymous Attestation schemes. The definition is expressed as an equivalence property suited to automated reasoning using ProVerif and the practicality of the definition is demonstrated by analysing the RSA-based Direct Anonymous Attestation protocol by Brickell, Camenisch & Chen. The analysis discovers a vulnerability in the RSA-based scheme which can be exploited by a passive adversary and, under weaker assumptions, corrupt administrators. A security fix is identified and the revised protocol is shown to satisfy our definition of privacy.
@article{2012-Direct-Anonymous-Attestation-privacy-definition,
author = "Ben Smyth and Mark D. Ryan and Liqun Chen",
title = "{Formal analysis of privacy in Direct Anonymous Attestation schemes}",
year = "2015",
journal = "Science of Computer Programming",
volume = "111",
number = "2",
doi = "10.1016/j.scico.2015.04.004",
}