Michael Franz Panos Papadimitratos (Eds.) 4 2 Trust and 8 9 S C Trustworthy Computing N L 9th International Conference, TRUST 2016 Vienna, Austria, August 29–30, 2016 Proceedings 123 Lecture Notes in Computer Science 9824 Commenced Publication in 1973 Founding and Former Series Editors: Gerhard Goos, Juris Hartmanis, and Jan van Leeuwen Editorial Board David Hutchison Lancaster University, Lancaster, UK Takeo Kanade Carnegie Mellon University, Pittsburgh, PA, USA Josef Kittler University of Surrey, Guildford, UK Jon M. Kleinberg Cornell University, Ithaca, NY, USA Friedemann Mattern ETH Zurich, Zürich, Switzerland John C. Mitchell Stanford University, Stanford, CA, USA Moni Naor Weizmann Institute of Science, Rehovot, Israel C. Pandu Rangan Indian Institute of Technology, Madras, India Bernhard Steffen TU Dortmund University, Dortmund, Germany Demetri Terzopoulos University of California, Los Angeles, CA, USA Doug Tygar University of California, Berkeley, CA, USA Gerhard Weikum Max Planck Institute for Informatics, Saarbrücken, Germany More information about this series at http://www.springer.com/series/7410 Michael Franz Panos Papadimitratos (Eds.) (cid:129) Trust and Trustworthy Computing 9th International Conference, TRUST 2016 – Vienna, Austria, August 29 30, 2016 Proceedings 123 Editors Michael Franz PanosPapadimitratos University of California KTH RoyalInstitute of Technology Irvine,CA Stockholm USA Sweden ISSN 0302-9743 ISSN 1611-3349 (electronic) Lecture Notesin Computer Science ISBN 978-3-319-45571-6 ISBN978-3-319-45572-3 (eBook) DOI 10.1007/978-3-319-45572-3 LibraryofCongressControlNumber:2016948785 LNCSSublibrary:SL4–SecurityandCryptology ©SpringerInternationalPublishingSwitzerland2016 Thisworkissubjecttocopyright.AllrightsarereservedbythePublisher,whetherthewholeorpartofthe material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission or information storageandretrieval,electronicadaptation,computersoftware,orbysimilarordissimilarmethodologynow knownorhereafterdeveloped. Theuseofgeneraldescriptivenames,registerednames,trademarks,servicemarks,etc.inthispublication doesnotimply,evenintheabsenceofaspecificstatement,thatsuchnamesareexemptfromtherelevant protectivelawsandregulationsandthereforefreeforgeneraluse. Thepublisher,theauthorsandtheeditorsaresafetoassumethattheadviceandinformationinthisbookare believedtobetrueandaccurateatthedateofpublication.Neitherthepublishernortheauthorsortheeditors give a warranty, express or implied, with respect to the material contained herein or for any errors or omissionsthatmayhavebeenmade. Printedonacid-freepaper ThisSpringerimprintispublishedbySpringerNature TheregisteredcompanyisSpringerInternationalPublishingAGSwitzerland Preface Thisvolumecontainstheproceedingsofthe9thInternationalConferenceonTrustand Trustworthy Computing (TRUST), held in Vienna, Austria, on August 29–30, 2016. TRUST 2016 was hosted and organized by SBA Research. Continuingthetraditionofthepreviousconferences,heldinVillach(2008),Oxford (2009), Berlin (2010), Pittsburgh (2011), Vienna (2012), London (2013), and Herak- lion (2014 and 2015), TRUST 2016 provided a unique interdisciplinary forum for researchers, practitioners, and decision makers to explore new ideas and discuss experiences in building, designing, using, and understanding trustworthy computing systems. The conference program of TRUST 2016 shows that research in trust and trust- worthy computing is active, at a high level of competency, and spans a wide range of areas and topics. Topics discussed in this year’s research contributions included anonymous and layered attestation, revocation, captchas, runtime integrity, trust net- works, key migration, and PUFs. We received 25 valid submissions in response to the Call for Papers. All submis- sions were carefully reviewed by at least three Program Committee members or external experts according to the criteria of scientific novelty, importance to the field, andtechnicalquality.Afteranonlinediscussionofallreviews,8paperswereselected for presentation and publication in the conference proceedings. This amounts to an acceptance rate of less than one third. Furthermore, the conference program included keynote presentations by Prof. Virgil Gligor (Carnegie Mellon University, USA) and Prof. Stefan Katzenbeisser (Technische Universität Darmstadt, Germany). WewouldliketoexpressourgratitudetothosepeoplewithoutwhomTRUST2016 wouldnothavebeenthissuccessful,andwhomwementionnowinnoparticularorder: the publicity chairs, Drs. Somayeh Salimi and Moritz Wiese, the members of the Steering Committee, the local Organizing Committee (and especially Yvonne Poul), andthekeynotespeakers.WealsowanttothankallProgramCommitteemembersand their external reviewers; their hard work made sure that the scientific program was of high quality and reflected both the depth and diversity of research in this area. Our special thanks go to all those who submitted papers, and to all those who presented papers at the conference. July 2016 Michael Franz Panos Papadimitratos Organization Steering Committee Alessandro Acquisti Carnegie Mellon University, USA Boris Balacheff Hewlett Packard, UK Paul England Microsoft, USA Andrew Martin University of Oxford, UK Chris Mitchell Royal Holloway, University of London, UK Sean Smith Dartmouth College, USA Ahmad-Reza Sadeghi TU Darmstadt/Fraunhofer SIT, Germany Claire Vishik Intel, UK General Chair Edgar Weippl SBA Research, Austria Technical Program Committee Chairs Michael Franz University of California, Irvine, USA Panos Papadimitratos KTH, Stockholm, Sweden Publicity and Publication Chairs Somayeh Salimi KTH, Stockholm, Sweden Moritz Wiese KTH, Stockholm, Sweden Technical Program Committee John Baras University of Maryland, USA Elisa Bertino Purdue University, USA Matt Bishop University of California, Davis, USA Mike Burmester Florida State University, USA Christian Collberg University of Arizona, USA Mauro Conti University of Padua, Italy George Cybenko Dartmouth College, USA Jack Davidson University of Virginia, USA Bjorn De Sutter Ghent University, Belgium Sven Dietrich City University of New York, USA Aurélien Francillon EURECOM, France Michael Franz University of California, Irvine, USA Virgil Gligor Carnegie Mellon University, USA VIII Organization Kevin Hamlen The University of Texas at Dallas, USA Andrei Homescu Immunant Inc., USA Michael Huth Imperial College, UK Sotiris Ioannidis FORTH, Greece Stefan Katzenbeisser TU Darmstadt, Germany Farinaz Koushnafar University of California, San Diego, USA Rick Kuhn NIST, USA Michael Locasto University of Calgary, Canada Stephen Magill Galois, USA Andrew Martin Oxford University, UK Jonathan McCune Google, USA Tyler Moore University of Tulsa, USA Peter G. Neumann SRI International, USA Hamed Okhravi MIT Lincoln Laboratory, USA Panos Papadimitratos KTH, Sweden Mathias Payer Purdue University, USA Christian Probst DTU, Denmark David Pym University College London, UK Pierangela Samarati Università degli Studi di Milano, Italy Matthias Schunter Intel, Germany Jean-Pierre Seifert TU Berlin, Germany R. Sekar Stony Brook University, USA Sean Smith Dartmouth College, USA Alfonso Valdes University of Illinois at Urbana-Champaign, USA Ingrid Verbauwhede KU Leuven, Belgium Stijn Volckaert University of California, Irvine, USA Moti Yung Google, USA Additional Reviewers Moreno Ambrosin University of Padua, Italy Robert Buhren TU Berlin, Germany Ruan de Clercq KU Leuven, Belgium Riccardo Lazzeretti University of Padua, Italy Pieter Maene KU Leuven, Belgium Marta Piekarska TU Berlin, Germany Shahin Tajik TU Berlin, Germany Contents Anonymous Attestation Using the Strong Diffie Hellman Assumption Revisited . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Jan Camenisch, Manu Drijvers, and Anja Lehmann Practical Signing-Right Revocation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 MichaelTillBeck,StephanKrenn,Franz-StefanPreiss,andKaiSamelin Sensor Captchas: On the Usability of Instrumenting Hardware Sensors to Prove Liveliness . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40 Thomas Hupperich, Katharina Krombholz, and Thorsten Holz Runtime Integrity Checking for Exploit Mitigation on Lightweight Embedded Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60 Matthias Neugschwandtner, Collin Mulliner, William Robertson, and Engin Kirda Controversy in Trust Networks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82 Paolo Zicari, Roberto Interdonato, Diego Perna, Andrea Tagarelli, and Sergio Greco Enabling Key Migration Between Non-compatible TPM Versions. . . . . . . . . 101 Linus Karlsson and Martin Hell Bundling Evidence for Layered Attestation. . . . . . . . . . . . . . . . . . . . . . . . . 119 Paul D. Rowe An Arbiter PUF Secured by Remote Random Reconfigurations of an FPGA. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140 Alexander Spenke, Ralph Breithaupt, and Rainer Plaga Author Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159 Anonymous Attestation Using the Strong Diffie Hellman Assumption Revisited B Jan Camenisch1, Manu Drijvers1,2( ), and Anja Lehmann1 1 IBM Research – Zurich, S¨aumerstrasse 4, 8803 Ru¨schlikon, Switzerland {jca,mdr,anj}@zurich.ibm.com 2 Department of Computer Science, ETH Zurich, 8092 Zu¨rich, Switzerland Abstract. Direct Anonymous Attestation (DAA) is a cryptographic protocol for privacy-protecting authentication. It is standardized in the TPMstandardandimplementedinmillionsofchips.AvariantofDAAis alsousedinIntel’sSGX.Recently,Camenischetal.(PKC2016)demon- stratedthatexistingsecuritymodelsforDAAdonotcorrectlycaptureall securityrequirements,andshowedanumberofflawsinexistingschemes basedontheLRSWassumption.Inthiswork,weidentifyflawsinsecu- rityproofsofanumberofqSDH-basedDAAschemesandpointoutthat none of the proposed schemes can be proven secure in the recent model by Camenisch et al. (PKC 2016). We therefore present a new, provably secure DAA scheme that is based on the qSDH assumption. The new schemeisasefficientasthemostefficientexistingDAAscheme,withsup- port for DAA extensions to signature-based revocation and attributes. WerigorouslyprovetheschemesecureinthemodelofCamenischetal., which we modify to support the extensions. As a side-result of indepen- dentinterest,weprovethattheBBS+signatureschemeissecureinthe type-3pairingsetting,allowingforourschemetobeusedwiththemost efficient pairing-friendly curves. 1 Introduction Directanonymousattestation(DAA)isacryptographicauthenticationprotocol that lets a platform, consisting of a secure element and a host, create anony- mous attestations. These attestations are signatures on messages and convince a verifier that the message was signed by a authorized secure element, while preserving the privacy of the platform. DAA was designed for the Trusted Plat- formModule(TPM)byBrickell,Camenisch,andChen[9]andwasstandardized in the TPM 1.2 specification in 2004 [34]. Their paper inspired a large body of workonDAAschemes[4,10,11,13,15,22–24,26],includingmoreefficientscheme using bilinear pairings as well as different security definitions and proofs. One result of these works is the recent TPM 2.0 specification [31,35] that includes supportformultiplepairing-basedDAAschemes,twoofwhicharestandardized by ISO [30]. This work has been supported by the ERC under Grant PERCY #321310. (cid:2)c SpringerInternationalPublishingSwitzerland2016 M.FranzandP.Papadimitratos(Eds.):TRUST2016,LNCS9824,pp.1–20,2016. DOI:10.1007/978-3-319-45572-31