Direct Anonymous Attestation: Enhancing Cloud Service User Privacy

Ulrich Greveler, Dennis Löhr, Benjamin Justus


We introduce a privacy enhancing cloud service architecture based on the Direct Anonymous Attestation (DAA) scheme. In order to protect user data, the architecture provides cloud users with the abilities of controlling the extent of data sharing among their service accounts. A user is then enabled to link Cloud Service applications in such a way, that his/her personal data are shared only among designated applications. The anonymity of the platform identity is preserved while the integrity of the hardware platform (represented by Trusted Computing configuration register values) is proven to the remote servers. Moreover, the cloud service provider can assess user account activities, which leads to efficient security enforcement measures.


Tags: Cloud Services, Direct Anonymous Attestation, Privacy Enhancing, Trusted Management