On a Possible Privacy Flaw in Direct Anonymous Attestation (DAA)

A possible privacy flaw in the TCG implementation of the Direct Anonymous Attestation (DAA) protocol has recently been discovered by Rudolph. This flaw allows a DAA Issuer to covertly include identifying information within DAA Certificates, enabling a colluding DAA Issuer and one or more verifiers to link and uniquely identify users, compromising user privacy and thereby invalidating the key feature provided by DAA. In this paper, the authors argue that, in typical usage scenarios, the weakness identified by Rudolph is not likely to lead to a feasible attack; specifically they argue that the attack is only likely to be feasible if honest DAA signers and verifiers never check the behaviour of issuers.