Embed Size (px)
Citation preview
Presentation Slides and Notes
for
PalladiumCS406
• This PDF contains the Powerpoint slides, and also text notes for the more
graphical first half of the presentation. The notes finish approximately at the end
of the second page of slides, although the picture of the keystroke logger on page
three is also part of that section.
• If you are at all interested in this subject, we strongly recommend that you
investigate the two Web sites listed on the last slide. The first concentrates on the
“political” questions, whereas the second is more concerned with the technical
features of the system.
Pete Verdon
Next-Generation SecureComputing Base
(Palladium)
James Forrester
Julz Friedman
Pete Verdon
What is Palladium?
A system to control what otherpeople’s computers can do withyour data.
- Where “you” are probably a large corporation or government
What isn’t Palladium?
Fritz Chip
- Part of TCPA, not Palladium
TCPA is now effectively replaced by Palladium
TCPA Scheme• “Fritz Chip” (a.k.a. TCM)
– Controls the boot process• “Known secure state”
• Cryptographic key made from hash of state
• Hands over to “enforcement software” inoperating system– Uses Fritz cryptographic key
– Fritz continues to monitor and will only make the keyavailable if the environment remains in an approvedstate.
The Microsoft Version -
Palladium / NGSCB
• A real system.
• Most functions moved to software, thoughthis relies on new hardware capabilities:
– New operating mode (and opcode) in CPU
– Chipset (to enable “curtained” RAM)
– Palladium-capable I/O hardware
– Secure Cryptographic coProcessor
How it Works
microsoft.com
A Secure Cryptographic coProcessor - Prototypes already available
How it Works
microsoft.com
How it Works
microsoft.com
How it Works
microsoft.com
This slide intentionally left blank
Hardware Keystroke Logger
Stated Aims
• Discussed aims and objectives, andachievability, might differ
• Some of them seem to be merelyadvertising or spin (surely not!)
• Some aims don’t seem to be beingdiscussed very much, if at all.
Aims:Anti-Virus
• Anti-Virus claims– Microsoft Windows reputation for susceptibility to
Virus attack
• Would it work?– Only if computer is in complete lock-down
• (only authorized programs allowed to run)
– Still very minor effect• Most major virus attacks are scripting exploits with VB etc. in
trusted applications
– This aim has since been retracted
Aims:Anti-Spam
• Meant as protection against Trojans etc.
• Hope to prevent Trojan attacks taking overcomputers and using them to create Spam
• See previous slide, not very effective
– Also retracted by Microsoft.
Aims:Lock you into Intel system
• Could be a problem in hardware-heavymodels, but not in Palladium
• Initially widely declaimed by ‘analysts’
• Not very believable, anyone can make atrusted chip
– Not anyone can hold the trusted keys
– AMD now part of the collective
Aims:Secure Media and Programs
• Effective in primary cases
• Disadvantages pointed to– What if you’re not online?
– What about an Open Source program or OS?
• Problems– Need trusted GPU, soundcard etc. to be truly effective
– Will people upgrade all of their hardware?
– May actually be used only in certain environments
Aims:Renting Media/Programs
• Also quite effective, very plausible
• New market for media companies, veryattractive
• Again problem of limiting choice of viewerapplication
– See iTunes/iPod - just making it hard to copy isenough for media companies
Aims:Government/Corporate Leaks
• Only allow documents to be viewed on certain PCs.
– e.g. Governmental security (MOD, GCHQ, …)
• Self-destructing documents
– Server instructs programs to destroy documents after 6 months;only programs known to obey can open document
• Home users unlikely to agree, but businesses will see acompelling case
Conclusions: Does it work?
• Well, yes and no:
• It ‘raises the bar’ significantly if there are nolinks in the chain that are easy to exploit,but…
• … there are still problems, most notablyrelated to the analogue ‘hole’ (humans).
Conclusions: Will it happen?
• Changes required in people’s mental modelof the computer.
• Not really in the interests of consumers,nor content producers other than the bigcompanies (Disney, Sony Music, etc.)
• Requires large investment to pull off
• So… no, probably not.
ANY (EASY) QUESTIONS?
Further Reading
• Trusted Computing FAQ - Ross AndersonGood overview, cynical/sceptical.
http://www.cl.cam.ac.uk/users/rja14/tcpa-faq.html
• Palladium Summary - Seth Schoen
Notes from a meeting with Microsoft, takes a neutral tofaintly positive line.
http://vitanuova.loyalty.org/2002-07-05.html
Palladium presentation notes 03/12/2004 13:47:31PM
Page 1
Title SlideYou've probably heard of it
Probably don't fully understand it
We're going to try to make clear what it is, what it can do,
more importantly what it probably will and won't do
What is Palladium?Originated in 1997 with Peter Biddle at Microsoft as a DRM
system
He recognised that this is an instance of a general problem
- entrusting your bits to someone else but with conditions
as to what they can and can't do with them.
This is the same problem as privacy and some types of
security, so Palladium will work for those too.
In existing PC hardware it is not possible to ensure that
data goes only where it should.
You can dummy sound or video cards, you can run
debuggers on programs, you can read the decrypted file
straight out of memory - and you can write programs so
that inexperienced people can do this easily.
Thus Palladium involves adding hardware to the PC.
What isn't Palladium?Trusted Computing Platform Alliance were developing their
own similar DRM system
Fritz is part of that
Several influential members including Microsoft started a
new group - Trusted Computing Group
Purported to be the successor to TCPA - invited TCPA
members to join
TCPA now pushes Palladium
This does confuse matters - two schemes, two sets of
terms, companies involved deliberately mingling them
TCPA Scheme
Palladium presentation notes 03/12/2004 13:47:31PM
Page 2
TCPA SchemeVery much tied to DRM. Basically, there's a key to unlock
your content, and a hardware chip keeps an eye on
everything and only lets you have that key if everything's in
an approved state.
Very hardware-heavy, inflexible, and difficult to implement.
Microsoft Version"A real system", by which I mean this looks like being the
one we'll get. Much more developed - documentation is
available for programming for it, definitely to be included in
some form in Longhorn, though hardware not necessarily
in place.
IO Hardware - initially graphics card, probably closely
followed by sound card. But eventually have secure
everything available, even keyboards.
How It Works
SSCHolds crypto keys specific to the machine
Can't be used to identify you remotely - actually gone
to some trouble to make this impossible. Not to say you
can't be, but it won't be by these keys.
Performs encryption and decryption under the control of
the Nexus
Encrypted data can only be read by this Nexus on this
machine.
NexusAKA "nub" in older documentation.
A kind of secure kernel or memory manager - the main
OS kernel is untrusted.
Controls access to curtained RAM.
Provides services to Nexus Computing Agents
Controls other Palladium-aware hardware.
Palladium presentation notes 03/12/2004 13:47:31PM
Page 3
Controls other Palladium-aware hardware.
Nexus is trusted, but a meddled-with Nexus can be
identified
Hardware will only let a Nexus read its own data, so
the meddled one can't get at stuff saved by the real
one
You can't lie about what Nexus you're running (though
you can choose not to say) so data providers can
choose only to dish out data to known-good Nexii.
No technical reason why you can't write your own Nexus
- technical people at Microsoft insist the Linux people are
welcome to do it, though it remains to be see whether
that actually happens.
Nexus Computing AgentsIf Nexus is the kernel, these are the applications. Small
secure programs that run in curtained memory and can't
access each other or the outside except through the
Nexus
Developer documentation suggests that small security-
focussed apps be written completely as NCAs; larger
apps that need some Palladium features would be mostly
untrusted but have an associated NCA to perform the
security-critical tasks.
Kernel / AppsIs untrusted. On other side of brick wall. (Terms "right
hand side" and "left hand side" are apparently used semi-
officially at Microsoft.)
Not really important what kernel it is. Intention (from a
technical point of view, anyway) is that all current
operating systems (free ones included) would be able to
run on a Palladium PC.
HardwareAn attempt to close the "analogue hole". Initial work
focusses on graphics card - NCAs can ask that stuff be
sent there and ordinary apps can't see it or mess with it.
No doubt similar for sound.
Palladium presentation notes 03/12/2004 13:47:31PM
Page 4
An attempt to close the "analogue hole". Initial work
focusses on graphics card - NCAs can ask that stuff be
sent there and ordinary apps can't see it or mess with it.
No doubt similar for sound.
USB Hub for keyboards - not a DRM feature, but enables
lots of other security possibilities. Stops someone using
one of these beasties on you.
Doesn't say anywhere, but it would be stupid to assume
that Palladium requires all compliant hardware. More
likely the system will say what there is, and it's up to the
program whether it wants to run with the security
available.
