Presentation On Palladium Cryptography

(next generation secure computing base)

By: Piyush Mittal

Palladium is a software architecture designed by Microsoft to implement parts of Trusted Computing Concepts on future versions of Windows OS.  This relies on Hardware technology designed by members of Trusted Computing Group which provide security features, cryptographic co-processors and ability to hold keys securely.

Properties of Palladium
Architectural enhancement to Windows kernel and computer hardware.  Will not eliminate any features of Windows.  New applications must be written.  It will operate with any program user specifies while maintaining security.

Architecture and Concepts
Palladium consists of software and specialized hardware component developed by Trusted Computing Group 1. Key hardware components are:
• Trusted Platform Module: provides secure storage of cryptographic keys and a secure co-processor. • Curtained memory (trusted space)feature in CPU: Execution space protected from external attacks (protected RAM) Data within curtained memory can be accessed by applications to which it belongs.

Sealed Storage: Authentication mechanism that allows program to store secrets.  Secure input output  Attestation: Mechanisms that allow user to reveal selected characteristics to external requesters. It is entrusted with the job of to encrypt and decrypt data from sealed storage.

Secured Key
Cryptographic key is stored within TPM  Applications provide encrypted data to TPM to be decrypted and decrypted data is provided for authentication  TPM stores a single key securely  Data as an extension stored in encrypted form that can be decrypted only by key in TPM  TPM generates cryptographic signature based on hidden key.

Key Software components are  Nexus: A security kernel that is a part of OS. It provides basic services to trusted agents, such as the establishment of the process mechanisms for with trusted agents and other applications.  Trusted agents: A trusted agent is a program, a part of a program, or a service that runs in user mode in the trusted space.

Together, the nexus and trusted agents provide the following features:  Trusted data storage, encryption services for applications to ensure data integrity and protection.  facilities to enable hardware and software to authenticate itself.

This architecture will include a new security computing chip and design changes to a computer’s central processing unit (CPU), chipsets, and peripheral devices, such as keyboards and printers.  The pc-specific secret coding within palladium makes stolen files useless on other machines as they are physically and cryptographically locked within the hardware of the machine.

Protection using Palladium
Palladium prevents identity theft and unauthorized access to personal data on the user’s device while on the internet and on other networks.  With palladium, a system’s secrets are locked in the computer and are only revealed on terms that the user has specified.

Software and applications have to be rewritten to synchronize with palladium or new applications must be written  Changes are to be made to the existing computer hardware to support palladium.  It would be a long time before this technology became commonplace.

With the usage of “palladium” systems, trustworthy, secure interactions will become possible. This technology will provide tougher security defenses and more abundant privacy benefits than ever before. With palladium, users will have unparalleled power over system integrity, personal privacy and data security.

Sign up to vote on this title
UsefulNot useful