Professional Documents
Culture Documents
Palladium Presentation Package PDF
Palladium Presentation Package PDF
for
Palladium
CS406
This PDF contains the Powerpoint slides, and also text notes for the more
graphical first half of the presentation. The notes finish approximately at the end
of the second page of slides, although the picture of the keystroke logger on page
three is also part of that section.
If you are at all interested in this subject, we strongly recommend that you
investigate the two Web sites listed on the last slide. The first concentrates on the
political questions, whereas the second is more concerned with the technical
features of the system.
Pete Verdon
Next-Generation Secure
Computing Base
(Palladium)
James Forrester
Julz Friedman
Pete Verdon
What is Palladium?
A system to control what other
peoples computers can do with
your data.
- Where you are probably a large corporation or government
TCPA Scheme
Fritz Chip (a.k.a. TCM)
Controls the boot process
Known secure state
Cryptographic key made from hash of state
How it Works
A real system.
Most functions moved to software, though
this relies on new hardware capabilities:
How it Works
How it Works
microsoft.com
How it Works
microsoft.com
Aims:
Anti-Virus
Stated Aims
Discussed aims and objectives, and
achievability, might differ
Some of them seem to be merely
advertising or spin (surely not!)
Some aims dont seem to be being
discussed very much, if at all.
Anti-Virus claims
Microsoft Windows reputation for susceptibility to
Virus attack
Would it work?
Only if computer is in complete lock-down
(only authorized programs allowed to run)
Aims:
Anti-Spam
Meant as protection against Trojans etc.
Hope to prevent Trojan attacks taking over
computers and using them to create Spam
See previous slide, not very effective
Also retracted by Microsoft.
Aims:
Lock you into Intel system
Could be a problem in hardware-heavy
models, but not in Palladium
Initially widely declaimed by analysts
Not very believable, anyone can make a
trusted chip
Not anyone can hold the trusted keys
AMD now part of the collective
Aims:
Secure Media and Programs
Effective in primary cases
Disadvantages pointed to
What if youre not online?
What about an Open Source program or OS?
Problems
Need trusted GPU, soundcard etc. to be truly effective
Will people upgrade all of their hardware?
May actually be used only in certain environments
Aims:
Government/Corporate Leaks
Only allow documents to be viewed on certain PCs.
e.g. Governmental security (MOD, GCHQ, )
Self-destructing documents
Server instructs programs to destroy documents after 6 months;
only programs known to obey can open document
Aims:
Renting Media/Programs
Also quite effective, very plausible
New market for media companies, very
attractive
Again problem of limiting choice of viewer
application
See iTunes/iPod - just making it hard to copy is
enough for media companies
Further Reading
Trusted Computing FAQ - Ross Anderson
Good overview, cynical/sceptical.
http://www.cl.cam.ac.uk/users/rja14/tcpa-faq.html
03/12/2004 13:47:31PM
Title Slide
You've probably heard of it
Probably don't fully understand it
We're going to try to make clear what it is, what it can do,
more importantly what it probably will and won't do
What is Palladium?
Originated in 1997 with Peter Biddle at Microsoft as a DRM
system
He recognised that this is an instance of a general problem
- entrusting your bits to someone else but with conditions
as to what they can and can't do with them.
This is the same problem as privacy and some types of
security, so Palladium will work for those too.
In existing PC hardware it is not possible to ensure that
data goes only where it should.
You can dummy sound or video cards, you can run
debuggers on programs, you can read the decrypted file
straight out of memory - and you can write programs so
that inexperienced people can do this easily.
Thus Palladium involves adding hardware to the PC.
TCPA Scheme
Page 1
03/12/2004 13:47:31PM
TCPA Scheme
Very much tied to DRM. Basically, there's a key to unlock
your content, and a hardware chip keeps an eye on
everything and only lets you have that key if everything's in
an approved state.
Very hardware-heavy, inflexible, and difficult to implement.
Microsoft Version
"A real system", by which I mean this looks like being the
one we'll get. Much more developed - documentation is
available for programming for it, definitely to be included in
some form in Longhorn, though hardware not necessarily
in place.
IO Hardware - initially graphics card, probably closely
followed by sound card. But eventually have secure
everything available, even keyboards.
How It Works
SSC
Holds crypto keys specific to the machine
Can't be used to identify you remotely - actually gone
to some trouble to make this impossible. Not to say you
can't be, but it won't be by these keys.
Performs encryption and decryption under the control of
the Nexus
Encrypted data can only be read by this Nexus on this
machine.
Nexus
AKA "nub" in older documentation.
A kind of secure kernel or memory manager - the main
OS kernel is untrusted.
Controls access to curtained RAM.
Provides services to Nexus Computing Agents
Controls other Palladium-aware hardware.
Page 2
03/12/2004 13:47:31PM
Kernel / Apps
Is untrusted. On other side of brick wall. (Terms "right
hand side" and "left hand side" are apparently used semiofficially at Microsoft.)
Not really important what kernel it is. Intention (from a
technical point of view, anyway) is that all current
operating systems (free ones included) would be able to
run on a Palladium PC.
Hardware
An attempt to close the "analogue hole". Initial work
Page 3
03/12/2004 13:47:31PM
Page 4