14-06-2009, 01:04 AM
Seminar Report
on
MICROSOFT PALLADIUM
Submitted by
AJITH V
in partial fulfillment for the award of the degree
of
BACHELOR OF TECHNOLOGY
IN
COMPUTER SCIENCE AND ENGINEERING
SCHOOL OF ENGINEERING
COCHIN UNIVERSITY OF SCIENCE AND
TECHNOLOGY, KOCHI - 682022
OCTOBER 2008
DIVISION OF COMPUTER ENGINEERING
SCHOOL OF ENGINEERING Page 2
COCHIN UNIVERSITY OF SCIENCE AND TECHNOLOGY
KOCHI - 682022
Certificate
Certified that this is a bonafide record of the seminar work entitled
Microsoft Palladium
done by the following students
Ajith V
of the VII
th
semester, Computer Science and Engineering in the year 2008 in partial
fulfillment of the requirements to the award of Degree of Bachelor of Technology in
Computer Science and Engineering of Cochin University of Science and Technology.
Ms Shekha Chenthara
Seminar Guide
Lecture
Division of computer science
SOE, CUSAT
Dr. David Peters S
Head of the Department
Division of computer science
SOE, CUSATPage 3
ACKNOWLEDGEMENT
First and foremost I thank almighty for his blessings. I sincerely express my
gratitude to my seminar guide, Ms.shekha chenthara, Lecturer, CUSAT, for his proper guidance and
valuable suggestions. I am equally indebted to Mr. David Peter, the HOD, Computer Science division and
other faculty members for giving me such an opportunity to learn and present this seminars. If not for the
above mentioned people my seminar would never have been completed successfully. I once again extend
my sincere thanks to all of them
AJITH V Page 4
ABSTRACT
The Next-Generation Secure Computing Base (NGSCB), formerly known as
Palladium, is a software architecture designed by Microsoft which is expected to implement
"Trusted Computing" concept on future versions of the Microsoft Windows operating system.
Palladium is part of Microsoft's Trustworthy Computing initiative. Microsoft's stated aim for
palladium is to increase the security and privacy of computer users. Palladium involves a new
breed of hardware and applications in along with the architecture of the Windows operating
system. Designed to work side-by-side with the existing functionality of Windows, this significant
evolution of the personal computer platform will introduce a level of security that meets the rising
customer requirements for data protection, integrity and distributed collaboration. It's designed to
give people greater security, personal privacy and system integrity.Page 5
i
TABLE OF CONTENTS
ABSTRACT
LIST OF FIGURES
ii
1.
INTRODUCTION
1
1.1 CORE PRINCIPLES OF PALLADIUM
4
2.
CORE PRINCIPLES OF PALLADIUM
11
2.1. HARDWARE COMPONENTS 11
2.1.1. TRUSTED SPACE
11
2.1.2. SEALED STORAGE
11
2.1.3. ATTESTATION
11
2.2. SOFTWARE COMPONENTS 12
2.2.1. NEXUS
12
2.2.2. TRUSTED AGENT
12
3.
COMPARISON OF TCPA AND PALLADIUM
20
4.
ADVANTAGES OF PALLADIUM
21
4.1. BLOCK MALICIOUS CODE
21
4.2. DIGITAL RIGHT MANAGEMENT
21
5.
DISADVANTAGES OF PALLADIUM
23
5.1. UPGRADES
23
5.2. INTEROPERABILITY 23
5.3. LEGACY PROGRAMS
24
6.
CONCLUSION
25
7.
REFERENCES
27 Page 6
ii
LIST OF FIGURES
SL No Title
Pg No
Fig 1.1
PALLADIUM ENABLED SYSTEM
2
Fig 2.1
PALLADIUM WITH CLOSED SPHERE OF TRUST
7
Fig 2.2
PALLADIUM AS AN OPT_IN SYSTEM
8Page 7
Microsoft Palladium
Division of Computer Science, SOE, CUSAT
1
1.
INTRODUCTION
The Next-Generation Secure Computing Base (NGSCB), formerly known
as Palladium, is a software architecture designed by Microsoft which is expected to implement
"Trusted Computing" concept on future versions of the Microsoft Windows operating system.
Palladium is part of Microsoft's Trustworthy Computing initiative. Microsoft's stated aim for
palladium is to increase the security and privacy of computer users. Palladium involves a new
breed of hardware and applications in along with the architecture of the Windows operating
system. Designed to work side-by-side with the existing functionality of Windows, this
significant evolution of the personal computer platform will introduce a level of security that
meets the rising customer requirements for data protection, integrity and distributed
collaboration. It's designed to give people greater security, personal privacy and system integrity.
Internet security is also provided by palladium such as protecting data from virus and hacking of
data
In addition to new core components in Windows that will move the Palladium
effort forward, Microsoft is working with hardware partners to build Palladium components and
features into their products. The new hardware architecture involves some changes to CPUs
which are significant from a functional perspective. There will also be a new piece of hardware
called for by Palladium that you might refer to as a security chip. It will provide a set of
cryptographic functions and keys that are central to what we're doing. There are also some
associated changes under the chipset, and the graphics and I/O system through the USB port--all
designed to create a comprehensive security environment.
"Palladium" is the code name for an evolutionary set of features for the
Microsoft Windows operating system. When combined with a new breed of hardware and
applications, "Palladium" gives individuals and groups of users greater data security, personal
privacy and system integrity. Designed to work side-by-side with the existing functionality of
Windows, this significant evolution of the personal computer platform will introduce a level of
security that meets the rising customer requirements for data protection, integrity and distributed
collaboration .Page 8
Microsoft Palladium
Division of Computer Science, SOE, CUSAT
2
Users implicitly trust their computers with more of their valuable data every
day. They also trust their computers to perform more and more important financial, legal and
other transactions. "Palladium" provides a solid basis for this trust: a foundation on which
privacy- and security-sensitive software can be built.
There are many reasons why "Palladium" will be of advantage to users.
Among these are enhanced, practical user control; the emergence of new server/service models;
and potentially new peer-to-peer or fully peer-distributed service models. The fundamental
benefits of "Palladium" fall into three chief categories: greater system integrity, superior personal
privacy and enhanced data security.These categories are illustrated in Fig 1.1
Fig 1.1 Palladium enabled systemPage 9
Microsoft Palladium
Division of Computer Science, SOE, CUSAT
3
Today's personal computing environment has advanced in terms of security
and privacy, while maintaining a significant amount of backward compatibility. However, the
evolution of a shared, open network (the Internet) has created new problems and requirements
for trustworthy computing. As the personal computer grows more central to our lives at home,
work and school, consumers and business customers alike are increasingly aware of privacy and
security issues.
Now, the pressure is on for industry leaders to take the following actions:
¢
Buildsolutionsthatwillmeetthepressingneedforreliabilityandintegrity.
¢
Makeimprovementstothepersonalcomputersuchthatitcanmorefullyreachits
potentialandenableawiderrangeofopportunities.
¢
Givecustomersandcontentprovidersanew levelofconfidenceinthecomputer
experience.
¢
Continueto supportbackward compatibility with existing softwareand user
knowledgethatexistswithWindowssystemstoday.
Together,industryleadersmustaddressthesecriticalissuestomeetthemountingdemandfor
trusted computing while preserving the open and rich characterofcurrentcomputer
functionality.Page 10
MicrosoftPalladium
DivisionofComputerScience,SOE,CUSAT
4
1.1FEATURESOFPALLADIUM
Developmentof"Palladium"isguidedbyimportantbusinessandTechnical
imperativesandassumptions.Amongthesearethefollowing:
àA "Palladium"-enhanced computer must continue to run any existing applications
and device drivers.
"Palladium"isnotaseparateoperatingsystem.Itisbasedonarchitectural
enhancementstotheWindowskernelandtocomputerhardware,includingtheCPU,peripherals
andchipsets,tocreateanewtrustedexecutionsubsystem(seeFig1).
"Palladium"willnoteliminateanyfeaturesofWindowsthatusershavecome
torelyon;everythingthatrunstodaywillcontinuetorunwith"Palladium."Inaddition,
"Palladium"doesnotchangewhatcanbeprogrammedorrunonthecomputingplatform;it
simplychangeswhatcanbebelievedaboutprograms,andthedurabilityofthosebeliefs.
Moreover,"Palladium"willoperatewithanyprogram theuserspecifieswhilemaintaining
security.
à"Palladium"-based systems must provide the means to protect user privacy better than
any operating system does today.
"Palladium"preventsidentitytheftandunauthorizedaccessto
personaldataontheuser'sdevicewhileontheInternetandonothernetworks.Transactionsand
processesareverifiableandreliable(throughtheattestablehardwareandsoftwarearchitecture
describedbelow),andtheycannotbeimitated.
With"Palladium,"asystem'ssecretsarelockedinthecomputerandareonly
revealedontermsthattheuserhasspecified.Inaddition,Page 11
MicrosoftPalladium
DivisionofComputerScience,SOE,CUSAT
5
thetrusteduserinterfacepreventssnoopingandimpersonation.Theusercontrolswhatis
revealedandcanseparatecategoriesofdataonasinglecomputerintodistinctrealms.
Finally,the"Palladium"architecturewillenableanew classofidentity
serviceprovidersthatcanpotentiallyofferuserschoicesforhowtheiridentitiesarerepresented
inonlinetransactions.Theseserviceproviderscanalsoensurethattheuserisincontrolof
policiesforhowpersonalinformationisrevealedtoothers.Inaddition,"Palladium"willallow
userstoemployidentityserviceprovidersoftheirownchoosing.
à"Palladium" will not require digital rights management technology, and DRM will not
require "Palladium."
Digitalrightsmanagement(DRM)isanimportant,emergingtechnologythat
manybelievewillbecentraltothedigitaleconomyofthefuture.Asameansofdefiningrules
andsettingpoliciesthatenhancetheintegrityandtrustofdigitalcontentconsumption,DRM is
vitalforawiderangeofcontent-protectionuses.SomeexamplesofDRM aretheprotectionof
valuableintellectualproperty,trustede-mailandpersistentprotectionofcorporatedocuments.
WhileDRMand"Palladium"arebothsupportiveofTrustworthyComputing,
neitherisabsolutelyrequiredfortheothertowork.DRM canbedeployedonnon-"Palladium"
machines,and"Palladium"canprovideuserswithbenefitsindependentofDRM.Theyare
separatetechnologies.Thatsaid,thecurrentsoftware-basedDRM technologiescanberendered
strongerwhendeployedon"Palladium"-basedcomputers.
àUser information is not a requirement for "Palladium" to work.
"Palladium"authenticatessoftwareandhardware,notusers."Palladium"is
aboutplatformintegrity,andenablesusers-whetherinacorporateorhomesetting-totake
advantageofsystemtrustworthinesstoestablishmultiple,separateidentities,eachtosuitspecific
needs.Page 12
MicrosoftPalladium
DivisionofComputerScience,SOE,CUSAT
6
Forexample,anemployeelogsontothecorporatenetworkfromhome.Atrustedgatewayserver
atthecorporatenetworkmediatestheremoteaccessconnection,allowingonlytrusted
applicationstoaccessthenetwork.Thisensuresthatthenetworkisprotectedagainstinfection
fromattacksbyvirusesthatthehomeusermighthavereceivedthroughpersonale-mail.Once
connected,theemployeecanuseRemoteDesktoptoaccessthecomputerattheofficeorsavea
filebacktothecorporateserverbyusinglocallyactiveTrustedAgentsandsealedstorage(see
below)ontheclient.
Withthistechnology,thecorporatenetworkisprotected,whiletheindividual
canalsobeconfidentthatthecompanyisnotusingtheremoteconnectionasanopportunityto
snoopintothecontentsoftheuser'shomecomputer.
à"Palladium" will enable closed spheres of trust.
Aclosedsphereoftrustbindsdataoraservicetobothasetofusers(logon)and
toasetofacceptableapplications.AsshowninFig2.2,thenexus(formerlyreferredtoasthe
TrustedOperatingRoot,orTOR)doesnotsimplyopenthevault;thenexuswillopenonlya
particularvault,andonlyforasmalllistofapplications.Page 13
MicrosoftPalladium
DivisionofComputerScience,SOE,CUSAT
7
Palladiumwithclosedspheresoftrust
Fig2.1
à"Palladium" is an opt-in system.
"Palladium"isentirely an opt-in solution;systemswillship with the
"Palladium"hardwareandsoftwarefeaturesturnedoff.Theuserofthesystemcanchooseto
simplystaywiththisdefaultsetting,leavingall"Palladium"-relatedcapabilities(hardwareand
software)disabled.
Palladiummustbehighlyresistanttosoftwareattacks(suchasTrojanhorse
viruses),andmustprovideuserswiththeintegrityofaprotected,end-to-endsystem across
networks.Page 14
MicrosoftPalladium
DivisionofComputerScience,SOE,CUSAT
8
Palladiumasanopt-insystem
Fig2.2
Palladiumprovidesatrustedprocessingenvironment.Trustedcoderunsin
memorythatisphysicallyisolated,protected,andinaccessibletotherestofthesystem,making
itinherentlyimpervioustoviruses,spy-ware,orothersoftwareattacks.Withrespecttoviruses,
thecontributionfromPalladiumisfairlystraightforward.SincePalladiumdoesnotinterferewith
theoperationofanyprogram runningintheregularWindowsenvironment,everything,
includingthenativeOSandviruses,runsthereasitdoestoday.Soantivirusmonitoringand
detectionsoftwareinWindowswillstillbeneeded.However,PalladiumdoesprovideantivirusPage 15
MicrosoftPalladium
DivisionofComputerScience,SOE,CUSAT
9
softwarewithasecureexecutionenvironmentthatcannotbecorruptedbyinfectedcode,soan
antivirusprogram builtontopofaPalladium applicationcouldguaranteethatithasn'tbeen
corrupted.Thisgroundingoftheantivirussoftwareallowsittobootstrapitselfintoaguaranteed
executionstate,somethingitcan'tdotoday.
OneofthekeyPalladiumbuildingblocksis"authenticatedoperation".Ifa
bankingapplicationistobetrustedtoperform anaction,itisimportantthatthebanking
applicationhasnotbeensubverted.Itisalsoimportantthatbankingdatacanonlybeaccessed
byapplicationsthathavebeenidentifiedastrustedtoreadthatdata."Palladium"systems
providethiscapabilitythroughamechanismcalledsealedstorage.
Anothercapabilityprovided byauthenticatedoperationisattestation.
"Palladium"willallowabanktoacceptonlytransactionsinitiatedbytheuserandthatarenot
virusesorotherunknownmachinesontheInternet.Because"Palladium"softwareand
hardwareiscryptographicallyverifiabletotheuserandtoothercomputers,programsand
services,thesystem canverifythatothercomputersandprocessesaretrustworthybefore
engagingthemorsharinginformation.Usersthereforecanbeconfidentthattheirintentionsare
properlyrepresentedandcarriedout,asillustratedinFigure3.Moreover,thesourcecodefor
theoperatingsystem'scriticalnexuswillbepublishedandvalidatedbythirdparties.
Finally,interactionwiththecomputeritselfistrusted."Palladium"-specific
hardwareprovidesaprotectedpathwayfromkeyboardtomonitor,andkeystrokescannotbe
snoopedorspoofed,evenbymaliciousdevicedrivers.
à"Palladium" data security features will make a Windows-based
device a trustworthy environment for any data.
The"Palladium"systemisarchitectedwithsecurityandintegrityasitsprimary
designgoals.Trustedcodecannotbeobservedormodifiedwhenrunninginthetrustedexecution
space.Filesareencryptedwithmachine-specificsecrets,makingthem uselessifstolenorPage 16
MicrosoftPalladium
DivisionofComputerScience,SOE,CUSAT
10
surreptitiously copied.In addition,machine-specific system secretsare physically and
cryptographicallylocked(themachine'sprivatekeyisembeddedinhardwareandnever
exposed),and the trusted hardware architecture preventssnooping,spoofing and data
interception.Coresystemsecretsarestoredinhardware,wherenosoftwareattackcanreveal
them.Evenifexposedbyasophisticatedhardwareattack,thecoresystem secretsareonly
applicabletodataonthecompromisedsystemandcannotbeusedtodevelopwidelydeployable
hacks.Finally,acompromisedsystemcanlikelybespottedbyITmanagers,serviceproviders
andothersystems,andthenexcluded.
àA "Palladium" system will be open at all levels.
"Palladium"hardwarewillrunanynexus.Someplatformsmayallowauserto
restrictthenexusesthatareallowedtorun,buttheuserwillstillbeinfullcontrolofthispolicy.
The"Palladium"TORwillalsoruntrustedagentsfrom anypublisher.Again,theusermay
choosetorestrictthetrustedagentsthatrunonthesystem,buttheuserwillremaininfullcontrol
ofthispolicy.The"Palladium"nexuswillworkwithanynetworkserviceprovideroftheuser's
choosing.Page 17
MicrosoftPalladium
DivisionofComputerScience,SOE,CUSAT
11
2. CORE PRINCIPLES OF PALLADIUM
"Palladium"comprisestwokeycomponents:hardwareandsoftware.
2.1HARDWARECOMPONENTS
Engineeredforensuringtheprotectedexecutionofapplicationsandprocesses,
theprotectedoperatingenvironmentprovidesthefollowingbasicmechanisms:
2.1.1 TRUSTEDSPACE:- Theexecutionspaceisprotectedfromexternalsoftwareattacks
suchasavirus.Trustedspaceissetupandmaintainedbythenexusandhasaccessto
variousservicesprovidedby"Palladium,"suchassealedstorage.
2.1.2 SEALED STORAGE:- Sealedstorageisanauthenticatedmechanism thatallowsa
programtostoresecretsthatcannotberetrievedbynontrustedprogramssuchasavirus
orTrojanhorse.Informationinsealedstoragecannotbereadbyothernontrusted
programs.(Sealedstoragecannotbereadbyunauthorizedsecureprograms,forthat
matter,andcannotbereadevenifanotheroperatingsystem isbootedorthediskis
carriedtoanothermachine.)Thesestoredsecretscanbetiedtothemachine,thenexusor
theapplication.Microsoftwillalsoprovidemechanismsforthesafeandcontrolled
backupandmigrationofsecretstoothermachines.
2.1.3 ATTESTATION:- Attestationisamechanism thatallowstheusertorevealselected
characteristicsoftheoperatingenvironmentto externalrequestors.Forexample,
attestationcanbeusedtoverifythatthecomputerisrunningavalidversionof
"Palladium."Page 18
MicrosoftPalladium
DivisionofComputerScience,SOE,CUSAT
12
2.2SOFTWARECOMPONENTS
Theplatform implementsthesetrustedprimitivesinanopen,programmable
waytothirdparties.Theplatformconsistsofthefollowingelements:
2.2.1 NEXUS:- (atechnologyformerlyreferredtoasthe"TrustedOperatingRoot(TOR)".
ThecomponentinMicrosoftWindowsthatmanagestrustfunctionalityfor"Palladium"
user-modeprocesses(agents).Thenexusexecutesinkernelmodeinthetrustedspace.It
providesbasicservicestotrustedagents,suchastheestablishmentoftheprocess
mechanismsforcommunicatingwithtrusted agentsandotherapplications,andspecial
trustservicessuchasattestationofrequestsandthesealingandunsealingofsecrets.
2.2.2 TRUSTEDAGENT:- Atrustedagentisaprogram,apartofaprogram,oraservice
thatrunsinusermodeinthetrustedspace.Atrustedagentcallsthenexusforsecurity-
relatedservicesandcriticalgeneralservicessuchasmemorymanagement.Atrusted
agentisabletostoresecretsusingsealedstorageandauthenticatesitselfusingthe
attestationservicesofthenexus.Oneofthemainprinciplesoftrustedagentsisthatthey
canbetrustedornottrustedbymultipleentities,suchastheuser,anITdepartment,a
merchantoravendor.Eachtrustedagentorentity ontrolsitsownsphereoftrust,and
theyneednottrustorrelyoneachother.
Together,thenexusandtrustedagentsprovidethefollowingfeatures:
¢ Trusteddatastorage,encryptionservicesforapplicationstoensure
dataintegrityandprotectionPage 19
MicrosoftPalladium
DivisionofComputerScience,SOE,CUSAT
13
¢ Authenticatedboot,facilitiestoenablehardwareandsoftwareto
authenticateitself
Fromtheperspectiveofprivacy(andanti-virusprotection),oneofthekey
benefitsof"Palladium"istheabilityforuserstoeffectivelydelegatecertificationofcode.
Anyonecancertify"Palladium"hardwareorsoftware,anditisexpectedthatmanycompanies
andorganizationswillofferthisservice.Allowingmultiplepartiestoindependentlyevaluateand
certify"Palladium"-capablesystemsmeansthatuserswillbeabletoobtainverificationofthe
system'soperationfromorganizationsthattheytrust.Inaddition,thiswillformthebasisfora
strongbusinessincentivetopreserveandenhanceprivacyandsecurity.Moreover,"Palladium"
allowsanynumberoftrustedinternalorexternalentitiestointeractwithatrustedcomponentor
trustedplatform. TheinitialversionofPalladiumwillrequirechangestofivepartsofthePC's
hardware.ChangeswillberequiredtotheCPU,thechipset(onthemotherboard),theinput
devices(e.g.keyboard),andthevideooutputdevices(graphicsprocessor).Inaddition,anew
componentmustbeadded:atamper-resistantsecurecryptographicco-processor,which
MicrosoftcallsSCPorSPP
¢ AlthoughtheSCPistamper-resistant,itislikelythataskilledattackerwithphysical
accesstotheinsideofaPalladiumPCcanstillcompromiseitorsubvertitspoliciesin
someway.
¢ Soitispossiblethatanattackerwithphysicalaccesscanstillcompromisethesystem,
eventhoughtheSCPismeanttobetamper-resistant,partlybecauseothercomponents
(likeRAM)arelessrobustagainstmodification.Palladiumprimarilydefendseffectively
againsttwoclassesofattacks1)remotenetworkmountedattacks(bufferoverflowsand
otherprogrammingflaws,maliciousmobilecode,etc.),becauseevenifsomemalicious
codeisinstalledinonepartofthesystem,itstillcan'teffectivelysubvertthepolicyof
anotherpartofthesystem,and(2)localsoftware-basedattacks,includingthingslike
usingadebuggertotrytoreadaprogram'sinternalstatewhileit'sexecutingortotryto
subvertitspolicy.Thus,Palladium canprobablyguaranteethatyoucan'twriteorPage 20
MicrosoftPalladium
DivisionofComputerScience,SOE,CUSAT
14
downloadanysoftware(andnobodyelsecanwriteoruploadtoyouanysoftware)which
wouldcompromisethepolicyofsoftwarerunninglocallywhichismakinguseof
Palladiumtrustfeatures.
¢ Palladium'schangestotheCPUallowittobeplacedintoanewmodewherecertain
areasofmemoryarerestrictedviaatechniquecalled"codecurtaining"toanultra-
privilegedpieceofcodecalledthe"nub"or"TOR".("Nub"isthePalladiumteam'sterm
forthiscode,and"TOR",for"TrustedOperatingRoot",istheofficialpublicterm.)The
nubisakindoftrustedmemorymanager,whichrunswithmoreprivilegethanan
operatingsystemkernel.ThenubalsomanagesaccesstotheSCP.
¢ TheSCPisan8-bittamper-resistantcryptographicsmart-cardwhichcontainsunique
keys,includingpublickeypairs(2048-bitRSA),andsymmetrickeysforAESinCBC
mode.ThesekeysareuniquepermachineandtheSCPdoesnotrevealthemtoanything
outsidetheSCP'ssecurityperimeter.Italsocontainsavarietyofothercryptographic
functionality,includingSHA-1,RSA,AES,andothercipherimplementations,asmall
amountofmemory,and amonotone counter.TheSCPcandoanumberof
cryptographicprotocols.ItalsocontainsathingcalledaPCR.(Ithinkthatstandsfor
"platformconfigurationregister".)
¢ WhenyouwanttostartaPalladiumPCintrustedmode(notethatitdoesn'thave tostart
intrustedmode,and,fromwhatMicrosoftsaid,itsoundslikeyoucouldevenimagine
bootingthesameOSineithertrustedoruntrustedmode,basedonauser'schoiceatboot
time),thesystemhardwareperformswhat'scalledan"authenticatedboot",inwhichthe
systemisplacedinaknownstateandanubisloaded.Ahash(Ithinkit'sSHA-1)istaken
ofthenubwhichwasjustloaded,andthe160-bithashisstoredunalterablyinthePCR,
andremainsthereforaslongasthesystemcontinuestooperateintrustedmode.Then
theoperatingsystem kernelcanboot,butthekeytothetrustinthesystem isthePage 21
MicrosoftPalladium
DivisionofComputerScience,SOE,CUSAT
15
authenticationofthenub.Aslongasthesystemisup,theSCPknowsexactlywhichnub
iscurrentlyrunning;becauseofthewaytheCPUworks,itisnotpossibleforanyother
softwaretomodifythenuboritsmemoryorsubvertthenub'spolicies.Thenubisin
somesenseinchargeofthesystematalowlevel,butitdoesn'tusuallydothingswhich
othersoftwarewouldnoticeunlessit'saskedto.
¢ Thenubinterfaceswithothersoftwareonthesystembymeansofprograms(outsidethe
nub)calledtrustedagents(orTAs).TheTAscanimplementsophisticatedpoliciesand
authenticationmethods,wherethenub(andSCP)justimplementfairlysimpleprimitives.
ATAcanalsocommunicatewithuser-spaceprograms(atleast,thatwillbeafeatureof
Microsoft'snub;otherpeoplecanwritetheirownnubswhichcansupportdifferentkinds
ofTAsorevendowithoutTAsentirely).TheTAsareprotectedbyhardwarefromone
anotherandfromtherestofthesystem.
¢ EvenPCIDMAcan'treadorwritememorywhichhasbeenreservedtoanub'sorTA's
use(includingthenub'sorTA'scode).Thismemoryiscompletelyinaccessibleandcan
onlybeaccessedindirectlythroughAPIcalls.Thechipsetonthemotherboardis
modifiedtoenforcesthissortofrestriction.
¢ TheSCPprovidesafeaturecalled"sealedstorage"bymeansoftwoAPIcalls(called
SEALandUNSEAL).IfaTArunningonasystemintrustedmodewantstousesealed
storage,itcancallintotheAPIsimplementedinthenub.
¢ Sealedstorageisimplementedbymeansofencryption(sealing)ordecryption(unsealing)
withasymmetriccipherWhentheSCPisgivendatatoseal,it'sgiventwoarguments:the
dataitselfanda160-bit"nubidentifier"
¢ Sealingisperformedbyprependingthenubidentifiertothedatatobesealed,andthen
encryptingtheresultwithaprivatesymmetrickey--the"platform-specifickey",whichPage 22
MicrosoftPalladium
DivisionofComputerScience,SOE,CUSAT
16
variesfrommachinetomachineandissecret.ThatkeyiskeptwithintheSCPandisa
uniqueidentifierforthemachinewhichperformedthesealingoperation
¢ TheSCPactuallyalsoprependsarandom noncetothedatatobesealedbefore
encryption(anddiscardsthenonceupondecryption).Thisisacleverprivacyfeature
whichpreventssomeonefromcreatinganapplicationwhich"cookiesyou"byrecording
theoutputofsealinganemptystring(andthenusingtheresultasapersistentunique
identifierforyourmachine).Aprogramwhichtriedto"cookieyou"thiswaywouldfind
that,becauseoftherandom nonce,theresultofsealingagivenstringisconstantly
completelydifferent,andnousefulinformationabouttheidentityofthemachineis
revealedbythesealingoperation.
¢ Afterencryption,theSCPreturnstheencryptedresultasthereturn
valueoftheSEALoperation.
¢ WhenanSCPisgivenencrypteddatatoUNSEAL,itinternallyattemptstodecryptthe
encrypteddatausingitsplatform-specifickey.Thismeansthat,iftheencrypteddatawas
originallysealedonadifferentmachine,theUNSEALoperationwillfailoutright
immediately.(Youcan'ttakeasealedfileandtransferittoanothermachineandunsealit
there;becausetheplatform-specifickeyis
usedforencryptionanddecryption,andcan'tbeextractedfromtheSCP,youcanonly
UNSEALdataonthesamemachineonwhichitwasoriginallySEALed.)
¢ Ifthedecryptionissuccessful,theSCPperformsasecondcheck:itexaminesthenub
identifierwhichresideswithinthedecrypteddata.Thenubidentifierwasspecifiedatthe
timethedatawasoriginallySEALed,andindicateswhichnubisallowedtoreceivethe
decrypteddata.Ifthenubidentifierforthedecrypteddataisidenticaltothenubidentifier
whichiscurrentlystoredinthePCR(whichistheSHA-1hashofthecurrently-running
nubonthemachineatthemomentUNSEALwascalled),theUNSEALissuccessfuland
thedecrypteddataisreturnedtothecallingnub.However,ifthenubidentifierdoesnotPage 23
MicrosoftPalladium
DivisionofComputerScience,SOE,CUSAT
17
matchthecontentsofthePCR,theSCPconcludesthatthenubwhichiscurrentlyrunning
isnotentitledtoreceivethisdata,anddiscardsit.
¢ Thus,sealingisspecific to a physical machine andalsospecific to a nub.Datasealedon
onemachineforaparticularnubcannotbedecryptedonadifferentmachineorundera
differentnub.Anapplicationwhichtrustsaparticularnub(andisrunningunderthatnub)
cansealimportantsecretdataandthenstoretheresultingsealeddatasafelyonan
untrustedharddrive,orevensenditoveranetwork.
¢ Ifyourebootthemachineunderadebugger,thereisnotechnicalproblem,andyoucan
debugthesoftwarewhichcreatedtheencryptedfile.However,sinceyouaren'trunning
theproper(nodebugger-friendly)nub,thedebuggerwillwork,buttheUNSEALcall
won't.TheSCPwillreceivetheUNSEALcall,examinethePCR,andconcludethatthe
currently-runningnubisnotcleared(sotospeak)toreceivethesealeddata.Your
applicationscanonlydecryptsealeddataiftheyarerunningunder the same machine
andunder the same software environment withinwhichtheyoriginallysealedthatdata!
¢ Thisisremarkablyclever.Whenyouarerunningunderatrustednub,yourapplications
canusetheSCPtodecryptandprocessdata,butyoucan'trunsoftwarewhichsubvertsa
TA'spolicy(becausethenubwillnotpermitthepolicytobesubverted).
¢ Whenyouarenotrunningunderatrustednub,youcanrunsoftwarewhichsubvertsa
TA'spolicy(becausethenubisn'tabletopreventit),butyourapplicationswillno
longerbeabletodecryptanysealeddata,becausetheSCPwon'tbewillingtoperform
thedecryption.
¢ Thereisalongdiscussionofhowyoucanmakeabackup,orupgradeyoursystem,or
migrateyoursoftwareanddatatoanewsystem,etc.Thedefaultwithsealedstorageis
thatanysealeddatawillbeunusablewhenmigratedtoanewsystem.TheMicrosoftnub
provideswrappersaroundtheSCP'ssealingfeatureswhichallowthesoftwarewhichPage 24
MicrosoftPalladium
DivisionofComputerScience,SOE,CUSAT
18
performsthesealingoperationtospecifyamigrationpolicyatthetimethesealing
operationisoriginallyperformed.Themigrationpolicycanbe(approximately)oneofthe
following,atthesoftware'ssoleoption1)Migrationispreventedentirely,andthedata
mustdiewiththecurrentPCwhereitwascreated.(2)Migrationispermitteduponsome
kind
ofauthenticationbyalocaluser(e.g.apassword)whichwilldecryptorcommandthe
decryptionofdatatemporarilyinordertopermitittobemigrated.(3)Migrationis
permittedwiththeassistanceandconsentofa3rdparty.
¢ Palladium'smodificationstoinputandoutputhardwarewillpreventsoftwarefromdoing
certainkindsofmonitoringandspoofing,aswellas"screenscraping".Aprogramwill
beabletoaskPalladiumtodisplayadialogboxwhichcan'tbe"obscured"or"observed"
byothersoftware,andPalladiumhardwarecanenforcetheseconditions.Andthereisa
waytobesurethatinputiscomingfromaphysicalinputdeviceandnotspoofedby
anotherprogram.
¢ Thesecureoutputfeaturesalsopermit,e.g.,aDVDplayerprogramtopreventother
softwarefrommakingscreencaptures.TheinitialversionofPalladiumdoesnotcontrol
audiooutputinthisway,soyoucanstillrecordallsoundoutputviasomethinglike
TotalRecorder.
¢ Inprinciple,nubandkernelareindependent,soanon-Microsoftkernelcouldrunona
Microsoftnub,orviceversa.Patentandcopyrightissuesmightpreventthisfrombeing
doneinpractice,butitisapparentlytechnicallypossiblewithinthedesignofPalladium.
¢ Microsoft'snub,includingitssourcecode,willbepublishedforreviewbyanyonewho
wantstoexamineit,inordertoallow allofMicrosoft'sclaimsaboutitssecurity
propertiestobeverified.ThereisnopartofPalladium'sdesignorcodewhichneedsto
bekeptsecret,althougheachSCPwillcontainsecretcryptographickeysloadedatthe
timeofitsmanufacture.Microsoftwillencouragenon-MicrosoftpeopletoreadandPage 25
MicrosoftPalladium
DivisionofComputerScience,SOE,CUSAT
19
discussitsnub.Youwillalsobeabletocreateyourownnub,exceptthatchangingthe
nubwill(asdiscussedabove)preventpreviously-sealeddatafrombeingdecrypted.
¢ MicrosoftsuggeststhatPalladiumisflexibleenoughthatmanyentitiescoulduseitto
createtheirownpolicies,judgments,certificationservices,etc.Palladiumhasamore
robusttechnicalenforcementmechanismthaneitherofthosestandards.Page 26
MicrosoftPalladium
DivisionofComputerScience,SOE,CUSAT
20
3. COMPARISON OF TCPA AND PALLADIUM
TCPAstandsforËœTrustedComputingPlatformAllianceâ„¢,aninitiativeledby
Intel.TheirstatedgoalisaËœnewcomputingplatformforthenextcenturythatwillprovidefor
improvedtrustinthePCplatformâ„¢.Palladium isasoftwarethatMicrosoftsaysitplansto
incorporateinfutureversionsofWindows;itwillbuildontheTCPAhardwareandwilladd
somenewfeatures.
TheTCPAandPalladiumrelyontheadditiontothehardwareofnormalPCâ„¢s.
WhilePalladiumcallsformoreextensivechanges,the modificationsareremarkablysimilar.
Bothcallforanewchiptobeplacedonthemotherboardofallfuturecomputers.Thechipwould
includenewencryptionfunctionsaswellasasmallamountofmemorythatwouldactasa
digitalvaulttostoreimportantkeystodecryptprotecteddata.TheTCPAreferstothechipasthe
TrustedPlatformModule,asuccessortotheIntelâ„¢sprocessor.Microsoftreferstothehardware
componentsofPalladiumasSecureCryptographicCoprocessororSCP.Page 27
MicrosoftPalladium
DivisionofComputerScience,SOE,CUSAT
21
4. ADVANTAGES OF PALLADIUM
4.1BLOCKMALICIOUSCODE
OneofthemorepromisingaspectsthatPalladiumwillbringtoend-users
istheabilitytoauthenticatetheprogramstheyuse.Auserwillallowcertainapplications
accesstoresources.Originally,itwasthoughtthatPalladiumwouldnotpermitunauthorized
codetorunonasystem;thereforeitwouldstoptheexecutionofprogramslikeviruses.
Recently,however,MicrosofthasbackedofftheseclaimsaboutPalladium.Nowitsimply
claimsthatPalladiumwillprovideasecureexecutionenvironmentforanti-virusprograms
(MSPalladium TechnicalFAQ).Thebenefitofasecureenvironmentisthatvirusesand
othermaliciouscodecannotalterthebehaviorofaPalladium-enabledanti-virusprogram.
MicrosofthasdecidedthatlegacysupportforexistingWindowsapplicationsisimportant
enoughsoasnottorequireallprogramstoberewrittenforPalladium.Thismeansthat
existingprogramsandviruseswillstillrunonaPalladiumsystem.Theimpliedbenefitto
Palladium,asidefrom theaddedprotectionto anti-virusprograms,istheincreased
authenticationwithnewPalladiumenabledprograms.IfPalladiumproliferatesasMicrosoft
hopes,therewillcomeatimewhenlegacysupportwillnotbeimportantanymore,and
unauthorizedprogramswillnotberun.Itappearsasthoughthisisthefirststepontheway
tothatidea.
4.2DIGITALRIGHTMANAGEMENT
Thedigitalrightsmanagement(DRM)potentialwithaPalladiumsystem
iswhatcontentproducersanddistributorsareinterestedwith.Digitalrightsmanagementhas
todowithcontrollingwhomandhowlongcontentisdistributed.MicrosofttoutsPalladium
asbeingindependentofanyexistingDRM technologytoday(MSPalladium Technical
FAQ).Ontheotherhand,itacknowledgesthatPalladiumsystemsarebeingdesignedto
coincidewithDRMtechnologiestohelpcontentdevelopers(MSPalladiumTechnicalFAQ).
APalladiumsystemissupposedtomakeiteasierforindividualuserstoimplementDRMonPage 28
MicrosoftPalladium
DivisionofComputerScience,SOE,CUSAT
22
theirownpersonaldata. Forexample,ausermaysetupavaultcontainingcreditcard
information.Palladiumwouldallowtheusertosetupagroupoftrustedagentsthatwould
haveaccesstoallorcertainpartsofthatdata.Alongwithdata,Palladiumpromisestogive
userstheoptiontoregulatetimeintervalthatdataisavailabletothetrustedagentstheyhave
specified.Page 29
MicrosoftPalladium
DivisionofComputerScience,SOE,CUSAT
23
5. DISADVANTAGES OF PALLADIUM
5.1UPGRADES
InordertotakeadvantageofwhatPalladiumissupposedtooffer,users
willhavetoupgradeboththeircurrentoperatingsystemsandhardware.Thenextversionof
Windows,dueoutin2004,willneedhardwaresupportforPalladiumfeaturestoworkatall
(MSPalladiumTechnicalFAQ).ItisunclearatthispointwhetherthenextmajorWindows
releasewillrunonnon-Palladiumcompatiblehardware.Thecentralprocessingunitwill
havetosupportthetrustedexecutionmodethatPalladium offers.Itisclearthatfuture
motherboardswillneedtocontainthesecuritychipforPalladium torunproperly(MS
Palladium TechnicalFAQ). Moreupgradesmaybeofconcernintheareaofgraphic
hardwareandperipheralssuchaskeyboardsandmicebecauseoftheencryptioninbetween
thesehardwaredevicesandthesoftwaretheyareinteractingwith.
5.2INTEROPERABILITY
Palladiumhasreceivedwidecriticismforbeingaso-calledGeneralPublic
License(GPL)killer(Anderson).Now,MicrosoftclearlystatesthatthePalladium-enabled
operatingsystemwillbeabletoco-existwithanyLinuxbasedsystem,justastheiroperating
systemsdotoday.Thequestionthatcomestomindis,willthatchangewithwidespread
adoptionofthePalladiumarchitecture?Forexample,ifabankswitchesovertoexclusively
Palladiumsystems,wouldcustomersofthatbankwhodonâ„¢trunPalladiumsystemsbeable
tousethebankâ„¢sservices?PalladiumisnotadirectattackonGPLorLinuxbasedsystem,
butisanattempttochangetherulesofthenames.Page 30
MicrosoftPalladium
DivisionofComputerScience,SOE,CUSAT
24
5.3LEGACYPROGRAMS
ByMicrosoftâ„¢sownadmission,thePalladium-enabledoperatingsystemwill
nothaveperfectlegacysupport(MSPalladiumTechnicalFAQ).Allexistingdebuggerswill
needtobeupdatedinordertoworkunderPalladium. Performancetoolsthatmonitor
operatingsystemoruserprocesseswillneedtobeupdated.Anymemorydumpsoftware
willnotworkcorrectlywithoutchangestosupportPalladium. Hibernationfeaturesof
motherboardswillneedtobeupdatedaswell.Memoryscrubroutines,atthehardwarelevel,
willneedtoberewrittentoaccommodatePalladium.Thereasonforalloftheseupdatesis
thetrustedagentpolicythatPalladium enforces. Noprogram isallowedtoinvadethe
executionspaceforanyotherprogram. Inthecaseofadebugger,itwillneedspecial
permissionfromtheoperatingsystemtomonitortheexecutionspaceofthetargetprogram.
EvensoftwaredevelopedfortheTCPAspecificationwillneedtoberewrittenifittriesto
directlywritetoanyTCPAhardware.Thisdescriptionofincompatiblelegacyprogramsis
bynomeanscomprehensive;itissimplywhatMicrosoftisdisclosingatthistime(MS
PalladiumTechnicalFAQ).Page 31
MicrosoftPalladium
DivisionofComputerScience,SOE,CUSAT
25
6. CONCLUSION
Today,ITmanagersfacetremendouschallengesduetotheinherentopenness
ofend-usermachines,andmillionsofpeoplesimplyavoidsomeonlinetransactionsoutoffear.
However,withtheusageof"Palladium"systems,trustworthy,secureinteractionswillbecome
possible.Thistechnologywillprovidetoughersecuritydefensesandmoreabundantprivacy
benefitsthaneverbefore.With"Palladium,"userswillhaveunparalleledpoweroversystem
integrity,personalprivacyanddatasecurity.
Independentsoftwarevendors(ISVs)thatwanttheirapplicationstotake
advantageof"Palladium"benefitswillneedtowritecodespecificallyforthisnewenvironment.
Anewgenerationof"Palladium"-compatiblehardwareandperipheralswillneedtobedesigned
andbuilt.The"Palladium"developmentprocesswillrequireindustrywidecollaboration.Itcan
onlyworkwithbroadtrustandwidespreadacceptanceacrosstheindustry,businessesand
consumers.
"Palladium"isnotamagicbullet.Clearly,itsbenefitscanonlyberealizedif
industryleadersworkcollaborativelytobuild"Palladium"-compatibleapplicationsandsystems
-andthenonlyifpeoplechoosetousethem.Butthe"Palladium"visionendeavorstoprovide
thetrustworthinessnecessarytoenablebusinesses,governmentsandindividualstofullyembrace
theincreasingdigitizationoflife.
TheInternetandtheproliferationofdigitalcontenthavesparkedtheneedfor
moreprivacyandsecurityofdata.Theloomingquestionwheneveranyonetalksaboutsecurity
andprivacyis:forwhom?Palladiumcertainlygivesdigitalcontent 16providersthecontrol
overtheirproductthattheyhavewantedforalongtime.Inrecentmonths,Microsofthasclearly
emphasizedthebenefitsthatthemarriageofPalladium andDRM canbringtoend-users.
Microsoftclaimsthatuserswillhavecompletecontroloftheirpersonalinformation. The
Palladium-enabledoperatingsystemisnâ„¢tdueforatleastanotheryear.Itcouldtakemonthsafter
theinitialreleaseforanyonetofeelitseffects.Itisclear,however,thatwidespreadadoptionofPage 32
MicrosoftPalladium
DivisionofComputerScience,SOE,CUSAT
26
Palladiumwillfundamentallychangehowweusearepersonalcomputers.Thequestionis,will
thischangebeforthebetterortheworse?Page 33
MicrosoftPalladium
DivisionofComputerScience,SOE,CUSAT
27
7. REFERENCES
1. Anderson, R. TCPA / Palladium Frequently Asked Questions Version 1.0. July
2002. University of Cambridge Online. 5 Jan 2003
<http://cl.cam.ac.uk/users/rja14/tcpa-faq.html>.
2. Microsoft Palladium. 11 Nov. 2002. Electronic Privacy Information Center Online.
5 January 2003 <http://epicprivacy/consumer/microsoft/palladium.html>.
3. Boutin, Paul. Palladium: Safe or Security Flaw?. 12 Jul. 2002. Wired News
Online. 31 Jan 2003 <http://wirednews/antitrust/0,1551,53805,00.html>.
4. Hachman M., and Rupley S. Microsoft's Palladium: A New Security Initiative. 25
Jun. 2002. ExtremeTech Online. 5 Jan 2003