31-03-2011, 10:39 AM
presented by:
N.SRESHTA
N. PUJITHA
[attachment=11386]
ABSTRACT
“SECURITY” in this contemporary scenarios has become a more sensible issue either it may be in the “REAL WORLD” or in the “CYBER WORLD”. In the real world as opposed to the cyber world an attack is often preceded by information gathering. Movie gangsters “case the joint”; soldiers “scout the area”. This is also true in the cyber world. Here the “bad guys” are referred to as intruders, eavesdroppers, hackers, hijackers, etc. The intruders would first have a panoramic view of the victims network and then start digging the holes. Today the illicit activities of the hackers are growing by leaps and bounds, viz., “THE RECENT ATTACK ON THE DNS SERVERS HAS CAUSED A LOT OF HULLABALOO ALL OVER THE WORLD”. However, fortunately, the antagonists reacted promptly and resurrected the Internet world from the brink of prostration.
Since the inception of conglomerating Computers with Networks the consequence of which shrunk the communication world, hitherto, umpteen ilks of security breaches took their origin. Tersely quoting some security ditherers – Eavesdropping, Hacking, Hijacking, Mapping, Packet Sniffing, 1Spoofing, DoS & DDoS attacks, etc.
Newton’s law says “Every action has got an equal but opposite reaction”. So is the case with this. Nevertheless the security breaches and eavesdroppers, the technological prowess has been stupendously developed to defy against each of the assaults. Our paper covers the ADVANCED technical combats that have been devised all through the way, thus giving birth to the notion of “NETWORK SECURITY”. Various antidotes that are in fact inextricable with security issues are – Cryptography, Authentication, Integrity and Non Repudiation, Key Distribution and certification, Access control by implementing Firewalls etc.
To satiate the flaws in the network security more and more advanced security notions are being devised day by day. Our paper covers a wide perspective of such arenas where the contemporary cyber world is revolving around viz., THE DMZ ZONE, PALLADIUM CRYPTOGRAPHY, IP Sec
Palladium is a content protection concept that has spawned from the belief that the PC, as it currently stands, is not architecturally equipped to protect a user from the pitfalls and challenges that an all-pervasive network such as the Internet poses. In the course of this paper the revolutionary aspects of palladium are discussed in detail.
A case study to restructure the present data security system of JNTU examination system using palladium is put forward.
PREFATORY REMARKS
Network security is indeed the crux of discussion amongst all computer enthusiasts and it has also become a major concern in boardrooms across the globe. Companies have started taking computer security very seriously and now have dedicated technical teams who maintain and secure the company’s sensitive information round the clock. “Most computer criminals thrive not on knowledge but instead blossom due to ignorance on the part of system administrators”.
In an age where the unprecedented increase in the number of people entering the field of computer security has divided the earlier solitary enemy (computer criminals) into a number of more specific, entirely distinct, disgruntled employees, etc., it has now become imperative for every one to be proficient in the art of “Hacker Profiling”.
Palladium is the code name for a revolutionary set of “features” for the “windows” operating system. The code name of this initiative –“palladium”, is a moniker drawn from the Greek mythological goddess of wisdom and protector of civilized life.
Hardware changes incorporated by palladium are reflected in the key components of the CPU, a motherboard chip (cryptographic co-processor), input and output components such as the graphics processor etc.When combined with a new breed of hardware and applications, these “features” will give individuals and groups of users greater data security,personal privacy, and system integrity. In addition, palladium will offer enterprise consumers significant new benefits for network security and content protection.
Core principles of the palladium initiative:
Palladium is not a separate operating system. It is based in architectural enhancements to the windows kernel and to computer hardware, including the CPU, peripherals and chipsets, to create a new trusted execution subsystem.(see figure 1).
Palladium will not eliminate any features of windows that users have come to rely on; everything that runs today will continue to run with palladium.
It is important to note that while today’s applications and devices will continue to work in “palladium”, they will gain little to no benefit from “palladium” environment or new applications must be written.
In addition, palladium does not change what can be programmed or run on the computing platform. Palladium will operate with any program the user specifies while maintaining security.
ASPECTS OF PALLADIUM
Palladium comprises two key components: hardware and software.
Hardware components
The protected operating environment provides the following basic mechanisms:
Trusted space (or curtained memory). This is an execution space that is protected form external software attacks such as a virus.
Sealed storage. Sealed storage is an authenticated mechanism that allows a program to store secrets that cannot be retrieved by untrusted programs such as a virus or Trojan horse. Information in sealed storage can’t be read by other un -trusted programs these stored secrets can be tied to the machine, the nexus of the application. Palladium will also provide mechanisms for the safe and controlled backup and migration of secrets to other machines. In other words it is a secured and encrypted part of the hard disk.
Secure input and output. A secure path from the keyboard and mouse to palladium applications and a secure path from palladium applications to the screen ensure input-output security.
Attestation. Attestation is a mechanism that allows the user to reveal selected characteristics of the operating environment to external requestors. In reality it takes the form of an encryption co-processor. It is entrusted with the job of encryption and decryption of data “to and from” the “sealed storage”.
These basic mechanisms provide a platform for building distributed trusted software.
Software components.
The following are the software components of palladium:
Nexus (a technology formerly referred to as the “trusted operating root (TOR)”) This component manages trust functionality for palladium user-mode processes (agents). The nexus executes in kernel mode in the trusted space. It provides basic services to trusted agents, such as the establishment of the process mechanisms for communicating with trusted agents and other applications, and special trust services such as attestation of requests and the sealing and unsealing of secrets.
Trusted agents. A trusted agent is a program or a service that runs in user mode in the trusted space. A trusted agent calls the nexus for security-related services and critical general services such as memory management. A trusted agent is able to store secrets using sealed storage and authenticates itself using the attestation services of the nexus. One of the main principles of trusted agents is that they can be trusted or not trusted by multiple entities, such as the user, an IT department, a merchant or a vendor.
Together, the nexus and trusted agents provide the following features:
Trusted data storage, encryption services for applications to ensure data integrity and protection.
Authenticated boot, facilities to enable hardware and software to authenticate itself.
WORKING OF PALLADIUM:
Palladium is a new hardware and software architecture. This architecture will include a new security computing chip and design changes to a computer’s central processing unit (CPU), chipsets, and peripheral devices, such as keyboards and printers. It also will enable applications and components of these applications to run in a protected memory space that is highly resistant to tempering and interference.
PROTECTION USING PALLADIUM:
Palladium prevents identity theft and unauthorized access to personal data on the user’s device while on the internet and on other networks. Transactions and processes are verifiable and reliable through the attestable hardware and software architecture and they cannot be imitated.
With palladium, a system’s secrets are locked in the computer and are only revealed on terms that the user has specified. In addition, the trusted user interface prevents snooping and impersonation. The user controls what is revealed and can separate categories of data on a single computer into distinct realms. Like a set of vaults, realms provide the assurance of reparability. With distinct identifiers, policies and categories of data for each, realms allow a user to have a locked-down work environment and fully open surfing environment at the same time, on the same computer.
Finally, the “ palladium” architecture will enable a new class of identity service providers that can potentially offer users choices for how their identities are represented in online transactions. These service providers can also ensure that the user is in control of policies for how personal information is revealed to others. In addition, palladium will allow users to employ identity service providers of their own choice.
Allowing multiple parties to independently evaluate and certify “palladium” capable systems means that users will be able to obtain verification of the system’s operation from organizations that they trust. In addition, this will form the basis for a strong business incentive to preserve and enhance privacy and security. Moreover, palladium allows any number of trusted internal or external entities to interact with a trusted component or trusted platform.
SHORTCOMINGS AND PIT FALLS OF PALLADIUM:
Though palladium can provide a higher degree of much needed data security it is not without its share of problems like:
1. Software and applications have to be rewritten to synchronize with palladium or new applications must be written.
2. Changes are to be made to the existing computer hardware to support palladium.
3. It would be a long time before this technology became commonplace.
N.SRESHTA
N. PUJITHA
[attachment=11386]
ABSTRACT
“SECURITY” in this contemporary scenarios has become a more sensible issue either it may be in the “REAL WORLD” or in the “CYBER WORLD”. In the real world as opposed to the cyber world an attack is often preceded by information gathering. Movie gangsters “case the joint”; soldiers “scout the area”. This is also true in the cyber world. Here the “bad guys” are referred to as intruders, eavesdroppers, hackers, hijackers, etc. The intruders would first have a panoramic view of the victims network and then start digging the holes. Today the illicit activities of the hackers are growing by leaps and bounds, viz., “THE RECENT ATTACK ON THE DNS SERVERS HAS CAUSED A LOT OF HULLABALOO ALL OVER THE WORLD”. However, fortunately, the antagonists reacted promptly and resurrected the Internet world from the brink of prostration.
Since the inception of conglomerating Computers with Networks the consequence of which shrunk the communication world, hitherto, umpteen ilks of security breaches took their origin. Tersely quoting some security ditherers – Eavesdropping, Hacking, Hijacking, Mapping, Packet Sniffing, 1Spoofing, DoS & DDoS attacks, etc.
Newton’s law says “Every action has got an equal but opposite reaction”. So is the case with this. Nevertheless the security breaches and eavesdroppers, the technological prowess has been stupendously developed to defy against each of the assaults. Our paper covers the ADVANCED technical combats that have been devised all through the way, thus giving birth to the notion of “NETWORK SECURITY”. Various antidotes that are in fact inextricable with security issues are – Cryptography, Authentication, Integrity and Non Repudiation, Key Distribution and certification, Access control by implementing Firewalls etc.
To satiate the flaws in the network security more and more advanced security notions are being devised day by day. Our paper covers a wide perspective of such arenas where the contemporary cyber world is revolving around viz., THE DMZ ZONE, PALLADIUM CRYPTOGRAPHY, IP Sec
Palladium is a content protection concept that has spawned from the belief that the PC, as it currently stands, is not architecturally equipped to protect a user from the pitfalls and challenges that an all-pervasive network such as the Internet poses. In the course of this paper the revolutionary aspects of palladium are discussed in detail.
A case study to restructure the present data security system of JNTU examination system using palladium is put forward.
PREFATORY REMARKS
Network security is indeed the crux of discussion amongst all computer enthusiasts and it has also become a major concern in boardrooms across the globe. Companies have started taking computer security very seriously and now have dedicated technical teams who maintain and secure the company’s sensitive information round the clock. “Most computer criminals thrive not on knowledge but instead blossom due to ignorance on the part of system administrators”.
In an age where the unprecedented increase in the number of people entering the field of computer security has divided the earlier solitary enemy (computer criminals) into a number of more specific, entirely distinct, disgruntled employees, etc., it has now become imperative for every one to be proficient in the art of “Hacker Profiling”.
Palladium is the code name for a revolutionary set of “features” for the “windows” operating system. The code name of this initiative –“palladium”, is a moniker drawn from the Greek mythological goddess of wisdom and protector of civilized life.
Hardware changes incorporated by palladium are reflected in the key components of the CPU, a motherboard chip (cryptographic co-processor), input and output components such as the graphics processor etc.When combined with a new breed of hardware and applications, these “features” will give individuals and groups of users greater data security,personal privacy, and system integrity. In addition, palladium will offer enterprise consumers significant new benefits for network security and content protection.
Core principles of the palladium initiative:
Palladium is not a separate operating system. It is based in architectural enhancements to the windows kernel and to computer hardware, including the CPU, peripherals and chipsets, to create a new trusted execution subsystem.(see figure 1).
Palladium will not eliminate any features of windows that users have come to rely on; everything that runs today will continue to run with palladium.
It is important to note that while today’s applications and devices will continue to work in “palladium”, they will gain little to no benefit from “palladium” environment or new applications must be written.
In addition, palladium does not change what can be programmed or run on the computing platform. Palladium will operate with any program the user specifies while maintaining security.
ASPECTS OF PALLADIUM
Palladium comprises two key components: hardware and software.
Hardware components
The protected operating environment provides the following basic mechanisms:
Trusted space (or curtained memory). This is an execution space that is protected form external software attacks such as a virus.
Sealed storage. Sealed storage is an authenticated mechanism that allows a program to store secrets that cannot be retrieved by untrusted programs such as a virus or Trojan horse. Information in sealed storage can’t be read by other un -trusted programs these stored secrets can be tied to the machine, the nexus of the application. Palladium will also provide mechanisms for the safe and controlled backup and migration of secrets to other machines. In other words it is a secured and encrypted part of the hard disk.
Secure input and output. A secure path from the keyboard and mouse to palladium applications and a secure path from palladium applications to the screen ensure input-output security.
Attestation. Attestation is a mechanism that allows the user to reveal selected characteristics of the operating environment to external requestors. In reality it takes the form of an encryption co-processor. It is entrusted with the job of encryption and decryption of data “to and from” the “sealed storage”.
These basic mechanisms provide a platform for building distributed trusted software.
Software components.
The following are the software components of palladium:
Nexus (a technology formerly referred to as the “trusted operating root (TOR)”) This component manages trust functionality for palladium user-mode processes (agents). The nexus executes in kernel mode in the trusted space. It provides basic services to trusted agents, such as the establishment of the process mechanisms for communicating with trusted agents and other applications, and special trust services such as attestation of requests and the sealing and unsealing of secrets.
Trusted agents. A trusted agent is a program or a service that runs in user mode in the trusted space. A trusted agent calls the nexus for security-related services and critical general services such as memory management. A trusted agent is able to store secrets using sealed storage and authenticates itself using the attestation services of the nexus. One of the main principles of trusted agents is that they can be trusted or not trusted by multiple entities, such as the user, an IT department, a merchant or a vendor.
Together, the nexus and trusted agents provide the following features:
Trusted data storage, encryption services for applications to ensure data integrity and protection.
Authenticated boot, facilities to enable hardware and software to authenticate itself.
WORKING OF PALLADIUM:
Palladium is a new hardware and software architecture. This architecture will include a new security computing chip and design changes to a computer’s central processing unit (CPU), chipsets, and peripheral devices, such as keyboards and printers. It also will enable applications and components of these applications to run in a protected memory space that is highly resistant to tempering and interference.
PROTECTION USING PALLADIUM:
Palladium prevents identity theft and unauthorized access to personal data on the user’s device while on the internet and on other networks. Transactions and processes are verifiable and reliable through the attestable hardware and software architecture and they cannot be imitated.
With palladium, a system’s secrets are locked in the computer and are only revealed on terms that the user has specified. In addition, the trusted user interface prevents snooping and impersonation. The user controls what is revealed and can separate categories of data on a single computer into distinct realms. Like a set of vaults, realms provide the assurance of reparability. With distinct identifiers, policies and categories of data for each, realms allow a user to have a locked-down work environment and fully open surfing environment at the same time, on the same computer.
Finally, the “ palladium” architecture will enable a new class of identity service providers that can potentially offer users choices for how their identities are represented in online transactions. These service providers can also ensure that the user is in control of policies for how personal information is revealed to others. In addition, palladium will allow users to employ identity service providers of their own choice.
Allowing multiple parties to independently evaluate and certify “palladium” capable systems means that users will be able to obtain verification of the system’s operation from organizations that they trust. In addition, this will form the basis for a strong business incentive to preserve and enhance privacy and security. Moreover, palladium allows any number of trusted internal or external entities to interact with a trusted component or trusted platform.
SHORTCOMINGS AND PIT FALLS OF PALLADIUM:
Though palladium can provide a higher degree of much needed data security it is not without its share of problems like:
1. Software and applications have to be rewritten to synchronize with palladium or new applications must be written.
2. Changes are to be made to the existing computer hardware to support palladium.
3. It would be a long time before this technology became commonplace.
