ms palladium
TRANSCRIPT
ABSTRACT
As we tend towards a more and more computer centric world, the concept of data
security has attained a paramount importance. Though present day security systems offer a
good level of protection, they are incapable of providing a “trust worthy” environment and
are vulnerable to unexpected attacks. Palladium is a content protection concept that has
spawned from the belief that the pc, as it currently stands, is not architecturally equipped to
protect a user forms the pitfalls and challenges that an all-pervasive network such as the
Internet poses.
As a drastic change in pc hardware is not feasible largely due to economic reasons,
palladium hopes to introduce a minimal change in this front. A paradigm shift is awaited in
this scenario with the advent of usage of palladium, thus making content protection a shared
concern of both software and hardware. In the course of this paper the revolutionary aspects
of palladium are discussed in detail.
The Next-Generation Secure Computing Base (NGSCB), formerly known as
Palladium, is a software architecture designed by Microsoft which is expected to implement
"Trusted Computing" concept on future versions of the Microsoft Windows operating
system. Palladium is part of Microsoft's Trustworthy Computing initiative. Microsoft's
stated aim for palladium is to increase the security and privacy of computer users. Palladium
involves a new breed of hardware and applications in along with the architecture of the
Windows operating system. Designed to work side-by-side with the existing functionality of
Windows, this significant evolution of the personal computer platform will introduce a level
of security that meets the rising customer requirements for data protection, integrity and
distributed collaboration. It's designed to give people greater security, personal privacy and
system integrity.
1Microsoft Palladium
CONTENTS
SNO CONTENTS PG.NO
1. INTRODUCTION---------------------------------------------------------------------------------03
1.1 WORKING OF PALLADIUM------------------------------------------------------------------05
2. FEATURES OF PALLADIUM ----------------------------------------------------------------06
3. COMPONENTS OF PALLADIUM-----------------------------------------------------------13
3.1. HARDWARE COMPONENTS----------------------------------------------------------------13
3.1.1. TRUSTED SPACE ----------------------------------------------------------------------------13
3.1.2. SEALED STORAGE--------------------------------------------------------------------------13
3.1.3. ATTESTATION -------------------------------------------------------------------------------14
3.2. SOFTWARE COMPONENTS -----------------------------------------------------------------14
3.2.1. NEXUS ------------------------------------------------------------------------------------------14
3.2.2. TRUSTED AGENT----------------------------------------------------------------------------14
4. COMPARISON OF TCPA AND PALLADIUM -------------------------------------------22
5. ADVANTAGES OF PALLADIUM -----------------------------------------------------------23
5.1. BLOCK MALICIOUS CODE ------------------------------------------------------------------23
5.2. DIGITAL RIGHT MANAGEMENT ----------------------------------------------------------23
6. DISADVANTAGES OF PALLADIUM ------------------------------------------------------25
6.1. UPGRADES --------------------------------------------------------------------------------------25
6.2. INTEROPERABILITY -------------------------------------------------------------------------25
6.3. LEGACY PROGRAMS ------------------------------------------------------------------------26
7. CONCLUSION ------------------------------------------------------------------------------------27
8. REFERENCES ------------------------------------------------------------------------------------28
2Microsoft Palladium
1. INTRODUCTION
The Next-Generation Secure Computing Base (NGSCB), formerly known as
Palladium, is a software architecture designed by Microsoft which is expected to
implement"Trusted Computing" concept on future versions of the Microsoft Windows
operating system. Palladium is part of Microsoft's Trustworthy Computing initiative.
Microsoft's stated aim for palladium is to increase the security and privacy of computer
users. Palladium involves a new breed of hardware and applications in along with the
architecture of the Windows operating system. Designed to work side-by-side with the
existing functionality of Windows, this significant evolution of the personal computer
platform will introduce a level of security that meets the rising customer requirements for
data protection, integrity and distributed collaboration. It's designed to give people greater
security, personal privacy and system integrity. Internet security is also provided by
palladium such as protecting data from virus and hacking of data In addition to new core
components in Windows that will move the Palladium effort forward, Microsoft is working
with hardware partners to build Palladium components and features into their products. The
new hardware architecture involves some changes to CPUs which are significant from a
functional perspective. There will also be a new piece of hardware called for by Palladium
that you might refer to as a security chip. It will provide a set of cryptographic functions and
keys that are central to what we're doing. There are also some associated changes under the
chipset, and the graphics and I/O system through the USB port—all designed to create a
comprehensive security environment. "Palladium" is the code name for an evolutionary set
of features for the Microsoft Windows operating system. When combined with a new breed
of hardware and applications,
"Palladium" gives individuals and groups of user’s greater data security, personal
privacy and system integrity. Designed to work side-by-side with the existing functionality
of Windows, this significant evolution of the personal computer platform will introduce a
level of security that meets the rising customer requirements for data protection, integrity
and distributed collaboration.
3Microsoft Palladium
Users implicitly trust their computers with more of their valuable data every day.
They also trust their computers to perform more and more important financial, legal and
other transactions. Palladium provides a solid basis for this trust: a foundation on which
privacy- and security-sensitive software can be built.
There are many reasons why "Palladium" will be of advantage to users. Among these
are enhanced, practical user control; the emergence of new server/service models; and
potentially new peer-to-peer or fully peer-distributed service models. The fundamental
benefits of "Palladium" fall into three chief categories: greater system integrity, superior
personal privacy and enhanced data security. These categories are illustrated in Fig 1.1
Fig 1.1 Palladium enabled system
4Microsoft Palladium
Today's personal computing environment has advanced in terms of security and
privacy, while maintaining a significant amount of backward compatibility. However, the
evolution of a shared, open network (the Internet) has created new problems and
requirements for trustworthy computing. As the personal computer grows more central to
our lives at home, work and school, consumers and business customers alike are
increasingly aware of privacy and security issues.
Now, the pressure is on for industry leaders to take the following actions:
Build solutions that will meet the pressing need for reliability and integrity.
Make improvements to the personal computer such that it can more fully reach its
potential and enable a wider range of opportunities.
Give customers and content providers a new level of confidence in the computer
experience.
Continue to support backward compatibility with existing software and user
knowledge that exists with Windows systems today.
Together, industry leaders must address these critical issues to meet the mounting
demand for trusted computing while preserving the open and rich character of current
computer functionality.
1.1 WORKING OF PALLADIUM
Palladium is a new hardware and software architecture. This architecture will include
a new security computing chip and design changes to a computer’s central processing unit
(CPU), chipsets, and peripheral devices, such as keyboards and printers. It also will enable
applications and components of these applications to run in a protected memory space that is
highly resistant to tempering and interference. The pc-specific secret coding within
palladium makes stolen files useless on other machines as they are physically and
cryptographically locked within the hardware of the machine. This means software attacks
can’t expose these secrets. Even if a sophisticated hardware attack were to get at them, these
core system secrets would only be applicable to the data within a single computer and could
not be used on other computes
5Microsoft Palladium
2. FEATURES OF PALLADIUM
Development of "Palladium" is guided by important business and Technical
imperatives and assumptions. Among these are the following:
A "Palladium"-enhanced computer must continue to run any existing applications and
device drivers.
"Palladium" is not a separate operating system. It is based on architectural
enhancements to the Windows kernel and to computer hardware, including the CPU,
peripherals and chipsets, to create a new trusted execution subsystem (see Fig 1).
"Palladium" will not eliminate any features of Windows that users have come to rely
on; everything that runs today will continue to run with "Palladium." In addition,
“Palladium" does not change what can be programmed or run on the computing platform; it
simply changes what can be believed about programs, and the durability of those beliefs.
Moreover, "Palladium" will operate with any program the user specifies while maintaining
security.
"Palladium"-based systems must provide the means to protect user privacy better than
any operating system does today.
"Palladium" prevents identity theft and unauthorized access to personal data on the
user's device while on the Internet and on other networks. Transactions and processes are
verifiable and reliable (through the attestable hardware and software architecture described
below), and they cannot be imitated.
With "Palladium," a system's secrets are locked in the computer and are only
revealed on terms that the user has specified. In addition, the trusted user interface prevents
snooping and impersonation. The user controls what is revealed and can separate categories
of data on a single computer into distinct realms.
6Microsoft Palladium
Finally, the "Palladium" architecture will enable a new class of identity service
providers that can potentially offer users choices for how their identities are represented in
online transactions. These service providers can also ensure that the user is in control of
policies for how personal information is revealed to others. In addition, "Palladium" will
allow users to employ identity service providers of their own choosing.
"Palladium" will not require digital rights management technology, and DRM will not
require "Palladium."
Digital rights management (DRM) is an important, emerging technology that many
believe will be central to the digital economy of the future. As a means of defining rules and
setting policies that enhance the integrity and trust of digital content consumption, DRM is
vital for a wide range of content-protection uses. Some examples of DRM are the protection
of valuable intellectual property, trusted e-mail and persistent protection of corporate
documents.
While DRM and "Palladium" are both supportive of Trustworthy Computing,
neither is absolutely required for the other to work. DRM can be deployed on
non-"Palladium" machines and "Palladium" can provide users with benefits independent of
DRM. They are separate technologies. That said, the current software-based DRM
technologies can be rendered stronger when deployed on "Palladium"-based computers.
User information is not a requirement for "Palladium" to work.
"Palladium" authenticates software and hardware, not users. "Palladium" is about
platform integrity, and enables users - whether in a corporate or home setting - to take
advantage of system trustworthiness to establish multiple, separate identities, each to suit
specific needs.
7Microsoft Palladium
For example, an employee logs onto the corporate network from home. A trusted
gateway server at the corporate network mediates the remote access connection, allowing
only trusted applications to access the network. This ensures that the network is protected
against infection from attacks by viruses that the home user might have received through
personal e-mail. Once connected, the employee can use Remote Desktop to access the
computer at the office or save a file back to the corporate server by using locally active
Trusted Agents and sealed storage (see below) on the client.
With this technology, the corporate network is protected, while the individual can
also be confident that the company is not using the remote connection as an opportunity to
snoop into the contents of the user's home computer.
"Palladium" will enable closed spheres of trust.
A closed sphere of trust binds data or a service to both a set of users (logon) and to a
set of acceptable applications. As shown in Fig 2.2, the nexus (formerly referred to as the
Trusted Operating Root, or TOR) does not simply open the vault; the nexus will open only a
particular vault, and only for a small list of applications.
Palladium is based on the concept of trusted space. A closed sphere of trust binds
data or a service, to both a set of users and to a set of acceptable applications. Due to this an
unauthorized user cannot access the data or software which is based on a server. For
example in the revised system the encrypted question papers are put up on the J.N.T.U’s
palladium based server and all the affiliate colleges use college-specific palladium
computers. It works as follows:
A third party trusted agent (government or private programmed) is employed who is
responsible for granting of access to JNTU examination server. It processes the
requests and forwards only those certified by the “nexus” of the JNTU’s palladium
based server.
If an unauthorized system (without palladium) forwards a request it is immediately
rejected by the server’s trusted agent. Even if an unauthorized palladium PC tries to
access the server its request is rejected.
8Microsoft Palladium
The PC-specific secret coding within palladium makes stolen files useless on other
machines as they are physically and cryptographically locked within the hardware of
the server or trusted computer.
During examinations the palladium computer of the college issues a request to the
common trusted agent (of JNTU and college) via internet. This request is granted
and each-particular question paper pertaining to that day is accessed by the college.
Palladium with closed spheres of trust
Fig 2.1
9Microsoft Palladium
"Palladium" is an opt-in system.
"Palladium" is entirely an opt-in solution; systems will ship with the "Palladium"
hardware and software features turned off. The user of the system can choose to simply stay
with this default setting, leaving all "Palladium"-related capabilities (hardware and software)
disabled. Palladium must be highly resistant to software attacks (such as Trojan horse
viruses), and must provide users with the integrity of a protected, end-to-end system across
networks.
Palladium as an opt-in system
Fig 2.2
10Microsoft Palladium
Palladium provides a trusted processing environment. Trusted code runs in memory
that is physically isolated, protected, and inaccessible to the rest of the system, making it
inherently impervious to viruses, spy-ware, or other software attacks. With respect to
viruses, the contribution from Palladium is fairly straightforward. Since Palladium does not
interfere with the operation of any program running in the regular Windows environment,
everything, including the native OS and viruses, runs there as it does today. So antivirus
monitoring and detection software in Windows will still be needed.
However, Palladium does provide antivirus software with a secure execution
environment that cannot be corrupted by infected code, so an antivirus program built on top
of a Palladium application could guarantee that it hasn't been corrupted. This grounding of
the antivirus software allows it to bootstrap itself into a guaranteed execution state,
something it can't do today.
One of the key Palladium building blocks is "authenticated operation". If a banking
application is to be trusted to perform an action, it is important that the banking application
has not been subverted. It is also important that banking data can only be accessed by
applications that have been identified as trusted to read that data. "Palladium" systems
provide this capability through a mechanism called sealed storage.
Another capability provided by authenticated operation is attestation. "Palladium"
will allow a bank to accept only transactions initiated by the user and that are not viruses or
other unknown machines on the Internet. Because "Palladium" software and hardware is
cryptographically verifiable to the user and to other computers, programs and services, the
system can verify that other computers and processes are trustworthy before engaging them
or sharing information. Users therefore can be confident that their intentions are properly
represented and carried out, as illustrated in Figure 3. Moreover, the source code for the
operating system's critical nexus will be published and validated by third parties.
11Microsoft Palladium
Finally, interaction with the computer itself is trusted. "Palladium"-specific
hardware provides a protected pathway from keyboard to monitor, and keystrokes cannot be
snooped or spoofed, even by malicious device drivers.
"Palladium" data security features will make a Windows-based device a trustworthy
environment for any data.
The "Palladium" system is architected with security and integrity as its primary
design goals. Trusted code cannot be observed or modified when running in the trusted
execution space. Files are encrypted with machine-specific secrets, making them useless if
stolen or surreptitiously copied. In addition, machine-specific system secrets are physically
and cryptographically locked (the machine's private key is embedded in hardware and never
exposed), and the trusted hardware architecture prevents snooping, spoofing and data
interception. Core system secrets are stored in hardware, where no software attack can
reveal them. Even if exposed by a sophisticated hardware attack, the core system secrets are
only applicable to data on the compromised system and cannot be used to develop widely
deployable hacks. Finally, a compromised system can likely be spotted by IT managers,
service providers and other systems, and then excluded.
A "Palladium" system will be open at all levels.
"Palladium" hardware will run any nexus. Some platforms may allow a user to
restrict the nexuses that are allowed to run, but the user will still be in full control of this
policy. The "Palladium" TOR will also run trusted agents from any publisher. Again, the
user may choose to restrict the trusted agents that run on the system, but the user will remain
in full control of this policy. The "Palladium" nexus will work with any network service
provider of the user's choosing.
12Microsoft Palladium
3. COMPONENTS OF PALLADIUM
"Palladium" comprises two key components:
3.1. Hardware Components
3.2 Software Components
3.1 HARDWARE COMPONENTS
Engineered for ensuring the protected execution of applications and processes, the
protected operating environment provides the following basic mechanisms:
3.1.1 TRUSTED SPACE:-
The execution space is protected from external software attacks such as a virus.
Trusted space is set up and maintained by the nexus and has access to various services
provided by "Palladium," such as sealed storage.
3.1.2 SEALED STORAGE:-
Sealed storage is an authenticated mechanism that allows a program to store secrets
that cannot be retrieved by nontrusted programs such as a virus or Trojan horse. Information
in sealed storage cannot be read by other nontrusted programs. (Sealed storage cannot be
read by unauthorized secure programs, for that matter, and cannot be read even if another
operating system is booted or the disk is carried to another machine.) These stored secrets
can be tied to the machine, the nexus or the application. Microsoft will also provide
mechanisms for the safe and controlled backup and migration of secrets to other machines.
13Microsoft Palladium
3.1.3 ATTESTATION:-
Attestation is a mechanism that allows the user to reveal selected characteristics of
the operating environment to external requestors. For example, attestation can be used to
verify that the computer is running a valid version of "Palladium."
3.2 SOFTWARE COMPONENTS
The platform implements these trusted primitives in an open, programmable way to
third parties. The platform consists of the following elements:
3.2.1 NEXUS: -
The component in Microsoft Windows that manages trust functionality for
"Palladium" user-mode processes (agents). The nexus executes in kernel mode in the trusted
space. It provides basic services to trusted agents, such as the establishment of the process
mechanisms for communicating with trusted agents and other applications, and special trust
services such as attestation of requests and the sealing and unsealing of secrets (a technology
formerly referred as Trusted Operating Root (TOR)).
3.2.2 TRUSTED AGENT: -
A trusted agent is a program, a part of a program, or a service that runs in user mode
in the trusted space. A trusted agent calls the nexus for security related services and critical
general services such as memory management. A trusted agent is able to store secrets using
sealed storage and authenticates itself using the attestation services of the nexus. One of the
main principles of trusted agents is that they can be trusted or not trusted by multiple
entities, such as the user, an IT department, a merchant or a vendor. Each trusted agent or
entity controls its own sphere of trust, and they need not trust or rely on each other.
Together, the nexus and trusted agents provide the following features:
14Microsoft Palladium
Trusted data storage, encryption services for applications to ensure data integrity and
protection.
Authenticated boot, facilities to enable hardware and software to authenticate itself
From the perspective of privacy (and anti-virus protection); one of the key benefits
of "Palladium" is the ability for users to effectively delegate certification of code. Anyone
can certify "Palladium" hardware or software, and it is expected that many companies and
organizations will offer this service. Allowing multiple parties to independently evaluate and
certify "Palladium"-capable systems means that users will be able to obtain verification of
the system's operation from organizations that they trust. In addition, this will form the basis
for a strong business incentive to preserve and enhance privacy and security. Moreover,
"Palladium" allows any number of trusted internal or external entities to interact with a
trusted component or trusted platform. The initial version of Palladium will require changes
to five parts of the PC's hardware. Changes will be required to the CPU, the chipset (on the
motherboard), the input devices (e.g. keyboard), and the video output devices (graphics
processor). In addition, a new component must be added: a tamper-resistant secure
cryptographic co-processor, which Microsoft calls SCP or SPP.
Although the SCP is tamper-resistant, it is likely that a skilled attacker with physical
access to the inside of a Palladium PC can still compromise it or subvert its policies
in some way.
So it is possible that an attacker with physical access can still compromise the
system, even though the SCP is meant to be tamper-resistant, partly because other
components (like RAM) are less robust against modification. Palladium primarily
defends effectively against two classes of attacks: (1) remote network mounted
attacks (buffer overflows and other programming flaws, malicious mobile code,
etc.), because even if some malicious code is installed in one part of the system, it
still can't effectively subvert the policy of another part of the system, and (2) local
15Microsoft Palladium
software-based attacks, including things like using a debugger to try to read a
program's internal state while it's executing or to try to subvert its policy. Thus,
Palladium can probably guarantee that you can't write or download any software
(and nobody else can write or upload to you any software) which would compromise
the policy of software running locally which is making use of Palladium trust
features.
Palladium's changes to the CPU allow it to be placed into a new mode where certain
areas of memory are restricted via a technique called "code curtaining" to an ultra
privileged piece of code called the "nub" or "TOR". ("Nub" is the Palladium team's
term for this code, and "TOR", for "Trusted Operating Root", is the official public
term.) The nub is a kind of trusted memory manager, which runs with more privilege
than an operating system kernel. The nub also manages access to the SCP.
The SCP is an 8-bit tamper-resistant cryptographic smart-card which contains unique
keys, including public key pairs (2048-bit RSA), and symmetric keys for AES in
CBC mode. These keys are unique per machine and the SCP does not reveal them to
anything outside the SCP's security perimeter. It also contains a variety of other
cryptographic functionality, including SHA-1, RSA, AES, and other cipher
implementations, a small amount of memory, and a monotone counter. The SCP can
do a number of cryptographic protocols. It also contains a thing called a PCR. (I
think that stands for "platform configuration register".)
When you want to start a Palladium PC in trusted mode (note that it doesn't have to
start in trusted mode, and, from what Microsoft said, it sounds like you could even
imagine booting the same OS in either trusted or untrusted mode, based on a user's
choice at boot time), the system hardware performs what's called an "authenticated
boot", in which the system is placed in a known state and a nub is loaded. A hash (I
think it's SHA-1) is taken of the nub which was just loaded, and the 160-bit hash is
stored unalterably in the PCR, and remains there for as long as the system continues
to operate in trusted mode. Then the operating system kernel can boot, but the key to
16Microsoft Palladium
the trust in the system is the authentication of the nub. As long as the system is up,
the SCP knows exactly which nub is currently running; because of the way the CPU
works, it is not possible for any other software to modify the nub or its memory or
subvert the nub's policies. The nub is in some sense in charge of the system at a low
level, but it doesn't usually do things which other software would notice unless it's
asked to.
The nub interfaces with other software on the system by means of programs (outside
the nub) called trusted agents (or TAs). The TAs can implement sophisticated
policies and authentication methods, where the nub (and SCP) just implements fairly
simple primitives. A TA can also communicate with user-space programs (at least,
that will be a feature of Microsoft's nub; other people can write their own nubs which
can support different kinds of TAs or even do without TAs entirely). The TAs are
protected by hardware from one another and from the rest of the system.
Even PCI DMA can't read or write memory which has been reserved to a nub's or
TA's use (including the nub's or TA's code). This memory is completely inaccessible
and can only be accessed indirectly through API calls. The chipset on the
motherboard is modified to enforce this sort of restriction.
The SCP provides a feature called "sealed storage" by means of two API calls (called
SEAL and UNSEAL). If a TA running on a system in trusted mode wants to use
sealed storage, it can call into the APIs implemented in the nub.
Sealed storage is implemented by means of encryption (sealing) or decryption
(unsealing) with a symmetric cipher When the SCP is given data to seal, it's given
two arguments: the data itself and a 160-bit "nub identifier"
Sealing is performed by pretending the nub identifier to the data to be sealed, and
then encrypting the result with a private symmetric key -- the "platform-specific
key", which varies from machine to machine and is secret. That key is kept within
17Microsoft Palladium
the SCP and is a unique identifier for the machine which performed the sealing
operation.
The SCP actually also pretends a random nonce to the data to be sealed before
encryption (and discards the nonce upon decryption). This is a clever privacy feature
which prevents someone from creating an application which "cookies you" by
recording the output of sealing an empty string (and then using the result as a
persistent unique identifier for your machine). A program which tried to "cookie
you" this way would find that, because of the random nonce, the result of sealing a
given string is constantly completely different, and no useful information about the
identity of the machine is revealed by the sealing operation.
After encryption, the SCP returns the encrypted result as the return value of the
SEAL operation.
When an SCP is given encrypted data to UNSEAL, it internally attempts to decrypt
the encrypted data using its platform-specific key. This means that, if the encrypted
data was originally sealed on a different machine, the UNSEAL operation will fail
outright immediately. (You can't take a sealed file and transfer it to another machine
and unseal it there; because the platform-specific key is used for encryption and
decryption, and can't be extracted from the SCP, you can only UNSEAL data on the
same machine on which it was originally sealed.)
If the decryption is successful, the SCP performs a second check: it examines the nub
identifier which resides within the decrypted data. The nub identifier was specified at
the time the data was originally sealed, and indicates which nub is allowed to receive
the decrypted data. If the nub identifier for the decrypted data is identical to the nub
identifier which is currently stored in the PCR (which is the SHA-1 hash of the
currently-running nub on the machine at the moment UNSEAL was called), the
UNSEAL is successful and the decrypted data is returned to the calling nub.
However, if the nub identifier does not match the contents of the PCR, the SCP
18Microsoft Palladium
concludes that the nub which is currently running is not entitled to receive this data,
and discards it.
Thus, sealing is specific to a physical machine and also specific to a nub. Data sealed
on one machine for a particular nub cannot be decrypted on a different machine or
under a different nub. An application which trusts a particular nub (and is running
under that nub) can seal important secret data and then store the resulting sealed data
safely on an untrusted hard drive, or even send it over a network.
If you reboot the machine under a debugger, there is no technical problem, and you
can debug the software which created the encrypted file. However, since you aren't
running the proper (no debugger- friendly) nub, the debugger will work, but the
UNSEAL call won't. The SCP will receive the UNSEAL call, examine the PCR, and
conclude that the currently-running nub is not cleared (so to speak) to receive the
sealed data. Your applications can only decrypt sealed data if they are running under
the same machine and under the same software environment within which they
originally sealed that data!
This is remarkably clever. When you are running under a trusted nub, your
applications can use the SCP to decrypt and process data, but you can't run software
which subverts a TA's policy (because the nub will not permit the policy to be
subverted).
When you are not running under a trusted nub, you can run software which subverts
a TA's policy (because the nub isn't able to prevent it), but your applications will no
longer be able to decrypt any sealed data, because the SCP won't be willing to
perform the decryption.
There is a long discussion of how you can make a backup, or upgrade your system,
or migrate your software and data to a new system, etc. The default with sealed
storage is that any sealed data will be unusable when migrated to a new system. The
19Microsoft Palladium
Microsoft nub provides wrappers around the SCP's sealing features which allow the
software which performs the sealing operation to specify a migration policy at the
time the sealing operation is originally performed. The migration policy can be
(approximately) one of the following, at the software's sole option:
a. Migration is prevented entirely, and the data must die with the current PC
where it was created.
b. Migration is permitted upon some kind of authentication by a local user (e.g.
a password) which will decrypt or command the decryption of data
temporarily in order to permit it to be migrated.
c. Migration is permitted with the assistance and consent of a 3rd party.
Palladium's modifications to input and output hardware will prevent software from
doing certain kinds of monitoring and spoofing, as well as "screen scraping". A
program will be able to ask Palladium to display a dialog box which can't be
"obscured" or "observed" by other software, and Palladium hardware can enforce
these conditions. And there is a way to be sure that input is coming from a physical
input device and not spoofed by another program.
The secure output features also permit, e.g., a DVD player program to prevent other
software from making screen captures. The initial version of Palladium does not
control audio output in this way, so you can still record all sound output via
something like Total Recorder.
In principle, nub and kernel are independent, so a non-Microsoft kernel could run on
a Microsoft nub, or vice versa. Patent and copyright issues might prevent this from
being done in practice, but it is apparently technically possible within the design of
Palladium.
20Microsoft Palladium
Microsoft's nub, including its source code, will be published for review by anyone
who wants to examine it, in order to allow all of Microsoft's claims about its security
properties to be verified. There is no part of Palladium's design or code which needs
to be kept secret, although each SCP will contain secret cryptographic keys loaded at
the time of its manufacture. Microsoft will encourage non-Microsoft people to read
and discuss its nub. You will also be able to create your own nub, except that
changing the nub will (as discussed above) prevent previously-sealed data from
being decrypted.
Microsoft suggests that Palladium is flexible enough that many entities could use it
to create their own policies, judgments, certification services, etc. Palladium has a
more robust technical enforcement mechanism than either of those standards.
21Microsoft Palladium
4. COMPARISON OF TCPA AND PALLADIUM
TCPA stands for ‘Trusted Computing Platform Alliance’, an initiative led by Intel.
Their stated goal is a ‘new computing platform for the next century that will provide for
improved trust in the PC platform’. Palladium is software that Microsoft says it plans to
incorporate in future versions of Windows; it will build on the TCPA hardware and will add
some new features.
The TCPA and Palladium rely on the addition to the hardware of normal PC’s. While
Palladium calls for more extensive changes, the modifications are remarkably similar. Both
call for a new chip to be placed on the motherboard of all future computers. The chip would
include new encryption functions as well as a small amount of memory that would act as a
digital vault to store important keys to decrypt protected data. The TCPA refers to the chip
as the “Trusted Platform Module”, a successor to the Intel’s processor. Microsoft refers to
the hardware components of Palladium as Secure Cryptographic Coprocessor or SCP.
22Microsoft Palladium
5. ADVANTAGES OF PALLADIUM
5.1 BLOCK MALICIOUS CODE
One of the more promising aspects that Palladium will bring to end-users is the
ability to authenticate the programs they use. A user will allow certain applications access to
resources. Originally, it was thought that Palladium would not permit unauthorized code to
run on a system; therefore it would stop the execution of programs like viruses. Recently,
however, Microsoft has backed off these claims about Palladium. Now it simply claims that
Palladium will provide a secure execution environment for anti-virus programs (MS
Palladium Technical FAQ). The benefit of a secure environment is that viruses and other
malicious code cannot alter the behavior of a Palladium-enabled anti-virus program.
Microsoft has decided that legacy support for existing Windows applications is important
enough so as not to require all programs to be rewritten for Palladium. This means that
existing programs and viruses will still run on a Palladium system. The implied benefit to
Palladium, aside from the added protection to anti-virus programs, is the increased
authentication with new Palladium enabled programs. If Palladium proliferates as Microsoft
hopes, there will come a time when legacy support will not be important anymore, and
unauthorized programs will not be run. It appears as though this is the first step on the way
to that idea.
5.2 DIGITAL RIGHT MANAGEMENT
The digital rights management (DRM) potential with a Palladium system is what
content producers and distributors are interested with. Digital rights management has to do
with controlling whom and how long content is distributed. Microsoft touts Palladium as
being independent of any existing DRM technology today (MS Palladium Technical FAQ).
On the other hand, it acknowledges that Palladium systems are being designed to coincide
with DRM technologies to help content developers (MS Palladium Technical FAQ). A
Palladium system is supposed to make it easier for individual users to implement DRM on
23Microsoft Palladium
their own personal data. For example, a user may setup a vault containing credit card
information. Palladium would allow the user to setup a group of trusted agents that would
have access to all or certain parts of that data. Along with data, Palladium promises to give
users the option to regulate time interval that data is available to the trusted agents they have
specified.
Digital rights management (DRM) is a generic term for access control technologies
that can be used on the usage of digital content and devices. The term is used to describe any
technology that inhibits uses of digital content not desired or intended by the content
provider. The term does not generally by hardware manufacturers, publishers,
copyright holders and individuals to impose limitations refer to other forms of copy
protection which can be circumvented without modifying the file or device, such as serial
numbers or keyfiles. It can also refer to restrictions associated with specific instances of
digital works or devices. Digital rights management is used by companies such
as Sony, Apple Inc, Microsoft, AOL and the BBC.
Digital rights management (DRM) is a systematic approach to copyright protection
for digital media. The purpose of DRM is to prevent unauthorized redistribution of digital
media and restrict the ways consumers can copy content they've purchased. DRM products
were developed in response to the rapid increase in online piracy of commercially marketed
material, which proliferated through the widespread use of peer-to-peer file exchange
programs. Typically DRM is implemented by embedding code that prevents copying,
specifies a time period in which the content can be accessed or limits the number of devices
the media can be installed on.
Although digital content is protected by copyright laws, policing the Web and
catching law-breakers is very difficult. DRM technology focuses on making it impossible to
steal content in the first place, a more efficient approach to the problem than the hit-and-
miss strategies aimed at apprehending online poachers after the fact.
24Microsoft Palladium
6. DISADVANTAGES OF PALLADIUM
6.1 UPGRADES
In order to take advantage of what Palladium is supposed to offer, users will have to
upgrade both their current operating systems and hardware. The next version of Windows,
due out in 2004, will need hardware support for Palladium features to work at all (MS
Palladium Technical FAQ). It is unclear at this point whether the next major Windows
release will run on non-Palladium compatible hardware. The central processing unit will
have to support the trusted execution mode that Palladium offers. It is clear that future
motherboards will need to contain the security chip for Palladium to run properly (MS
Palladium Technical FAQ). More upgrades may be of concern in the area of graphic
hardware and peripherals such as keyboards and mice because of the encryption in between
these hardware devices and the software they are interacting with.
6.2 INTEROPERABILITY
Palladium has received wide criticism for being a so-called General Public License
(GPL) killer (Anderson). Now, Microsoft clearly states that the Palladium-enabled operating
system will be able to co-exist with any Linux based system, just as their operating systems
do today. The question that comes to mind is, will that change with wide spread adoption of
the Palladium architecture? For example, if a bank switches over to exclusively Palladium
systems, would customers of that bank who don’t run Palladium systems be able to use the
bank’s services? Palladium is not a direct attack on GPL or Linux based system, but is an
attempt to change the rules of the names.
25Microsoft Palladium
6.3 LEGACY PROGRAMS
By Microsoft’s own admission, the Palladium-enabled operating system will not
have perfect legacy support (MS Palladium Technical FAQ). All existing debuggers will
need to be updated in order to work under Palladium. Performance tools that monitor
operating system or user processes will need to be updated. Any memory dump software
will not work correctly without changes to support Palladium. Hibernation features of
motherboards will need to be updated as well. Memory scrub routines, at the hardware level,
will need to be rewritten to accommodate Palladium. The reason for all of these updates is
the trusted agent policy that Palladium enforces. No program is allowed to invade the
execution space for any other program. In the case of a debugger, it will need special
permission from the operating system to monitor the execution space of the target program.
Even software developed for the TCPA specification will need to be rewritten if it tries to
directly write to any TCPA hardware. This description of incompatible legacy programs is
by no means comprehensive; it is simply what Microsoft is disclosing at this time (MS
Palladium Technical FAQ).
26Microsoft Palladium
7. CONCLUSION
Today, IT managers face tremendous challenges due to the inherent openness of end-
user machines, and millions of people simply avoid some online transactions out of fear.
However, with the usage of "Palladium" systems, trustworthy, secure interactions will
become possible. This technology will provide tougher security defenses and more abundant
privacy benefits than ever before. With "Palladium," users will have unparalleled power
over system integrity, personal privacy and data security.
Independent software vendors (ISVs) that want their applications to take advantage
of "Palladium" benefits will need to write code specifically for this new environment a new
generation of "Palladium"- compatible hardware and peripherals will need to be designed
and built. The "Palladium" development process will require industry wide collaboration. It
can only work with broad trust and widespread acceptance across the industry, businesses
and consumers
.
"Palladium" is not a magic bullet. Clearly, its benefits can only be realized if industry
leaders work collaboratively to build "Palladium"- compatible applications and systems and
then only if people choose to use them. But the "Palladium" vision endeavors to provide the
trustworthiness necessary to enable businesses, governments and individuals to fully
embrace the increasing digitization of life.
The Internet and the proliferation of digital content have sparked the need for more
privacy and security of data. The looming question whenever anyone talks about security
and privacy is: for whom? Palladium certainly gives digital content 16providers the control
over their product that they have wanted for a long time. In recent months, Microsoft has
clearly emphasized the benefits that the marriage of Palladium and DRM can bring to end-
users. Microsoft claims that users will have complete control of their personal information.
The Palladium-enabled operating system isn’t due for at least another year. It could take
months after the initial release for anyone to feel its effects.
27Microsoft Palladium
8. REFERENCES
1. Anderson, R. “TCPA / Palladium Frequently Asked Questions Version 1.0.” July
2002. University of Cambridge Online. 5 Jan 2003
<http://www.cl.cam.ac.uk/users/rja14/tcpa-faq.html>.
2. “Microsoft Palladium.” 11 Nov. 2002. Electronic Privacy Information Center Online.
5 January 2003
<http://www.epic.org/privacy/consumer/microsoft/palladium.html>.
3. Boutin, Paul. “Palladium: Safe or Security Flaw?.” 12 Jul. 2002. Wired News
Online. 31 Jan 2003
<http://www.wired.com/news/antitrust/0,1551,53805,00.html>.
4. Hachman M., and Rupley S. “Microsoft's Palladium: A New Security Initiative.” 25
Jun. 2002. ExtremeTech Online. 5 Jan 2003
<http://www.extremetech.com/article2/0,3973,274309,00.asp>.
5. www .wikipedia.org
28Microsoft Palladium