palladium cryptography
DESCRIPTION
Next generation secure computing baseTRANSCRIPT
Presentation
On
Palladium Cryptography (next generation secure computing base)
By:
Piyush Mittal
Introduction
Palladium is a software architecture
designed by Microsoft to implement parts
of Trusted Computing Concepts on future
versions of Windows OS.
This relies on Hardware technology
designed by members of Trusted
Computing Group which provide security
features, cryptographic co-processors and
ability to hold keys securely.
Properties of Palladium
Architectural enhancement to Windows
kernel and computer hardware.
Will not eliminate any features of
Windows.
New applications must be written.
It will operate with any program user
specifies while maintaining security.
Architecture and Concepts Palladium consists of software and specialized
hardware component developed by Trusted
Computing Group
1. Key hardware components are:
• Trusted Platform Module: provides secure storage of cryptographic keys and a secure co-processor.
• Curtained memory (trusted space)feature in CPU:
Execution space protected from external attacks (protected RAM)
Data within curtained memory can be accessed by applications to which it belongs.
Sealed Storage: Authentication mechanism
that allows program to store secrets.
Secure input output
Attestation: Mechanisms that allow user
to reveal selected characteristics to
external requesters. It is entrusted with
the job of to encrypt and decrypt data
from sealed storage.
Secured Key
Cryptographic key is stored within TPM
Applications provide encrypted data to TPM to be decrypted and decrypted data is provided for authentication
TPM stores a single key securely
Data as an extension stored in encrypted form that can be decrypted only by key in TPM
TPM generates cryptographic signature based on hidden key.
Key Software components are
Nexus: A security kernel that is a part of OS. It provides basic services to trusted agents, such as the establishment of the process mechanisms for with trusted agents and other applications.
Trusted agents: A trusted agent is a program, a part of a program, or a service that runs in user mode in the trusted space.
Together, the nexus and trusted agents
provide the following features:
Trusted data storage, encryption services
for applications to ensure data integrity
and protection.
facilities to enable hardware and software
to authenticate itself.
WORKING OF PALLADIUM
This architecture will include a new security
computing chip and design changes to a
computer’s central processing unit (CPU),
chipsets, and peripheral devices, such as
keyboards and printers.
The pc-specific secret coding within palladium
makes stolen files useless on other machines
as they are physically and cryptographically
locked within the hardware of the machine.
Protection using Palladium
Palladium prevents identity theft and
unauthorized access to personal data on
the user’s device while on the internet
and on other networks.
With palladium, a system’s secrets are
locked in the computer and are only
revealed on terms that the user has
specified.
SHORTCOMINGS AND PIT FALLS
OF PALLADIUM Software and applications have to be
rewritten to synchronize with palladium
or new applications must be written
Changes are to be made to the existing
computer hardware to support palladium.
It would be a long time before this
technology became commonplace.
Conclusion
With the usage of “palladium” systems,
trustworthy, secure interactions will
become possible. This technology will
provide tougher security defenses and
more abundant privacy benefits than ever
before. With palladium, users will have
unparalleled power over system integrity,
personal privacy and data security.