Microsoft's Cutting edge Secure Registering Base, in the past Palladium.

Microsoft’s Next-Generation Secure Computing Base, earlier Palladium Kit Colbert Student Consultant Representing Microsoft mssc@brown.edu

What is Palladium? An arrangement of equipment and programming augmentations to make the PC more reliable. Today’s applications will at present run fine and dandy. You can impair Palladium expansions in the event that you pick. What precisely is dependable processing? Great question…

Trustworthy Computing Trustworthy: deserving of certainty. Illustrations: Credit card numbers that can’t be stolen. Individual journal that must be composed and saw by you or individuals you pick. Somebody is who she says she is. There are as of now specially appointed answers for some of these worries, Palladium looks to explain all of them.

Who To Trust? Applications? Working frameworks can automatically subvert applications. Working System? Equipment can automatically subvert working frameworks. Equipment? People can subvert equipment, yet not automatically. So we need to begin off believing the equipment.

Chain of Trust We begin off believing the equipment and develop, along these lines making a chain of trust. Applications Operating System Hardware

Palladium’s Goals Usher in another time of reliable enabling so as to figure the PC to: Perform trusted operations Span various PCs with this trust Create element trust approaches Allow anybody to verify these arrangements

How Palladium Will Do It Specifically, Palladium will include four new security highlights that build the machine\'s reliability: Protected memory Attestation Sealed capacity Secure data and yield It principally does this through cryptographic keys and calculations.

Hardware Extensions Security Support Component (SSC) Secure correspondence channels for: I/O Graphics Network Storage Chipsets CPU operation codes, registers, interferes, and status bits

Software Extensions Nexus (the bit) shared source Trusted specialists (the applications) So what is this, an entire other working framework?? All things considered, sort of…

The New View Two parallel working frameworks? Not exactly, the trusted portion still depends on the untrusted part for the majority of its usefulness. Client Mode Trusted User Mode Kernel Mode Trusted Kernel Mode

SSC/Nexus Interaction Sealed capacity: SSC’s symmetric key, call it ‘s’ SSC hash of running Nexus portion, call it ‘h’ Arbitrary information indicated by pointer ‘p’ SSC executes two operations: c = SEAL(p) p = UNSEAL(c) Example usage: SEAL: aes_encrypt(s+h, p) UNSEAL: aes_decrypt(s+h, p) If either SSC or Nexus changes, can’t recover information!

Bringing It All Together Closed circle of trust:

TCPA Trusted Computing Platform Alliance Group of organizations (around 200) Biggest players: Microsoft Intel Compaq HP IBM Same objective as Palladium: dependability

All About the Hardware TCPA particular just for equipment It’s working framework freethinker Complete TCPA 1.1b spec online One execution of it underway machines (one form of IBM Thinkpad) Palladium utilizes a percentage of the TCPA spec

How Palladium Will Affect You A Palladium PC will in any case run non-trusted applications So all that you have now will in any case work Palladium is select in You need to expressly decide to utilize it Signed pairs implies less risks of a trojan or infection embedded into ordinarily utilized projects

Your Information is Secure All your own data is put away on your home machine, not on some company’s server. You control exactly who sees what and what they can do with it. No more doctor’s new patient structures, not any more rounding out Mastercard applications, and so forth

Digital Rights Management Probably the greatest issue with Palladium will empower the media organizations to secure their substance Which brings up a few issues: So not any more reasonable utilization? Can regardless I privateer? Reasonable utilization: presumably not for the fleeting Piracy: you can in any case do it on the non-trusted side

Open Source and Palladium Will working frameworks like Linux still keep running on a Palladium PC? Without a doubt. Will Linux still keep running, as well as it could in principle be altered to have a Nexus Thus it could run trusted applications

No User Authentication User verification is done through Windows Ie, normal Windows logon User is attached to the machine and its keys Everything scrambled with blend of machine’s SSC and Nexus keys Switching machines could be dreary

3-Phase Deployment Plan Deploy in organizations Use in inside systems Make beyond any doubt delicate information isn’t released Get real media organizations included Create trusted substance and applications End clients/purchasers Use the trusted applications and substance Distribute individual data

Conclusion Palladium is a stage Enables ISVs to compose trusted applications effortlessly. In the first place form in future rendition of Windows Sometime around 2005 or 2006 Will it work? Who knows. Microsoft trusts so. Do you need it to work? There are great and terrible results of it. It’s an individual choice.

Palladium Links Microsoft Palladium: A Business Overview http://www.microsoft.com/PressPass/highlights/2002/jul02/0724palladiumwp.asp Microsoft NGSCB Technical FAQ http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/news/NGSCB.asp Palladium Details http://www.activewin.com/articles/2002/pd.shtml Microsoft Meeting on Palladium http://vitanuova.loyalty.org/2002-07-03.html EPIC’s Palladium Coverage http://www.epic.org/protection/customer/microsoft/palladium.html Inside Microsoft’s Secure OS Project Palladium http://www.extremetech.com/article2/0,3973,837726,00.asp MIT Palladium Presentation http://www.cryptome.org/palladium-mit.htm

More Palladium Links Interview with Palladium’s Mario Juarez http://www.digitalidworld.com/modules.php?op=modload&name=News&file=article&sid=74&mode=&order=0 Q&A: Palladium Initiative http://www.microsoft.com/presspass/Features/2002/Jul02/07-01palladium.asp TCPA/Palladium FAQ http://www.cl.cam.ac.uk/%7Erja14/tcpa-faq.html TCPA and Palladium: Sony Inside http://www.kuro5hin.org/story/2002/7/9/17842/90350 TCPA and Palladium Technical Analysis http://wintermute.homelinux.org/miscelanea/TCPA%20Security.txt Palladium and the TCPA http://www.counterpane.com/crypto-gram-0208.html TCPA Homepage http://w