Microsoft’sMicrosoft’sNext-Generation Secure Computing Base,Next-Generation Secure Computing Base,

formerly Palladiumformerly Palladium

Kit ColbertKit ColbertStudent Consultant Representing MicrosoftStudent Consultant Representing Microsoftmssc@brown.edumssc@brown.edu

What is Palladium?What is Palladium?

• A set of hardware and software extensions A set of hardware and software extensions to make the PC more trustworthy.to make the PC more trustworthy.

• Today’s apps will still run just fine.Today’s apps will still run just fine.• You can disable Palladium extensions if You can disable Palladium extensions if

you choose.you choose.

• What exactly is trustworthy computing?What exactly is trustworthy computing?• Good question…Good question…

Trustworthy ComputingTrustworthy Computing

• Trustworthy: worthy of confidence.Trustworthy: worthy of confidence.• Examples:Examples:

• Credit card numbers that can’t be stolen.Credit card numbers that can’t be stolen.• Personal diary that can only be written and Personal diary that can only be written and

viewed by you or people you choose.viewed by you or people you choose.• Someone is who she says she is.Someone is who she says she is.

• There are currently ad-hoc solutions for There are currently ad-hoc solutions for some of these concerns, Palladium seeks some of these concerns, Palladium seeks to solve them all.to solve them all.

Who To Trust?Who To Trust?

• Applications?Applications?• Operating systems can programmatically subvert applications.

• Operating System?• Hardware can programmatically subvert operating systems.

• Hardware?• Humans can subvert hardware, but not programmatically.

• So we have to start off trusting the hardware.

Chain of TrustChain of Trust

• We start off trusting the hardware and We start off trusting the hardware and build up, thus creating a chain of trust.build up, thus creating a chain of trust.

Hardware

Operating System

Applications

Palladium’s GoalsPalladium’s Goals

• Usher in a new era of trustworthy Usher in a new era of trustworthy computing by enabling the PC to:computing by enabling the PC to:• Perform trusted operationsPerform trusted operations• Span multiple computers with this trustSpan multiple computers with this trust• Create dynamic trust policiesCreate dynamic trust policies• Allow anyone to authenticate these policiesAllow anyone to authenticate these policies

How Palladium Will Do ItHow Palladium Will Do It

• Specifically, Palladium will add four new Specifically, Palladium will add four new security features that increase the security features that increase the trustworthiness of the machine:trustworthiness of the machine:• Protected memoryProtected memory• AttestationAttestation• Sealed storageSealed storage• Secure input and outputSecure input and output

• It primarily does this through cryptographic It primarily does this through cryptographic keys and algorithms.keys and algorithms.

Hardware ExtensionsHardware Extensions

• Security Support Component (SSC)Security Support Component (SSC)• Secure communication channels for:Secure communication channels for:

• I/OI/O• GraphicsGraphics• NetworkNetwork• StorageStorage• ChipsetsChipsets

• CPU op-codes, registers, interrupts, and CPU op-codes, registers, interrupts, and status bitsstatus bits

Software ExtensionsSoftware Extensions

• NexusNexus• (the kernel)(the kernel)• shared sourceshared source

• Trusted agentsTrusted agents• (the applications)(the applications)

• So what is this, a whole other operating system??

• Well, sort of…

The New ViewThe New View

• Two parallel operating systems?Two parallel operating systems?• Not quite, the trusted kernel still relies on the Not quite, the trusted kernel still relies on the

untrusted kernel for most of its functionality.untrusted kernel for most of its functionality.

Kernel Mode

User ModeTrusted

User Mode

TrustedKernel Mode

SSC/Nexus InteractionSSC/Nexus Interaction

• Sealed storage:Sealed storage:• SSC’s symmetric key, call it ‘s’SSC’s symmetric key, call it ‘s’• SSC hash of running Nexus kernel, call it ‘h’SSC hash of running Nexus kernel, call it ‘h’• Arbitrary data pointed to by pointer ‘p’Arbitrary data pointed to by pointer ‘p’• SSC implements two operations:SSC implements two operations:

• c = SEAL(p)c = SEAL(p)• p = UNSEAL(c)p = UNSEAL(c)

• Example implementation:Example implementation:• SEAL: aes_encrypt(s+h, p)SEAL: aes_encrypt(s+h, p)• UNSEAL: aes_decrypt(s+h, p)UNSEAL: aes_decrypt(s+h, p)

• If either SSC or Nexus changes, can’t retrieve data!If either SSC or Nexus changes, can’t retrieve data!

Bringing It All TogetherBringing It All Together• Closed sphere of trust:Closed sphere of trust:

TCPATCPA

• Trusted Computing Platform AllianceTrusted Computing Platform Alliance• Group of companies (about 200)Group of companies (about 200)• Biggest players:Biggest players:

• MicrosoftMicrosoft• IntelIntel• CompaqCompaq• HPHP• IBMIBM

• Same goal as Palladium: trustworthinessSame goal as Palladium: trustworthiness

All About the HardwareAll About the Hardware

• TCPA specification only for hardwareTCPA specification only for hardware• It’s operating system agnosticIt’s operating system agnostic

• Complete TCPA 1.1b spec onlineComplete TCPA 1.1b spec online• One implementation of it in production One implementation of it in production

machines (one version of IBM Thinkpad)machines (one version of IBM Thinkpad)• Palladium uses some of the TCPA specPalladium uses some of the TCPA spec

How Palladium Will Affect YouHow Palladium Will Affect You

• A Palladium PC will still run non-trusted A Palladium PC will still run non-trusted appsapps• So everything you have now will still workSo everything you have now will still work

• Palladium is opt-inPalladium is opt-in• You have to explicitly choose to use itYou have to explicitly choose to use it

• Signed binaries means less chances of a Signed binaries means less chances of a trojan or virus inserted into commonly trojan or virus inserted into commonly used programsused programs

Your Information is SecureYour Information is Secure

• All your personal information is stored on All your personal information is stored on your home machine, not on some your home machine, not on some company’s server.company’s server.

• You control precisely who sees what and You control precisely who sees what and what they can do with it.what they can do with it.

• No more doctor’s new patient forms, no No more doctor’s new patient forms, no more filling out credit card apps, etc.more filling out credit card apps, etc.

Digital Rights ManagementDigital Rights Management

• Probably the biggest issue with PalladiumProbably the biggest issue with Palladium• Palladium will enable the media Palladium will enable the media

companies to protect their contentcompanies to protect their content• Which raises some questions:Which raises some questions:

• So no more fair use?So no more fair use?• Can I still pirate?Can I still pirate?

• Fair use: probably not for the short termFair use: probably not for the short term• Piracy: you can still do it on the non-trusted Piracy: you can still do it on the non-trusted

sideside

Open Source and PalladiumOpen Source and Palladium

• Will operating systems like Linux still run Will operating systems like Linux still run on a Palladium PC?on a Palladium PC?• Definitely.Definitely.

• Not only will Linux still run, but it could in Not only will Linux still run, but it could in theory be modified to have a Nexustheory be modified to have a Nexus• Thus it could run trusted appsThus it could run trusted apps

No User AuthenticationNo User Authentication

• User authentication is done through User authentication is done through WindowsWindows• Ie, usual Windows logonIe, usual Windows logon

• User is tied to the machine and its keysUser is tied to the machine and its keys• Everything encrypted with combination of Everything encrypted with combination of

machine’s SSC and Nexus keysmachine’s SSC and Nexus keys• Switching machines could be tediousSwitching machines could be tedious

3-Phase Deployment Plan3-Phase Deployment Plan

• Deploy in corporationsDeploy in corporations• Use in internal networksUse in internal networks• Make sure sensitive data isn’t leakedMake sure sensitive data isn’t leaked

• Get major media companies involvedGet major media companies involved• Create trusted content and applicationsCreate trusted content and applications

• End users/consumersEnd users/consumers• Use the trusted apps and contentUse the trusted apps and content• Distribute personal informationDistribute personal information

ConclusionConclusion

• Palladium is a platformPalladium is a platform• Enables ISVs to write trusted apps easily.Enables ISVs to write trusted apps easily.

• First version in future version of WindowsFirst version in future version of Windows• Sometime around 2005 or 2006Sometime around 2005 or 2006

• Will it work?Will it work?• Who knows. Microsoft hopes so.Who knows. Microsoft hopes so.

• Do you want it to work?Do you want it to work?• There are good and bad outcomes of it.There are good and bad outcomes of it.• It’s a personal decision.It’s a personal decision.

Palladium LinksPalladium Links• Microsoft Palladium: A Business OverviewMicrosoft Palladium: A Business Overview

http://www.microsoft.com/PressPass/features/2002/jul02/0724palladhttp://www.microsoft.com/PressPass/features/2002/jul02/0724palladiumwp.aspiumwp.asp

• Microsoft NGSCB Technical FAQMicrosoft NGSCB Technical FAQhttp://www.microsoft.com/technet/treeview/default.asp?url=/technet/http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/news/NGSCB.aspsecurity/news/NGSCB.asp

• Palladium DetailsPalladium Detailshttp://www.activewin.com/articles/2002/pd.shtmlhttp://www.activewin.com/articles/2002/pd.shtml

• Microsoft Meeting on PalladiumMicrosoft Meeting on Palladiumhttp://vitanuova.loyalty.org/2002-07-03.htmlhttp://vitanuova.loyalty.org/2002-07-03.html

• EPIC’s Palladium CoverageEPIC’s Palladium Coveragehttp://www.epic.org/privacy/consumer/microsoft/palladium.htmlhttp://www.epic.org/privacy/consumer/microsoft/palladium.html

• Inside Microsoft’s Secure OS Project PalladiumInside Microsoft’s Secure OS Project Palladiumhttp://www.extremetech.com/article2/0,3973,837726,00.asphttp://www.extremetech.com/article2/0,3973,837726,00.asp

• MIT Palladium PresentationMIT Palladium Presentationhttp://www.cryptome.org/palladium-mit.htmhttp://www.cryptome.org/palladium-mit.htm

More Palladium LinksMore Palladium Links• Interview with Palladium’s Mario JuarezInterview with Palladium’s Mario Juarez

http://www.digitalidworld.com/modules.php?http://www.digitalidworld.com/modules.php?op=modload&name=News&file=article&sid=74&mode=&order=0op=modload&name=News&file=article&sid=74&mode=&order=0

• Q&A: Palladium InitiativeQ&A: Palladium Initiativehttp://www.microsoft.com/presspass/Features/2002/Jul02/07-http://www.microsoft.com/presspass/Features/2002/Jul02/07-01palladium.asp01palladium.asp

• TCPA / Palladium FAQTCPA / Palladium FAQhttp://www.cl.cam.ac.uk/%7Erja14/tcpa-faq.htmlhttp://www.cl.cam.ac.uk/%7Erja14/tcpa-faq.html

• TCPA and Palladium: Sony InsideTCPA and Palladium: Sony Insidehttp://www.kuro5hin.org/story/2002/7/9/17842/90350http://www.kuro5hin.org/story/2002/7/9/17842/90350

• TCPA and Palladium Technical AnalysisTCPA and Palladium Technical Analysishttp://wintermute.homelinux.org/miscelanea/TCPA%20Security.txthttp://wintermute.homelinux.org/miscelanea/TCPA%20Security.txt

• Palladium and the TCPAPalladium and the TCPAhttp://www.counterpane.com/crypto-gram-0208.htmlhttp://www.counterpane.com/crypto-gram-0208.html

• TCPA HomepageTCPA Homepagehttp://www.trustedpc.orghttp://www.trustedpc.org

Questions?Questions?