Results 1 to 9 of 9

Thread: MIT presentation review about Palladium

  1. #1
    Senior Member
    Join Date
    Apr 2002
    Posts
    634

    MIT presentation review about Palladium

    I found more Palladium infos than posted previously. It's a review of a MIT presentation with some infos and ideas about the Palladium concept.
    I know it could be posted in the "conferences reviews" forum, but I consider it is more related to a security point of view.
    The original link is here

    21 October 2002

    Date: Sun, 20 Oct 2002 22:38:35 -0400
    To: Cypherpunks <cypherpunks@minder.net>
    From: "Arnold G. Reinhold" <reinhold@world.std.com>
    Subject: Re: palladium presentation - anyone going?

    At 7:15 PM +0100 10/17/02, Adam Back wrote:
    >-------- Original Message --------
    >Subject: LCS/CIS Talk, OCT 18, TOMORROW
    >Date: Thu, 17 Oct 2002 12:49:01 -0400
    >From: Be Blackburn <be@theory.lcs.mit.edu>
    >To: theory-seminars@theory.lcs.mit.edu
    >CC: cis-seminars@theory.lcs.mit.edu
    >
    >Open to the Public
    >
    >Date: Friday, Oct 18, 2002
    >Time: 10:30 a.m.- 12:00 noon
    >Place: NOTE: NE43-518, 200 Tech Square
    >Title: Palladium
    >Speaker: Brian LaMacchia, Microsoft Corp.
    >Hosts: Ron Rivest and Hal Abelson
    >
    >Abstract:
    >
    >This talk will present a technical overview of the Microsoft
    >"Palladium" Initiative. The "Palladium" code name refers to a set of
    >hardware and software security features currently under development
    >for a future version of the Windows operating system. "Palladium"
    >adds four categories of security services to today's PCs:
    >
    > a. Curtained memory. The ability to wall off and hide pages of main
    >memory so that each "Palladium" application can be assured that it is
    >not modified or observed by any other application or even the
    >operating system.
    >
    > b. Attestation. The ability for a piece of code to digitally sign
    >or otherwise attest to a piece of data and further assure the
    >signature recipient that the data was constructed by an unforgeable,
    >cryptographically identified software stack.
    >
    > c. Sealed storage. The ability to securely store information so
    >that a "Palladium" application or module can mandate that the
    >information be accessible only to itself or to a set of other trusted
    >components that can be identified in a cryptographically secure
    >manner.
    >
    > d. Secure input and output. A secure path from the keyboard and
    >mouse to "Palladium" applications, and a secure path from "Palladium"
    >applications to an identifiable region of the screen.
    >
    >Together, these features provide a parallel execution environment to
    >the "traditional" kernel- and user-mode stacks. The goal of
    >"Palladium" is to help protect software from software; that is, to
    >provide a set of features and services that a software application can
    >use to defend against malicious software also running on the machine
    >(viruses running in the main operating system, keyboard sniffers,
    >frame grabbers, etc). "Palladium" is not designed to provide defenses
    >against hardware-based attacks that originate from someone in control
    >of the local machine.

    I went. It was a good talk. The room was jam packed. Brian is very forthright and sincere. After he finished speaking, Richard Stallman gave an uninvited rebuttal speech, saying Palladium was very dangerous and ought to be banned. His concerns are legitimate, but the net effect, I think, was to make the Q&A session that followed less hostile.

    Palladium sets up a separate trusted virtual computer inside the PC processor, with its own OS, called Nexus, and it own applications, called agents. The trusted computer communicates with a security co-processor on the mother board, and has a secure channel to your keyboard and mouse and to a selected window on your CRT screen.

    How to prevent the secure channel to the on-screen window from being spoofed is still an open problem. Brian suggested a secure mode LED that lights when that window has focus or having the secure window display a mother's-maden-name type code word that you only tell Nexus. Of course this doesn't matter for DRM since *your* trusting the window is not the issue.

    All disk and network I/O is done thru the untrusted Windows OS on the theory that the trusted machine will encrypt anything it wants to keep private. Windows even takes care of Nexus scheduling.

    A major design goal is that all existing software must run without change. Users are not required to boot Palladium at all, and are to be able to boot it long after Windows has booted.

    >Might help clear up some of the currently
    >unexplained aspects about Palladium, such as:
    >
    >- why they think it couldn't be used to protect software copyright (as
    >the subject of Lucky's patent)

    The specific question never came up. As Brain did say, Palladium is just a platform. People can built whatever they want on top of it. It seemed clear to me that the primary goal is DRM, but as someone else in the audience said (approximate quote) "We always hear that you can't do this or that without trusted hardware. Well, this is trusted hardware." I don't see why anyone would think protecting software copyright could not be done.

    >- are there plans to move SCP functions into processor? any relation
    >to Intel Lagrange

    No. The SCP is based on a smart card core and is to be a "light weight, low pin count chip" with a target cost of $1 in volume. I presume future deals between MS and Intel are always possible.

    The SCP will support several algorithms, including 2048-bit RSA, 128-bit AES, SHA1, an HMAC. They may include another cipher and another hash. There will also be a FIPS140-2 Random Number Generator and several monotonic counters, but no time of day clock. Each chip will have a unique RSA key pair, an AES key and a HMAC key. The only key that the SCP will reveal to the outside is the RSA public key and it will only do that once per power up cycle.

    >- isn't it quite weak as someone could send different information to
    >the SCP and processor, thereby being able to forge remote attestation
    >without having to tamper with the SCP; and hence being able to run
    >different TOR, observe trusted agents etc.

    There is also a change to the PC memory management to support a trusted bit for memory segments. Programs not in trusted mode can't access trusted memory. Also there will be three additional x86 instructions (in microcode) to support secure boot of the trusted kernel and present a SHA1 hash of the kernel code in a read only register. There may be a hole somewhere, but Microsoft is trying hard to get it right and Brian seemed quite competent.

    >I notice at the bottom of the talk invite it says
    >
    >| "Palladium" is not designed to provide defenses against
    >| hardware-based attacks that originate from someone in control of the
    >| local machine.
    >
    >but in this case how does it meet the BORA prevention. Is it BORA
    >prevention _presuming_ the local user is not interested to reconfigure
    >his own hardware?

    Near as I can see, the real trust comes from the RSA key pair stored in the SCP and a cert on that key from the SCP manufacturer. There is no command to obtain the private key from the SCP. Presumably they leverage smart card technology plus what ever tricks they think of to make it hard to get that key. Differential power analysis or HNO3 might do the trick. We'll have to wait and see.

    >Will it really make any significant difference to DRM enforcement
    >rates? Wouldn't the subset of the file sharing community who produce
    >DVD rips still produce Pd DRM rips if the only protection is the
    >assumption that the user won't make simple hardware modifications.

    The real question from Microsoft's stand point is will the entertainment industry be satisfied with Palladium's level of security and release content that can play on Palladium equipped PCs? DVDs aren't Hollywood's main problem. Movies are becoming available online long before the DVD is released. Hollywood probably wants something that monitors ALL content for watermarks. Palladium as presented doesn't do this. But again it is a platform. Once it exists, a later version of Windows might require it to be up and would then verify all content displayed. If Hollywood doesn't convince Microsoft to do this, Sen. Hollings will be more than glad to introduce the necessary legislation. To paraphrase Stallman's rant, in the Palladium context Alice and Bob are corporations and Mallory is the PC owner.

    Arnold Reinhold
    Life is boring. Play NetHack... --more--

  2. #2
    Senior Member
    Join Date
    Apr 2002
    Posts
    634

    MIT presentation review about Palladium

    I found more Palladium infos than posted previously. It's a review of a MIT presentation with some infos and ideas about the Palladium concept.
    I know it could be posted in the "conferences reviews" forum, but I consider it is more related to a security point of view.
    The original link is here

    21 October 2002

    Date: Sun, 20 Oct 2002 22:38:35 -0400
    To: Cypherpunks <cypherpunks@minder.net>
    From: "Arnold G. Reinhold" <reinhold@world.std.com>
    Subject: Re: palladium presentation - anyone going?

    At 7:15 PM +0100 10/17/02, Adam Back wrote:
    >-------- Original Message --------
    >Subject: LCS/CIS Talk, OCT 18, TOMORROW
    >Date: Thu, 17 Oct 2002 12:49:01 -0400
    >From: Be Blackburn <be@theory.lcs.mit.edu>
    >To: theory-seminars@theory.lcs.mit.edu
    >CC: cis-seminars@theory.lcs.mit.edu
    >
    >Open to the Public
    >
    >Date: Friday, Oct 18, 2002
    >Time: 10:30 a.m.- 12:00 noon
    >Place: NOTE: NE43-518, 200 Tech Square
    >Title: Palladium
    >Speaker: Brian LaMacchia, Microsoft Corp.
    >Hosts: Ron Rivest and Hal Abelson
    >
    >Abstract:
    >
    >This talk will present a technical overview of the Microsoft
    >"Palladium" Initiative. The "Palladium" code name refers to a set of
    >hardware and software security features currently under development
    >for a future version of the Windows operating system. "Palladium"
    >adds four categories of security services to today's PCs:
    >
    > a. Curtained memory. The ability to wall off and hide pages of main
    >memory so that each "Palladium" application can be assured that it is
    >not modified or observed by any other application or even the
    >operating system.
    >
    > b. Attestation. The ability for a piece of code to digitally sign
    >or otherwise attest to a piece of data and further assure the
    >signature recipient that the data was constructed by an unforgeable,
    >cryptographically identified software stack.
    >
    > c. Sealed storage. The ability to securely store information so
    >that a "Palladium" application or module can mandate that the
    >information be accessible only to itself or to a set of other trusted
    >components that can be identified in a cryptographically secure
    >manner.
    >
    > d. Secure input and output. A secure path from the keyboard and
    >mouse to "Palladium" applications, and a secure path from "Palladium"
    >applications to an identifiable region of the screen.
    >
    >Together, these features provide a parallel execution environment to
    >the "traditional" kernel- and user-mode stacks. The goal of
    >"Palladium" is to help protect software from software; that is, to
    >provide a set of features and services that a software application can
    >use to defend against malicious software also running on the machine
    >(viruses running in the main operating system, keyboard sniffers,
    >frame grabbers, etc). "Palladium" is not designed to provide defenses
    >against hardware-based attacks that originate from someone in control
    >of the local machine.

    I went. It was a good talk. The room was jam packed. Brian is very forthright and sincere. After he finished speaking, Richard Stallman gave an uninvited rebuttal speech, saying Palladium was very dangerous and ought to be banned. His concerns are legitimate, but the net effect, I think, was to make the Q&A session that followed less hostile.

    Palladium sets up a separate trusted virtual computer inside the PC processor, with its own OS, called Nexus, and it own applications, called agents. The trusted computer communicates with a security co-processor on the mother board, and has a secure channel to your keyboard and mouse and to a selected window on your CRT screen.

    How to prevent the secure channel to the on-screen window from being spoofed is still an open problem. Brian suggested a secure mode LED that lights when that window has focus or having the secure window display a mother's-maden-name type code word that you only tell Nexus. Of course this doesn't matter for DRM since *your* trusting the window is not the issue.

    All disk and network I/O is done thru the untrusted Windows OS on the theory that the trusted machine will encrypt anything it wants to keep private. Windows even takes care of Nexus scheduling.

    A major design goal is that all existing software must run without change. Users are not required to boot Palladium at all, and are to be able to boot it long after Windows has booted.

    >Might help clear up some of the currently
    >unexplained aspects about Palladium, such as:
    >
    >- why they think it couldn't be used to protect software copyright (as
    >the subject of Lucky's patent)

    The specific question never came up. As Brain did say, Palladium is just a platform. People can built whatever they want on top of it. It seemed clear to me that the primary goal is DRM, but as someone else in the audience said (approximate quote) "We always hear that you can't do this or that without trusted hardware. Well, this is trusted hardware." I don't see why anyone would think protecting software copyright could not be done.

    >- are there plans to move SCP functions into processor? any relation
    >to Intel Lagrange

    No. The SCP is based on a smart card core and is to be a "light weight, low pin count chip" with a target cost of $1 in volume. I presume future deals between MS and Intel are always possible.

    The SCP will support several algorithms, including 2048-bit RSA, 128-bit AES, SHA1, an HMAC. They may include another cipher and another hash. There will also be a FIPS140-2 Random Number Generator and several monotonic counters, but no time of day clock. Each chip will have a unique RSA key pair, an AES key and a HMAC key. The only key that the SCP will reveal to the outside is the RSA public key and it will only do that once per power up cycle.

    >- isn't it quite weak as someone could send different information to
    >the SCP and processor, thereby being able to forge remote attestation
    >without having to tamper with the SCP; and hence being able to run
    >different TOR, observe trusted agents etc.

    There is also a change to the PC memory management to support a trusted bit for memory segments. Programs not in trusted mode can't access trusted memory. Also there will be three additional x86 instructions (in microcode) to support secure boot of the trusted kernel and present a SHA1 hash of the kernel code in a read only register. There may be a hole somewhere, but Microsoft is trying hard to get it right and Brian seemed quite competent.

    >I notice at the bottom of the talk invite it says
    >
    >| "Palladium" is not designed to provide defenses against
    >| hardware-based attacks that originate from someone in control of the
    >| local machine.
    >
    >but in this case how does it meet the BORA prevention. Is it BORA
    >prevention _presuming_ the local user is not interested to reconfigure
    >his own hardware?

    Near as I can see, the real trust comes from the RSA key pair stored in the SCP and a cert on that key from the SCP manufacturer. There is no command to obtain the private key from the SCP. Presumably they leverage smart card technology plus what ever tricks they think of to make it hard to get that key. Differential power analysis or HNO3 might do the trick. We'll have to wait and see.

    >Will it really make any significant difference to DRM enforcement
    >rates? Wouldn't the subset of the file sharing community who produce
    >DVD rips still produce Pd DRM rips if the only protection is the
    >assumption that the user won't make simple hardware modifications.

    The real question from Microsoft's stand point is will the entertainment industry be satisfied with Palladium's level of security and release content that can play on Palladium equipped PCs? DVDs aren't Hollywood's main problem. Movies are becoming available online long before the DVD is released. Hollywood probably wants something that monitors ALL content for watermarks. Palladium as presented doesn't do this. But again it is a platform. Once it exists, a later version of Windows might require it to be up and would then verify all content displayed. If Hollywood doesn't convince Microsoft to do this, Sen. Hollings will be more than glad to introduce the necessary legislation. To paraphrase Stallman's rant, in the Palladium context Alice and Bob are corporations and Mallory is the PC owner.

    Arnold Reinhold
    Life is boring. Play NetHack... --more--

  3. #3
    thanx for that post ive been looking for some technical info on the new palladium this clears up a lot of arguments ive had with some of my friends
    If you can cheat and get away with it you deserve to win

  4. #4
    thanx for that post ive been looking for some technical info on the new palladium this clears up a lot of arguments ive had with some of my friends
    If you can cheat and get away with it you deserve to win

  5. #5
    Senior Member
    Join Date
    Oct 2002
    Posts
    1,130
    Each chip will have a unique RSA key pair
    There is no command to obtain the private key from the SCP.
    Sounds remarkably like the Clipper chip...

    I assume that this is true only aftter the key in question has been burned onto the chip. Who and/or what sees it before that happens?

    What then happens when the US government decides they want a copy of each key pair placed in escrow cross-referenced with the chip ID number (which already exists)?

    The ability for a piece of code to digitally sign or otherwise attest to a piece of data and further assure the signature recipient that the data was constructed by an unforgeable, cryptographically identified software stack.
    The Germans thought Enigma was unbreakable, and the U.S. thought the Titanic was unsinkable. No encryption or hash algorithm has ever been proven unbreakable. DES is now useless. Misplaced trust in a system is no less dangerous than misplaced trust in its users. How many times have people been lured into a false sense of security, to catastrophic ends? (Pearl Harbor, anyone?)

    I concur, sooner or later, Palladium, or something like it, will come to pass. But before we place our trust in it, we must first realize that perfect infallibility is as elusive as a snowball in hell.

    And I certainly hope that the same company who controls 90% of the world's computers (or something like that) will not also control 90% of the world's access priveliges. And before you put too much faith in this, take a close look at who the speaker was.

    The security of any system is inversely proportionate to the trust we place in that system.

    But it is good to hear the other side of the story, KissCool. Thx for the opinion.
    Government is like fire - a handy servant, but a dangerous master - George Washington
    Government is not reason, it is not eloquence - it is force. - George Washington.

    Join the UnError community!

  6. #6
    Senior Member
    Join Date
    Oct 2002
    Posts
    1,130
    Each chip will have a unique RSA key pair
    There is no command to obtain the private key from the SCP.
    Sounds remarkably like the Clipper chip...

    I assume that this is true only aftter the key in question has been burned onto the chip. Who and/or what sees it before that happens?

    What then happens when the US government decides they want a copy of each key pair placed in escrow cross-referenced with the chip ID number (which already exists)?

    The ability for a piece of code to digitally sign or otherwise attest to a piece of data and further assure the signature recipient that the data was constructed by an unforgeable, cryptographically identified software stack.
    The Germans thought Enigma was unbreakable, and the U.S. thought the Titanic was unsinkable. No encryption or hash algorithm has ever been proven unbreakable. DES is now useless. Misplaced trust in a system is no less dangerous than misplaced trust in its users. How many times have people been lured into a false sense of security, to catastrophic ends? (Pearl Harbor, anyone?)

    I concur, sooner or later, Palladium, or something like it, will come to pass. But before we place our trust in it, we must first realize that perfect infallibility is as elusive as a snowball in hell.

    And I certainly hope that the same company who controls 90% of the world's computers (or something like that) will not also control 90% of the world's access priveliges. And before you put too much faith in this, take a close look at who the speaker was.

    The security of any system is inversely proportionate to the trust we place in that system.

    But it is good to hear the other side of the story, KissCool. Thx for the opinion.
    Government is like fire - a handy servant, but a dangerous master - George Washington
    Government is not reason, it is not eloquence - it is force. - George Washington.

    Join the UnError community!

  7. #7
    Senior Member
    Join Date
    Jul 2002
    Posts
    386
    Someone mentioned on another thread a few days ago, "Security and Microsoft shouldn't be mentioned in the same sentence."

    I have xp. That's as far as I go with Microsoft.

  8. #8
    Senior Member
    Join Date
    Jul 2002
    Posts
    386
    Someone mentioned on another thread a few days ago, "Security and Microsoft shouldn't be mentioned in the same sentence."

    I have xp. That's as far as I go with Microsoft.

  9. #9
    Junior Member
    Join Date
    Nov 2002
    Posts
    2

    Question

    The idea of hardware encryption and secure memory sounds good to me - but that could all be somke and mirrors. I guess the real question is who has/had access to these private keys?

    So given that M$ have such a bad rep with security issues and the fact that (guessing here) around 70%? of all PCs run some form of Windows something surely needs to come about - I'm intersted to hear what you all think M$ should be doing about it?

    R-Bola

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •