palladium presentation - anyone going?

Arnold G. Reinhold reinhold at world.std.com
Sun Oct 20 22:38:35 EDT 2002


At 7:15 PM +0100 10/17/02, Adam Back wrote:
>Would someone at MIT / in Boston area like to go to this [see end] and send a
>report to the list?

I went. It was a good talk. The room was jam packed. Brian is very 
forthright and sincere. After he finished speaking, Richard Stallman 
gave an uninvited rebuttal speech,  saying Palladium was very 
dangerous and ought to be banned.  His concerns are legitimate, but 
the net effect, I think, was to make the Q&A session that followed 
less hostile.

Palladium sets up a separate trusted virtual computer inside the PC 
processor, with its own OS, called Nexus, and it own applications, 
called agents. The trusted computer communicates with a security 
co-processor on the mother board,  and has a secure channel to your 
keyboard and mouse and to a selected window on your CRT screen.

How to prevent the secure channel to the on-screen window from being 
spoofed is still an open problem. Brian suggested a secure mode LED 
that lights when that window has focus or having the secure window 
display a mother's-maden-name type code word that you only tell 
Nexus.  Of course this doesn't matter for DRM since *your* trusting 
the window is not the issue.

All disk and network I/O is done thru the untrusted Windows OS on the 
theory that the trusted machine will encrypt anything it wants to 
keep private. Windows even takes care of Nexus scheduling.

A major design goal is that all existing software must run without 
change. Users are not required to boot Palladium at all, and are to 
be able to boot it long after Windows has booted.

>Might help clear up some of the currently
>unexplained aspects about Palladium, such as:
>
>- why they think it couldn't be used to protect software copyright (as
>the subject of Lucky's patent)

The specific question never came up. As Brain did say, Palladium is 
just a platform. People can built whatever they want on top of it. 
It seemed clear to me that the primary goal is DRM, but as someone 
else in the audience said (approximate quote) "We always hear that 
you can't do this or that without trusted hardware. Well, this is 
trusted hardware."  I don't see why anyone would think protecting 
software copyright could not be done.

>
>- are there plans to move SCP functions into processor?  any relation
>to Intel Lagrange

No. The SCP is based on a smart card core and is to be a "light 
weight, low pin count chip" with a target cost of $1 in volume.  I 
presume future deals between MS and Intel are always possible.

The SCP will support several algorithms, including 2048-bit RSA, 
128-bit AES, SHA1, an HMAC. They may include another cipher and 
another hash. There will also be a FIPS140-2 Random Number Generator 
and several monotonic counters, but no time of day clock. Each chip 
will have a unique RSA key pair, an AES key and a HMAC key. The only 
key that the SCP will reveal to the outside is the RSA public key and 
it will only do that once per power up cycle.

>
>- isn't it quite weak as someone could send different information to
>the SCP and processor, thereby being able to forge remote attestation
>without having to tamper with the SCP; and hence being able to run
>different TOR, observe trusted agents etc.

There is also a change to the PC memory management to support a 
trusted bit for memory segments. Programs not in trusted mode can't 
access trusted memory. Also there will be three additional x86 
instructions (in microcode) to support secure boot of the trusted 
kernel and present a SHA1 hash of the kernel code in a read only 
register.  There may be a hole somewhere, but Microsoft is trying 
hard to get it right and Brian seemed quite competent.

>
>I notice at the bottom of the talk invite it says
>
>| "Palladium" is not designed to provide defenses against
>| hardware-based attacks that originate from someone in control of the
>| local machine.
>
>but in this case how does it meet the BORA prevention.  Is it BORA
>prevention _presuming_ the local user is not interested to reconfigure
>his own hardware?

Near as I can see, the real trust comes from the RSA key pair stored 
in the SCP and a cert on that key from the SCP manufacturer.  There 
is no command to obtain the private key from the SCP.  Presumably 
they leverage smart card technology plus what ever tricks they think 
of to make it hard to get that key.   Differential power analysis or 
HNO3 might do the trick. We'll have to wait and see.

>
>Will it really make any significant difference to DRM enforcement
>rates?  Wouldn't the subset of the file sharing community who produce
>DVD rips still produce Pd DRM rips if the only protection is the
>assumption that the user won't make simple hardware modifications.

The real question from Microsoft's stand point is will the 
entertainment industry be satisfied with Palladium's level of 
security and release content that can play on Palladium equipped PCs? 
DVDs aren't Hollywood's main problem.  Movies are becoming available 
online long before the DVD is released.  Hollywood probably wants 
something that monitors ALL content for watermarks. Palladium as 
presented doesn't do this.  But again it is a platform. Once it 
exists, a later version of Windows might require it to be up and 
would then verify all content displayed.  If Hollywood doesn't 
convince Microsoft to do this, Sen. Hollings will be more than glad 
to introduce the necessary legislation. To paraphrase Stallman's 
rant, in the Palladium context Alice and Bob are corporations and 
Mallory is the PC owner.

Arnold Reinhold


>
>Adam
>
>-------- Original Message --------
>Subject: LCS/CIS Talk, OCT 18, TOMORROW
>Date: Thu, 17 Oct 2002 12:49:01 -0400
>From: Be Blackburn <be at theory.lcs.mit.edu>
>To: theory-seminars at theory.lcs.mit.edu
>CC: cis-seminars at theory.lcs.mit.edu
>
>
>Open to the Public
>
>Date:     Friday, Oct 18, 2002
>Time:     10:30 a.m.- 12:00 noon
>Place:    NOTE: NE43-518, 200 Tech Square
>Title:    Palladium
>Speaker:  Brian LaMacchia, Microsoft Corp.
>Hosts:    Ron Rivest and Hal Abelson
>
>Abstract:
>
>This talk will present a technical overview of the Microsoft
>"Palladium" Initiative.  The "Palladium" code name refers to a set of
>hardware and software security features currently under development
>for a future version of the Windows operating system.  "Palladium"
>adds four categories of security services to today's PCs:
>
>  a. Curtained memory. The ability to wall off and hide pages of main
>memory so that each "Palladium" application can be assured that it is
>not modified or observed by any other application or even the
>operating system.
>
>  b. Attestation. The ability for a piece of code to digitally sign
>or otherwise attest to a piece of data and further assure the
>signature recipient that the data was constructed by an unforgeable,
>cryptographically identified software stack.
>
>  c. Sealed storage. The ability to securely store information so
>that a "Palladium" application or module can mandate that the
>information be accessible only to itself or to a set of other trusted
>components that can be identified in a cryptographically secure
>manner.
>
>  d. Secure input and output. A secure path from the keyboard and
>mouse to "Palladium" applications, and a secure path from "Palladium"
>applications to an identifiable region of the screen.
>
>Together, these features provide a parallel execution environment to
>the "traditional" kernel- and user-mode stacks.  The goal of
>"Palladium" is to help protect software from software; that is, to
>provide a set of features and services that a software application can
>use to defend against malicious software also running on the machine
>(viruses running in the main operating system, keyboard sniffers,
>frame grabbers, etc).  "Palladium" is not designed to provide defenses
>against hardware-based attacks that originate from someone in control
>of the local machine.
>
>
>---------------------------------------------------------------------
>The Cryptography Mailing List
>Unsubscribe by sending "unsubscribe cryptography" to 
>majordomo at wasabisystems.com


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com



More information about the cryptography mailing list