Palladium -- trivially weak in hw but "secure in software"?? (Re: palladium presentation - anyone going?)

Adam Back adam at
Tue Oct 22 11:52:16 EDT 2002

Remote attestation does indeed require Palladium to be secure against
the local user.  

However my point is while they seem to have done a good job of
providing software security for the remote attestation function, it
seems at this point that hardware security is laughable.

So they disclaim in the talk announce that Palladium is not intended
to be secure against hardware attacks:

| "Palladium" is not designed to provide defenses against
| hardware-based attacks that originate from someone in control of the
| local machine.

so one can't criticise the implementation of their threat model -- it
indeed isn't secure against hardware based attacks.

But I'm questioning the validity of the threat model as a realistic
and sensible balance of practical security defenses.

Providing almost no hardware defenses while going to extra-ordinary
efforts to provide top notch software defenses doesn't make sense if
the machine owner is a threat.

The remote attestation function clearly is defined from the view that
the owner is a threat.

Without specifics and some knowledge of hardware hacking we can't
quantify, but I suspect that hacking it would be pretty easy.  Perhaps
no soldering, $50 equipment and simple instructions anyone could

more inline below...

On Mon, Oct 21, 2002 at 09:36:09PM -0400, Arnold G. Reinhold wrote:
> [about improving palladium hw security...] Memory expansion could be
> dealt with by finding a way to give Palladium preferred access to
> the first block of physical memory that is soldered on the mother
> board.

I think standard memory could be used.  I can think of simple
processor modifications that could fix this problem with hardware
tamper resistance assurance to the level of having to tamper with .13
micron processor.  The processor is something that could be epoxyied
inside a cartridge for example (with the cartridge design processor +
L2 cache housings as used by some Intel pentium class processors),
though probably having to tamper with a modern processor is plenty
hard enough to match software security given software complexity


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list