Cryptogram: Palladium Only for DRM

asokan at saunalahti.fi asokan at saunalahti.fi
Tue Sep 17 13:54:13 EDT 2002 

David Wagner wrote:
> I wasn't thinking of pure software solutions.  I was thinking of a
> combination of existing hardware + new software: use the MMU to provide
> separate address spaces, and use a secure VM or OS kernel to limit what
> those processes can do.  As far as I can see, this can provide just as
> much protection against viruses for your bank account as Palladium can.

I agree with this in general.  One exception that comes
to mind is "theft protection". If my machine has some
secrets (e.g., to access my bank account) and a thief
gets hold of the device physically (so that he can access
the storage directly without the control of the OS), then MMU+software 
isn't enough. It seems some sort of smartcard
(or support from a server) would be needed.

The same applies to any data on my machine that should be
integrity-protected (e.g., the root key with which
I authenticate my bank).

> In general, with software and existing hardware working together, I
> suspect we can already do everything Palladium can do, except for the DRM
> and related applications founded on taking control away from the owner
> of the machine.  Maybe I'm missing something.  Still, it seems to me that
> Palladium would much more compelling if it left out the tamper-resistant
> chip and gave up on the semi-coercive DRM-like applications.

I think tamper-resistant hardware could (if it worked)
offer protection to the owner of the machine against anyone
else who would have physical access to the machine. In other words, 
"Owner" is not the same as the "current user".

Your last comment is still valid though: Palladium etc. will
be more compelling if it demonstrably preserved the control
by the owner of a device (e.g., by allowing the owner to initialize the 
root keys used by it, as pointed out by
William Arbaugh).

Regards,
- Asokan


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cryptography mailing list