Cryptogram: Palladium Only for DRM

[Peter]

> Your last comment is still valid though: Palladium etc. will
> be more compelling if it demonstrably preserved the control
> by the owner of a device (e.g., by allowing the owner to initialize the
> root keys used by it, as pointed out by
> William Arbaugh).

There is nothing in Pd which assumes that the keys weren't put there by a
crazy hobbit named Mel who waves a magic wand on every system and then
tattoos the keys on the users chest. Pd doesn't really know how the keys got
there (how would it?). Pd wants a HW cert which it can show to others, who
can then go to the signing authority for that cert and decide for themselves
whether or not they trust that HW. Note that "others" can represent SW,
remote users, local users, whatever...

Some organizations will certainly want to gen their own keys. Some users
will want to do this as well. The cost / benefit anaylsis involved in the
way the keys got into the machine, how they are managed, and how they are
preserved is up to a given market segment (where each segment happens to
consist of thousands or millions of users).

I believe that the chips in most Pd PC's will offer some relatively low bar
for HW tamper resistance, will self-gen keys, and will manage those keys
such that no one gets to know the private key and only third parties named
by the user will ever see the public key. I think that this serves the
widest set of needs. There may also be chips which squirt the keys out based
on some event and there will almost certainly be ones which take keys
squirted in from a remote source. Pd will run.

Think about the graphics business - one vendor sells a decent percentage of
silicon but there are other vendors who have been very succesful building
products which sell into different segments based on different feature sets,
and the same should hold true here. It is up to the makers of chips and
users to decide how they want to assert the trustworthiness of a given
system, and it is up to application writers to decide how they want to
operate on that machine based on the certs they are given by Pd.

re: smart cards - I agree, as a user I want the added protections I will get
from a combination of a smart card and biometrics on top of Pd. I ultimately
also want a mechanism I can use to ask an anonymous machine if I can trust
it, and a combined smart-card / bioemtirc device doing an authentication
with a Pd machine should let me do that.

P


----- Original Message -----
From: <asokan at saunalahti.fi>
To: <cryptography at wasabisystems.com>
Sent: Tuesday, September 17, 2002 10:54 AM
Subject: Re: Cryptogram: Palladium Only for DRM


> David Wagner wrote:
> > I wasn't thinking of pure software solutions.  I was thinking of a
> > combination of existing hardware + new software: use the MMU to provide
> > separate address spaces, and use a secure VM or OS kernel to limit what
> > those processes can do.  As far as I can see, this can provide just as
> > much protection against viruses for your bank account as Palladium can.
>
> I agree with this in general.  One exception that comes
> to mind is "theft protection". If my machine has some
> secrets (e.g., to access my bank account) and a thief
> gets hold of the device physically (so that he can access
> the storage directly without the control of the OS), then MMU+software
> isn't enough. It seems some sort of smartcard
> (or support from a server) would be needed.
>
> The same applies to any data on my machine that should be
> integrity-protected (e.g., the root key with which
> I authenticate my bank).
>
> > In general, with software and existing hardware working together, I
> > suspect we can already do everything Palladium can do, except for the
DRM
> > and related applications founded on taking control away from the owner
> > of the machine.  Maybe I'm missing something.  Still, it seems to me
that
> > Palladium would much more compelling if it left out the tamper-resistant
> > chip and gave up on the semi-coercive DRM-like applications.
>
> I think tamper-resistant hardware could (if it worked)
> offer protection to the owner of the machine against anyone
> else who would have physical access to the machine. In other words,
> "Owner" is not the same as the "current user".
>
> Your last comment is still valid though: Palladium etc. will
> be more compelling if it demonstrably preserved the control
> by the owner of a device (e.g., by allowing the owner to initialize the
> root keys used by it, as pointed out by
> William Arbaugh).
>
> Regards,
> - Asokan
>
>
> ---------------------------------------------------------------------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to
majordomo at wasabisystems.com
>

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com