Joined: 30 May 2002
|Posted: Mon Jul 15, 2002 5:14 am Post subject: Microsoft Palladium??? Thoughts, Yay or Nay
"Through software and hardware controls, Palladium would place Microsoft as the gatekeeper of identification and authentication. Additionally, systems embedded in both software and hardware would control access to content, thereby creating ubiquitous Digital Rights Management schemes that can track users and control use of media. ..."
"Known Elements of the Palladium System
The system purports to stop viruses by preventing the running of malicious programs.
The system will store personal data within an encrypted folder.
The system will depend on hardware that has either a digital signature or a tracking number.
The system will filter spam.
The system has a personal information sharing agent called "My Man."
The system will incorporate Digital Rights Management technologies for media files of all types (music, documents, e-mail communications). Additionally, the system purports to transmit data within the computer via encrypted paths. "
And from http://www.wired.com/news/antitrust/0,1551,53805,00.htm
"Microsoft's recently announced R&D project, which includes chipmakers Intel and AMD as partners, aims to combine software and hardware extensions to traditional PC architecture. Palladium's goal: Move security-conscious applications out of the server room and back onto the Windows desktop, by soothing both consumer fears about privacy and corporate concerns over piracy."
"At its simplest, Palladium provides a tamper-proof vault for data on the desktop. "One of the areas the PC needs to grow in is its resistance to certain kinds of attacks," said Geoffrey Strongin, platform security architect for AMD.
Those attacks include Web-based cracking and viruses, ripping CDs, modification of application programs, and sniffs of users' passwords and other personal data, according to Strongin. "
"In theory, the Palladium system would be safe from any attacks short of physically opening the box and tapping into the hardware.
To support Palladium, AMD and Intel are reportedly developing new versions of the x86 chip, the platform used for Intel's Pentium and AMD's Athlon. According to Strongin, these chips support a new "Trusted" execution mode that allows cryptographically authenticated programs access to a separate memory area.
The CPU is augmented by a security coprocessor, which holds a unique pair of crypto keys. The coprocessor is a separate component not for security but for manufacturing reasons. Unlike today's CPU chips, each coprocessor must be personalized with a crypto string stored in non-volatile memory –-- more akin to a smartcard than an Athlon.
Strongin suggested smartcard makers may manufacture the coprocessors, which would then be combined with Intel or AMD CPU chips to create a Palladium-ready motherboard.
A corresponding software component, called the Trusted operating root (or just "the nub" by Microsoft engineers), would work in conjunction with the CPU and its coprocessor.
Together, the nub and coprocessor are designed to encrypt data in such a way that no other combination of nub and coprocessor would be able to decrypt it. Change a single bit of code or move the data to another computer, and it is unreadable. This is the core of Palladium, according to Strongin and Peter Biddle, a Microsoft product unit manager leading Palladium's development.
"It's like having Kerberos (cryptographic authentication) between applications, instead of between computers on the network," Biddle said. Applications on the PC would be unable to read from or write to one another's Palladium-protected data. "To the rest of the system, that part of memory is invisible -- it does not exist," Biddle said.
Microsoft plans to publish the source code for the nub, he added, because the system is secure using crypto algorithms rather than proprietary code. "
Joined: 18 Apr 2002
Location: Kuala Lumpur, Malaysia
|Posted: Tue Jul 23, 2002 8:24 pm Post subject:
Sounds interesting but it sounds a bit too much like Antitrust if anyone has seen it....gatekeeper software.
And can we really trust Microsoft with anything security related, they never seem to *really* appreciate the overall picture.
MS + Security = Disaster...
Oh no my critical encryption system has blue screened...no thanks.