• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

Microsoft Palladium??? Thoughts, Yay or Nay

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Cryptographic Theory and Cryptanalysis - Internal and Transmission Security

View previous topic :: View next topic  
Author Message
Mongrel
SF Mod
SF Mod


Joined: 30 May 2002
Posts: 8


Offline

PostPosted: Mon Jul 15, 2002 5:14 am    Post subject: Microsoft Palladium??? Thoughts, Yay or Nay Reply with quote

http://www.epic.org/privacy/consumer/microsoft/palladium.html

excerpts

"Through software and hardware controls, Palladium would place Microsoft as the gatekeeper of identification and authentication. Additionally, systems embedded in both software and hardware would control access to content, thereby creating ubiquitous Digital Rights Management schemes that can track users and control use of media. ..."

"Known Elements of the Palladium System

The system purports to stop viruses by preventing the running of malicious programs.
The system will store personal data within an encrypted folder.
The system will depend on hardware that has either a digital signature or a tracking number.
The system will filter spam.
The system has a personal information sharing agent called "My Man."
The system will incorporate Digital Rights Management technologies for media files of all types (music, documents, e-mail communications). Additionally, the system purports to transmit data within the computer via encrypted paths. "

And from http://www.wired.com/news/antitrust/0,1551,53805,00.htm

"Microsoft's recently announced R&D project, which includes chipmakers Intel and AMD as partners, aims to combine software and hardware extensions to traditional PC architecture. Palladium's goal: Move security-conscious applications out of the server room and back onto the Windows desktop, by soothing both consumer fears about privacy and corporate concerns over piracy."

...

"At its simplest, Palladium provides a tamper-proof vault for data on the desktop. "One of the areas the PC needs to grow in is its resistance to certain kinds of attacks," said Geoffrey Strongin, platform security architect for AMD.

Those attacks include Web-based cracking and viruses, ripping CDs, modification of application programs, and sniffs of users' passwords and other personal data, according to Strongin. "

...

"In theory, the Palladium system would be safe from any attacks short of physically opening the box and tapping into the hardware.

To support Palladium, AMD and Intel are reportedly developing new versions of the x86 chip, the platform used for Intel's Pentium and AMD's Athlon. According to Strongin, these chips support a new "Trusted" execution mode that allows cryptographically authenticated programs access to a separate memory area.

The CPU is augmented by a security coprocessor, which holds a unique pair of crypto keys. The coprocessor is a separate component not for security but for manufacturing reasons. Unlike today's CPU chips, each coprocessor must be personalized with a crypto string stored in non-volatile memory -- more akin to a smartcard than an Athlon.

Strongin suggested smartcard makers may manufacture the coprocessors, which would then be combined with Intel or AMD CPU chips to create a Palladium-ready motherboard.

A corresponding software component, called the Trusted operating root (or just "the nub" by Microsoft engineers), would work in conjunction with the CPU and its coprocessor.

Together, the nub and coprocessor are designed to encrypt data in such a way that no other combination of nub and coprocessor would be able to decrypt it. Change a single bit of code or move the data to another computer, and it is unreadable. This is the core of Palladium, according to Strongin and Peter Biddle, a Microsoft product unit manager leading Palladium's development.

"It's like having Kerberos (cryptographic authentication) between applications, instead of between computers on the network," Biddle said. Applications on the PC would be unable to read from or write to one another's Palladium-protected data. "To the rest of the system, that part of memory is invisible -- it does not exist," Biddle said.

Microsoft plans to publish the source code for the nub, he added, because the system is secure using crypto algorithms rather than proprietary code. "
Back to top
View user's profile Send private message
ShaolinTiger
Forum Fanatic
Forum Fanatic


Joined: 18 Apr 2002
Posts: 16777215
Location: Kuala Lumpur, Malaysia

Offline

PostPosted: Tue Jul 23, 2002 8:24 pm    Post subject: Reply with quote

Sounds interesting but it sounds a bit too much like Antitrust if anyone has seen it....gatekeeper software.

And can we really trust Microsoft with anything security related, they never seem to *really* appreciate the overall picture.

MS + Security = Disaster...

Oh no my critical encryption system has blue screened...no thanks.
Back to top
View user's profile Send private message Visit poster's website
hads
Trusted SF Member
Trusted SF Member


Joined: 23 May 2002
Posts: 3
Location: New Zealand

Offline

PostPosted: Tue Jul 30, 2002 6:32 am    Post subject: Reply with quote

ShaolinTiger wrote:
Oh no my critical encryption system has blue screened...


Laughing yeah. real useful that.
Back to top
View user's profile Send private message
Mongrel
SF Mod
SF Mod


Joined: 30 May 2002
Posts: 8


Offline

PostPosted: Tue Jul 30, 2002 11:11 am    Post subject: Reply with quote

LMFAO - the ENCRYPTED blue screen of death.
Back to top
View user's profile Send private message
ShaolinTiger
Forum Fanatic
Forum Fanatic


Joined: 18 Apr 2002
Posts: 16777215
Location: Kuala Lumpur, Malaysia

Offline

PostPosted: Tue Jul 30, 2002 1:50 pm    Post subject: Reply with quote

I'm pretty sure BSOD is encrypted anyway as no one has ever been able to understand WTF they are on about Twisted Evil Shocked Twisted Evil
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Cryptographic Theory and Cryptanalysis - Internal and Transmission Security All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register