Sei sulla pagina 1di 18

Seminar Presentation

PALLADIUM CRYPTOGRAPHY
By
DISHA MAKKAR
Reg. No.: 090907185 Roll No.:198, Section: D(21)

Department of Electronics and Communication Engineering, MIT, Manipal

Contents
Introduction

Trusted Computing
Palladium cryptography How palladium works Architecture of Palladium Hardware Summary How Palladium is different from DRM Drawbacks of Palladium Bitlocker
Department of Electronics and Communication Engineering, MIT, Manipal

Introduction As we tend towards a more and more computer centric world, the concept of data security has attained a paramount importance. Present day security systems are incapable of providing a trustworthy environment and vulnerable to unexpected attacks. NGSCB will transform the PC into a platform that can perform trusted operations spanning multiple computers under a trust policy that can be dynamically created and whose integrity anyone can authenticate.
Department of Electronics and Communication Engineering, MIT, Manipal

Types Of Data Threats


Intruders Casual Prying Snooping Commercial espionage Virus

Department of Electronics and Communication Engineering, MIT, Manipal

Trusted Computing
TC is a technology developed and promoted by TCG(Trusted Computing Group). With TC, the computer will consistently behave in expected ways, and those behaviors will be enforced by hardware and software. TC uses cryptography to help enforce a selected behavior.

Department of Electronics and Communication Engineering, MIT, Manipal

DRM(Digital Rights Management) DRM is a generic term for access control technologies that can be used by hardware manufacturers, publishers, copyright holders and individuals to limit the usage of digital content and devices. It controls use of digital media by preventing access, copying or conversion to other formats by the end user.

Department of Electronics and Communication Engineering, MIT, Manipal

Palladium Cryptography Palladium is MS code name for an evolutionary set of features for Windows OS. Combined with new breed of hardware and applications, these features will give individuals and groups greater data security, personal privacy, and system integrity. Its not a separate OS. Ii is based in architectural enhancements to the windows kernel and to computer hardware, including CPU, peripherals and chipsets, to create a new trusted execution subsystem.
Department of Electronics and Communication Engineering, MIT, Manipal

Aspects of Palladium Hardware Components Trusted Space: execution space protected from external attacks(virus). Sealed storage: store secrets that cant be retrieved by non trusted programs. Secure input and output: A secure path from keyboard (mouse) to Pd applications and from Pd applications to screen.

Department of Electronics and Communication Engineering, MIT, Manipal

Software Components Nexus: this component manages trust functionality for Palladium user mode processes. Executes in kernel mode in the trusted space. Trusted Agents: Its a program, a part of program, calls the nexus for security related services and critical general services such as memory management.

Department of Electronics and Communication Engineering, MIT, Manipal

How Palladium Works


Palladium is a new hardware and software architecture. This architecture will include SSC(security service computing) chip and design changes to a CPU, chipsets and peripheral devices.

Department of Electronics and Communication Engineering, MIT, Manipal

Palladium Architecture
App

User Kernel
OS

How do you preserve the flexibility and extensibility that contributes so much to the entire PC ecosystem, while still providing end users with a safe place to do important work? In particular, how can you keep anything secret, when pluggable kernel components control the machine?

Department of Electronics and Communication Engineering, MIT, Manipal

The solution: subdivide the execution environment by adding a new mode flag to the CPU.

The CPU is either in standard mode or trusted mode. Pages of physical memory can be marked as trusted. Trusted pages can only be accessed when the CPU is in trusted mode.
App

Agent
Standard Trusted Nexus

User
Kernel
OS

Department of Electronics and Communication Engineering, MIT, Manipal

App

Agent Agent

User
Standard Trusted Kernel
OS Trusted USB Hub Trusted GPU

Nexus
Pub/Pri Keys

SSC

Agents also need to let the user enter secrets and to display secrets to the user. Input is secured by a trusted USB hub for KB and mouse that carries on a protected conversation with the nexus. Output is secured by a trusted GPU that carries on a crypto-protected conversation with the nexus. This gives us fingertip-to-eyeball security.
Department of Electronics and Communication Engineering, MIT, Manipal

Hardware Summary
CPU changes MMU changes Southbridge (LPC bus interface) changes Security Support Component (SSC)
New chip on the motherboard (LPC bus)

Trusted USB hub


May be on motherboard, in keyboard, or anywhere in between

Trusted GPU

Department of Electronics and Communication Engineering, MIT, Manipal

Palladium is different from DRM Both are independent of each other. Pd is a complimentary technology to the DRM DRM systems have to store those keys in a software that represent inherent vulnerability Palladium will offer ways to store the key in hardware, and thats simply harder to break. Palladium makes sure that DRM is running in a trusted environment with trustworthy machines.
Department of Electronics and Communication Engineering, MIT, Manipal

Drawbacks of palladium Upgrades: users will have to upgrade both their current OS and hardware. Inter probability: General Public License (GPL) killer. Legacy Programs: Pd OS wont have perfect legacy support. Debuggers, performance tools updating compulsory.

Department of Electronics and Communication Engineering, MIT, Manipal

Bitlocker
BitLocker Drive Encryption is a full disk encryption feature included with the Ultimate and Enterprise editions of Microsoft's Windows Vista, Windows 7, and Windows 8 desktop operating systems, as well as the server platforms, Windows Server 2008 and Windows Server 2008 R2. It is designed to protect data by providing encryption for entire volumes. While Microsoft has said hardly a word about NGSCB over the last few years, its clearly become the basis of Windows 7s TPM (Trusted Platform Module). In turn, TPM is at the core of BitLocker. In Windows 7, Microsoft uses TPM 1.2 software to interact with computers built-in TPM 1.2 chips. Each PCs TPM processor comes with a unique RSA encrypted key. In Windows, this is called the Storage Root Key (SRK). The private TPM key is never exposed to any other component, software, process, or person.
Department of Electronics and Communication Engineering, MIT, Manipal

END

Department of Electronics and Communication Engineering, MIT, Manipal

Potrebbero piacerti anche