TCPA/Palladium. All Your Computers Are Belong to Us!

TCPA/PalladiumTCPA/Palladium

All Your Computers Are All Your Computers Are Belong to Us!Belong to Us!

The History of TCPAThe History of TCPA

So what is TCPA/Palladium anyway? TCPA stands for the Trusted Computing Platform

Alliance (http://www.trustedcomputing.org) an initiative led by Intel.

Palladium is software that Microsoft says it plans to incorporate in future versions of Windows. http://www.theregister.co.uk/content/4/25852.html


The basic idea - a specially trusted ‘reference monitor’ that supervises a computer's access control functions - goes back at least to a paper written by James Anderson for the USAF in 1972.

The origins of TCPA can be traced back to a paper by Martin Kuhn in April, 1997 entitled “The TrustNo 1 Cryptoprocessor Concept”.


Bill Arbaugh, Dave Farber and Jonathan Smith published a paper in the proceedings of the IEEE Symposium on Security and Privacy (1997) pp 65-71 called “A Secure and Reliable Bootstrap Architecture”.

It led to a US patent: “Secure and Reliable Bootstrap Architecture'', U.S. Patent No. 6,185,678, February 6th, 2001. Mr. Arbaugh’s thinking developed from work he did while working for the NSA on code signing in 1994.

History of TCPAHistory of TCPA

In 1999, Microsoft, Intel, IBM, HP, and Compaq formed what would become the TCPA. The goal of TCPA was to define a hardware specification for secure systems.

The TCPA has released its first hardware specification, a design just now starting to appear as part of Intel’s LeGrande processor architecture.

TCPA ArchitectureTCPA Architecture

Following the TCPA nomenclature, a PC would look like this going from the higher level, the most external, the lowest, the most internal:

System - Peripherals, drivers, applications

Platform - Disk units, cards, power supply

Motherboard - CPU, memory, connection buses

Microprocessor

TCPA ArchitectureTCPA Architecture

The new model proposed by TCPA proposes these architectural changes:

System - Without changes

Platform - "TCPA subsystem" is added

Motherboard - Without changes

Microprocessor – Same

TBB - Composed by the TPM and CRTM

The CRTM (Core Root of The CRTM (Core Root of Trust Module)Trust Module)

This is the place where execution always begins when the system starts to run.

It's certainly the equivalent of the BIOS in our PC. When execution starts at the CRTM, it checks its

own integrity, the system components, the Option ROM of the peripherals, and the code that's being executed next (the IPL ex.), extending what they call the "chain of trust".

The TPM (Trusted Platform The TPM (Trusted Platform Module)Module)

This is the most important component, and it must be sealed to the motherboard in two different possible ways:

- The TPM is physically bounded to the platform.

- The TPM is a SmartCard placed outside the PC but in a way only one TPM can be related to one platform.

The TPM (Trusted Platform The TPM (Trusted Platform Module)Module)

TPM is acting as some special sort of SmartCard. It's providing functions that strengthen the system's security and integrity by a rewritable memory and a sealed memory (not accessible from the outside, and never revealed by the TPM) and has several microprogrammed cryptographic algorithms:

TPM Crypto AlgorithmsTPM Crypto Algorithms

SHA-1 RSA RNG3DES

Applications of TCPAApplications of TCPA

Protection of user authentication keysProtection of user file and filesystem keys


TCPA is not DRM (Digital Rights Management).

TCPA would, in fact, make a poor DRM platform.


TCPA does not:

Control execution

Block execution based on signatures, or revocation lists, or approved lists


TCPA does Provide protection of a user’s private

keys and encrypted data Protect sensitive data from many software

attacks, including viruses, worms and trojans.

TCPA and Open SourceTCPA and Open Source

There is full source code for a Linux device driver for the TCPA chip, released under the GPL.

Wouldn't it be a kick if Open Source systems were out there in the field doing useful and secure things with TCPA before other sorts of systems showed up trying to do draconian anti-user things? Check out http://www.research.ibm.com/gsal/tcpa/tpm.tar.gz.

Embrace, , Extend Extinguish

In 1997, Peter Biddle was part of a Microsoft skunkworks project to find ways to convince Hollywood to let DVDs play on personal computers.

Biddle and his team of scientists came up with the idea of the creating cryptographically secure areas in the operating system called “virtual vaults”.

Embrace, Extend, ExtinguishEmbrace, Extend, Extinguish

As time progressed, Microsoft realized the implications of the research project: that it could address a lot more than just DVD copying.

Biddle’s virtual vaults would now store digital certificates that could control anything and everything.

Embrace, Extend, ExtinguishEmbrace, Extend, Extinguish

Microsoft has started to diverge from the TCPA effort and is developing its own hardware and software specification called Palladium.

Security expert Bruce Schneier says that Palladium and not TCPA will become the more important standard.

One Architecture to Rule Them All and in the Darkness

Bind Them

Palladium is a work-in-progress much like .NET.

This much is known about the architecture of Palladium.


Bind Them

The Hardware:The Security Support Component (SSC). A Modified CPU A modified graphics controller A secure keyboard and mouse


Bind Them

The Software:The Nexus Notarized Computing Agents


Bind ThemWhen you boot up your PC, the SSC takes

charge. The SSC creates an expanding “trust

boundary.”The result is a PC booted into a known state

with an approved combination of hardware and software.


Bind Them

Once the machine is in a known good state, The SSC can certify it as such to third parties.

The possibilities seem to be limited only by the marketers' imagination.

Uses of PalladiumUses of Palladium

Palladium could be used to implement very strong access controls on confidential documents.

Governments and other entities would love this.

Uses of PalladiumUses of Palladium

A corporation could set up its documents such that they would only be readable on its PCs.

Documents could be set up with automatic expiration dates.

Abuses of PalladiumAbuses of Palladium

Palladium was designed from the start to support the centralized revocation of pirated software.

It will also make it easier for people to rent software rather than buying it; and if you stop paying the rent, then not only does the software stop working but so may the files it created.

Abuses of PalladiumAbuses of Palladium

The mechanisms designed to delete pirated music under remote control may be used to delete documents that a court (or a software company) has decided are offensive.

Software companies can also make it harder for you to switch to their competitors' products.

Palladium and Open SourcePalladium and Open Source

It is not a secret that Microsoft harbors ill will against GPL’ed Open Source Software.

Many Open Source advocates wonder if it will be possible to create a Palladium-ish environment without violating the GPL, which may or may not require a GPL’ed Nexus.


It is unclear whether these potential Open Source problems are intentional or merely a byproduct.

Microsoft probably sees Palladium more of a way to placate Hollywood than an outright attack at Open Source.


As you might guess, Richard Stallman is less than pleased about the prospect of Palladium.

Mr. Stallman says that Palladium puts the existence of free operating systems and free applications at risk, because you may not be able to run them at all.

Taking It To The StreetsTaking It To The Streets

The TCPA specification was published in 2000. Atmel is already selling a SSC chip. Some of the existing features in Windows XP and

the X-Box are Palladium-ish features: for example, if you change your PC configuration more than a little, you have to reregister all your software with Redmond.

Palladium Gives EU the JittersPalladium Gives EU the Jitters

The EU is not at all happy about the prospect of Palladium.

The Europeans see this as a classic case of a solution without a problem.

The European IT market is the third largest in the world. Can Microsoft really afford to cheese off this much of a marketing segment?

Palladium Gives EU the JittersPalladium Gives EU the Jitters

Germany's Ministry of Economics and Labor said in a letter to the Bundestag, or parliament, that widespread adoption of Palladium raises the "danger that applications of software for new high-security PCs require a license by Microsoft, resulting in high costs."

Blows Against The EmpireBlows Against The Empire

Lucky Green and has filed three applications describing techniques for using Palladium to enforce software licensing.

Lucky Green says that he has no intention of ever implementing these techniques, but he will enforce his patents to prevent other from implementing them.

But Isn't PC Security a Good Thing??

The question is: security for whom? Palladium will not stop virus’, SPAM or

trojans.Palladium won’t stop privacy abuses.Palladium does not so much provide

security for the user as for the PC vendor, the software supplier, and the content industry.

But Isn't PC Security a Good Thing??

No doubt Palladium will be bundled with new features so that the package as a whole appears to add value in the short term, but the long-term economic, social and legal implications require serious thought.

What If Palladium Doesn’t What If Palladium Doesn’t Work?Work?

Microsoft doesn’t make mistakes, right?

What If Palladium Doesn’t What If Palladium Doesn’t Work?Work?

Who can forget such wonderful products as:

Windows 1, Windows 2, MS Net, MSX, LAN Manager, Windows for Pen Computing, Windows CE 1.0

And let’s not forget about Microsoft Bob!

Politics Make Strange Politics Make Strange BedfellowsBedfellows

In 2001, Senator Ernest (Fritz) Hollings (D. Sc) introduced a draft bill called the "Security Systems Standards and Certification Act" (SSSCA).

Many were predicting that TrustedComputing technology, as embodied in the

TCPA and Palladium proposals, would be mandated by the Hollings bill.

Politics Makes Strange Politics Makes Strange BedfellowsBedfellows

It appears this bill had been struck a fatal blow when Hollings lost his Commerce committee chairmanship due to the Democrats losing Senate leadership.

On 14-Jan-2003, the Recording Industry Association of America, along with two computer and technology industry trade groups, has agreed not to seek new government regulations to mandate technological controls for copyright protection.

Some Parts of Microsoft Make Some Parts of Microsoft Make MistakesMistakes

On 27-Jan-2003, the Mighty Microsoft Marketing Machine abandoned the Palladium name, in favor of the (no doubt deliberately) snooze-provoking "Next Generation Secure Computing Base" for two reasons:

Some Parts of Microsoft Make Some Parts of Microsoft Make MistakesMistakes

The Palladium name is already used by another company for a product in a similar vein.

Since its announcement Palladium has received a lot of attention, been a center of controversy, and been subject to what Microsoft thinks of as misdirected criticism.

“I trust it as far as I can comfortably spit a rat!”

In the US Department of Defense parlance,

a “trusted system or component” is defined as “one which can break the security policy”.

So a ‘Trusted Computer’ is one that can break my security?

A TCPA/Palladium Reading A TCPA/Palladium Reading ListList

http://www.trustedcomputing.org http://www.trustedcomputing.org/docs/main%20v1_1b.pdf http://www.trustedcomputing.org/docs/TCPA_PCSpecificSpecification_v100.pdf http://www.activewin.com/articles/2002/pd.shtml http://zdnet.com.com/2100-1107-941111.html http://news.bbc.co.uk/1/hi/sci/tech/2094167.stm http://www.internetnews.com/xSP/article.php/1378731 http://www.pbs.org/cringely/pulpit/pulpit20020627.html http://www.oreillynet.com/pub/a/webservices/2002/07/09/udell.html http://www.kuro5hin.org/story/2002/7/9/17842/90350 http://microsoft.com/mscorp/execmail/2002/07-18twc.asp http://newsforge.com/newsforge/02/10/21/1449250.shtml?tid=19