seminar cryptography
TRANSCRIPT
-
7/29/2019 seminar cryptography
1/18
PALLADIUM CRYPTOGRAPHY
By
DISHA MAKKARReg. No.: 090907185
Roll No.:198, Section: D(21)
Seminar Presentation
De artment of Electronics and Communication En ineerin MIT Mani al
-
7/29/2019 seminar cryptography
2/18
De artment of Electronics and Communication En ineerin MIT Mani al
Contents
Introduction
Trusted Computing
Palladium cryptography
How palladium works
Architecture of Palladium
Hardware Summary
How Palladium is different from DRM
Drawbacks of Palladium
Bitlocker
-
7/29/2019 seminar cryptography
3/18
De artment of Electronics and Communication En ineerin MIT Mani al
Introduction
As we tend towards a more and more computer
centric world, the concept of data security hasattained a paramount importance.
Present day security systems are incapable of
providing a trustworthy environment andvulnerable to unexpected attacks.
NGSCB will transform the PC into a platform
that can perform trusted operations spanningmultiple computers under a trust policy that can
be dynamically created and whose integrity
anyone can authenticate.
-
7/29/2019 seminar cryptography
4/18
De artment of Electronics and Communication En ineerin MIT Mani al
Types Of Data Threats
Intruders
Casual Prying
Snooping Commercial espionage
Virus
-
7/29/2019 seminar cryptography
5/18
De artment of Electronics and Communication En ineerin MIT Mani al
Trusted Computing
TC is a technology developed and promoted byTCG(Trusted Computing Group).
With TC, the computer will consistently behave
in expected ways, and those behaviors will be
enforced by hardware and software.
TC uses cryptography to help enforce a selected
behavior.
-
7/29/2019 seminar cryptography
6/18
De artment of Electronics and Communication En ineerin MIT Mani al
DRM(Digital Rights Management)
DRM is a generic term for access control
technologies that can be used by hardwaremanufacturers, publishers, copyright holders
and individuals to limit the usage of digital
content and devices. It controls use of digital media by preventing
access, copying or conversion to other formats
by the end user.
-
7/29/2019 seminar cryptography
7/18
De artment of Electronics and Communication En ineerin MIT Mani al
Palladium Cryptography
Palladium is MS code name for an
evolutionary set of features for Windows OS.
Combined with new breed of hardware andapplications, these features will give
individuals and groups greater data security,personal privacy, and system integrity.
Its not a separate OS. Ii is based inarchitectural enhancements to the windows
kernel and to computer hardware, includingCPU, peripherals and chipsets, to create a newtrusted execution subsystem.
-
7/29/2019 seminar cryptography
8/18
De artment of Electronics and Communication En ineerin MIT Mani al
Aspects of Palladium
Hardware Components
Trusted Space: execution space protectedfrom external attacks(virus).
Sealed storage: store secrets that cant be
retrieved by non trusted programs.
Secure input and output: A secure path from
keyboard (mouse) to Pd applications and from
Pd applications to screen.
-
7/29/2019 seminar cryptography
9/18De artment of Electronics and Communication En ineerin MIT Mani al
Software Components
Nexus: this component manages trust
functionality for Palladium user mode
processes. Executes in kernel mode in the
trusted space.
Trusted Agents: Its a program, a part of
program, calls the nexus for security related
services and critical general services such asmemory management.
-
7/29/2019 seminar cryptography
10/18De artment of Electronics and Communication En ineerin MIT Mani al
How Palladium Works
Palladium is a new hardware and software architecture.
This architecture will include SSC(security servicecomputing) chip and design changes to a CPU,
chipsets and peripheral devices.
-
7/29/2019 seminar cryptography
11/18De artment of Electronics and Communication En ineerin MIT Mani al
App
OS
User
Kernel
Palladium Architecture
How do you preserve the flexibility and extensibility thatcontributes so much to the entire PC ecosystem, while still
providing end users with a safe place to do important work? In particular, how can you keep anything secret, when
pluggable kernel components control the machine?
-
7/29/2019 seminar cryptography
12/18De artment of Electronics and Communication En ineerin MIT Mani al
The solution: subdivide the executionenvironment by adding a new mode flag to the
CPU. The CPU is either in standard mode or trusted
mode.
Pages of physical memory can be marked as
trusted. Trusted pages can only be accessed whenthe CPU is in trusted mode.
Agent
App
OS
User
Kernel
Standard
Trusted
Nexus
-
7/29/2019 seminar cryptography
13/18De artment of Electronics and Communication En ineerin MIT Mani al
User
Kernel
App
OS
S
tandard
Trusted
Agent
Nexus
Agent
SSCPub/Pri Keys
Trusted
GPU
Trusted
USB Hub
Agents also need to let the user entersecrets and to display secrets to the user.
Input is secured by a trusted USB hub for KB and
mouse that carries on a protected conversation withthe nexus. Output is secured by a trusted GPU that carries on a
crypto-protected conversation with the nexus. This gives us fingertip-to-eyeball security.
-
7/29/2019 seminar cryptography
14/18De artment of Electronics and Communication En ineerin MIT Mani al
Hardware Summary
CPU changes
MMU changes
Southbridge (LPC bus interface) changes
Security Support Component (SSC)
New chip on the motherboard (LPC bus)
Trusted USB hub
May be on motherboard, in keyboard, or anywhere in between
Trusted GPU
-
7/29/2019 seminar cryptography
15/18De artment of Electronics and Communication En ineerin MIT Mani al
Palladium is different from DRM
Both are independent of each other.
Pd is a complimentary technology to the DRM
DRM systems have to store those keys in a
software that represent inherent vulnerability
Palladium will offer ways to store the key in
hardware, and thats simply harder to break.
Palladium makes sure that DRM is running in a
trusted environment with trustworthy
machines.
-
7/29/2019 seminar cryptography
16/18De artment of Electronics and Communication En ineerin MIT Mani al
Drawbacks of palladium
Upgrades: users will have to upgrade both
their current OS and hardware.
Inter probability: General Public License (GPL)
killer.
Legacy Programs: Pd OS wont have perfect
legacy support. Debuggers, performance tools
updating compulsory.
-
7/29/2019 seminar cryptography
17/18De artment of Electronics and Communication En ineerin MIT Mani al
Bitlocker
BitLocker Drive Encryption is a full disk encryption feature
included with the Ultimate and Enterprise editions
of Microsoft's Windows Vista, Windows 7, and Windows8 desktop operating systems, as well as the server
platforms, Windows Server 2008 and Windows Server 2008 R2.
It is designed to protect data by providing encryption for
entire volumes.
While Microsoft has said hardly a word about NGSCB over the
last few years, its clearly become the basis of Windows 7s TPM
(Trusted Platform Module). In turn, TPM is at the core of
BitLocker.
In Windows 7, Microsoft uses TPM 1.2 software to interact withcomputers built-in TPM 1.2 chips. Each PCs TPM processor
comes with a unique RSA encrypted key. In Windows, this is
called the Storage Root Key (SRK). The private TPM key is never
exposed to any other component, software, process, or person.
http://technet.microsoft.com/en-us/library/cc749022%28WS.10%29.aspxhttp://technet.microsoft.com/en-us/library/cc749022%28WS.10%29.aspx -
7/29/2019 seminar cryptography
18/18D f El i d C i i E i i MIT M i l
END