seminar cryptography

7/29/2019 seminar cryptography

1/18

PALLADIUM CRYPTOGRAPHY

By

DISHA MAKKARReg. No.: 090907185

Roll No.:198, Section: D(21)

Seminar Presentation

De artment of Electronics and Communication En ineerin MIT Mani al


2/18


Contents

Introduction

Trusted Computing

Palladium cryptography

How palladium works

Architecture of Palladium

Hardware Summary

How Palladium is different from DRM

Drawbacks of Palladium

Bitlocker


3/18


Introduction

As we tend towards a more and more computer

centric world, the concept of data security hasattained a paramount importance.

Present day security systems are incapable of

providing a trustworthy environment andvulnerable to unexpected attacks.

NGSCB will transform the PC into a platform

that can perform trusted operations spanningmultiple computers under a trust policy that can

be dynamically created and whose integrity

anyone can authenticate.


4/18


Types Of Data Threats

Intruders

Casual Prying

Snooping Commercial espionage

Virus


5/18


Trusted Computing

TC is a technology developed and promoted byTCG(Trusted Computing Group).

With TC, the computer will consistently behave

in expected ways, and those behaviors will be

enforced by hardware and software.

TC uses cryptography to help enforce a selected

behavior.


6/18


DRM(Digital Rights Management)

DRM is a generic term for access control

technologies that can be used by hardwaremanufacturers, publishers, copyright holders

and individuals to limit the usage of digital

content and devices. It controls use of digital media by preventing

access, copying or conversion to other formats

by the end user.


7/18


Palladium Cryptography

Palladium is MS code name for an

evolutionary set of features for Windows OS.

Combined with new breed of hardware andapplications, these features will give

individuals and groups greater data security,personal privacy, and system integrity.

Its not a separate OS. Ii is based inarchitectural enhancements to the windows

kernel and to computer hardware, includingCPU, peripherals and chipsets, to create a newtrusted execution subsystem.


8/18


Aspects of Palladium

Hardware Components

Trusted Space: execution space protectedfrom external attacks(virus).

Sealed storage: store secrets that cant be

retrieved by non trusted programs.

Secure input and output: A secure path from

keyboard (mouse) to Pd applications and from

Pd applications to screen.


9/18De artment of Electronics and Communication En ineerin MIT Mani al

Software Components

Nexus: this component manages trust

functionality for Palladium user mode

processes. Executes in kernel mode in the

trusted space.

Trusted Agents: Its a program, a part of

program, calls the nexus for security related

services and critical general services such asmemory management.



How Palladium Works

Palladium is a new hardware and software architecture.

This architecture will include SSC(security servicecomputing) chip and design changes to a CPU,

chipsets and peripheral devices.



App

OS

User

Kernel

Palladium Architecture

How do you preserve the flexibility and extensibility thatcontributes so much to the entire PC ecosystem, while still

providing end users with a safe place to do important work? In particular, how can you keep anything secret, when

pluggable kernel components control the machine?



The solution: subdivide the executionenvironment by adding a new mode flag to the

CPU. The CPU is either in standard mode or trusted

mode.

Pages of physical memory can be marked as

trusted. Trusted pages can only be accessed whenthe CPU is in trusted mode.

Agent

App

OS

User

Kernel

Standard

Trusted

Nexus



User

Kernel

App

OS

S

tandard

Trusted

Agent

Nexus

Agent

SSCPub/Pri Keys

Trusted

GPU

Trusted

USB Hub

Agents also need to let the user entersecrets and to display secrets to the user.

Input is secured by a trusted USB hub for KB and

mouse that carries on a protected conversation withthe nexus. Output is secured by a trusted GPU that carries on a

crypto-protected conversation with the nexus. This gives us fingertip-to-eyeball security.



Hardware Summary

CPU changes

MMU changes

Southbridge (LPC bus interface) changes

Security Support Component (SSC)

New chip on the motherboard (LPC bus)

Trusted USB hub

May be on motherboard, in keyboard, or anywhere in between

Trusted GPU



Palladium is different from DRM

Both are independent of each other.

Pd is a complimentary technology to the DRM

DRM systems have to store those keys in a

software that represent inherent vulnerability

Palladium will offer ways to store the key in

hardware, and thats simply harder to break.

Palladium makes sure that DRM is running in a

trusted environment with trustworthy

machines.



Drawbacks of palladium

Upgrades: users will have to upgrade both

their current OS and hardware.

Inter probability: General Public License (GPL)

killer.

Legacy Programs: Pd OS wont have perfect

legacy support. Debuggers, performance tools

updating compulsory.



Bitlocker

BitLocker Drive Encryption is a full disk encryption feature

included with the Ultimate and Enterprise editions

of Microsoft's Windows Vista, Windows 7, and Windows8 desktop operating systems, as well as the server

platforms, Windows Server 2008 and Windows Server 2008 R2.

It is designed to protect data by providing encryption for

entire volumes.

While Microsoft has said hardly a word about NGSCB over the

last few years, its clearly become the basis of Windows 7s TPM

(Trusted Platform Module). In turn, TPM is at the core of

BitLocker.

In Windows 7, Microsoft uses TPM 1.2 software to interact withcomputers built-in TPM 1.2 chips. Each PCs TPM processor

comes with a unique RSA encrypted key. In Windows, this is

called the Storage Root Key (SRK). The private TPM key is never

exposed to any other component, software, process, or person.
http://technet.microsoft.com/en-us/library/cc749022%28WS.10%29.aspxhttp://technet.microsoft.com/en-us/library/cc749022%28WS.10%29.aspx


18/18D f El i d C i i E i i MIT M i l

END

seminar cryptography

Documents