TCPA/Palladium All Your Computers Are Belong to Us! The History of TCPA So what is TCPA/Palladium anyway? TCPA stands for the Trusted Computing Platform Alliance (http://www.trustedcomputing.org) an initiative led by Intel. Palladium is software that Microsoft says it plans to incorporate in future versions of Windows. http://www.theregister.co.uk/content/4/25852.html The History of TCPA The basic idea - a specially trusted ‘reference monitor’ that supervises a computer's access control functions - goes back at least to a paper written by James Anderson for the USAF in 1972. The origins of TCPA can be traced back to a paper by Martin Kuhn in April, 1997 entitled “The TrustNo 1 Cryptoprocessor Concept”. The History of TCPA Bill Arbaugh, Dave Farber and Jonathan Smith published a paper in the proceedings of the IEEE Symposium on Security and Privacy (1997) pp 6571 called “A Secure and Reliable Bootstrap Architecture”. It led to a US patent: “Secure and Reliable Bootstrap Architecture'', U.S. Patent No. 6,185,678, February 6th, 2001. Mr. Arbaugh’s thinking developed from work he did while working for the NSA on code signing in 1994. History of TCPA In 1999, Microsoft, Intel, IBM, HP, and Compaq formed what would become the TCPA. The goal of TCPA was to define a hardware specification for secure systems. The TCPA has released its first hardware specification, a design just now starting to appear as part of Intel’s LeGrande processor architecture. TCPA Architecture Following the TCPA nomenclature, a PC would look like this going from the higher level, the most external, the lowest, the most internal: System - Peripherals, drivers, applications Platform - Disk units, cards, power supply Motherboard - CPU, memory, connection buses Microprocessor TCPA Architecture The new model proposed by TCPA proposes these architectural changes: System - Without changes Platform - "TCPA subsystem" is added Motherboard - Without changes Microprocessor – Same TBB - Composed by the TPM and CRTM The CRTM (Core Root of Trust Module) This is the place where execution always begins when the system starts to run. It's certainly the equivalent of the BIOS in our PC. When execution starts at the CRTM, it checks its own integrity, the system components, the Option ROM of the peripherals, and the code that's being executed next (the IPL ex.), extending what they call the "chain of trust". The TPM (Trusted Platform Module) This is the most important component, and it must be sealed to the motherboard in two different possible ways: - The TPM is physically bounded to the platform. - The TPM is a SmartCard placed outside the PC but in a way only one TPM can be related to one platform. The TPM (Trusted Platform Module) TPM is acting as some special sort of SmartCard. It's providing functions that strengthen the system's security and integrity by a rewritable memory and a sealed memory (not accessible from the outside, and never revealed by the TPM) and has several microprogrammed cryptographic algorithms: TPM Crypto Algorithms SHA-1 RSA RNG 3DES Applications of TCPA Protection of user authentication keys Protection of user file and filesystem keys Applications of TCPA TCPA is not DRM (Digital Rights Management). TCPA would, in fact, make a poor DRM platform. Applications of TCPA TCPA does not: Control execution Block execution based on signatures, or revocation lists, or approved lists Applications of TCPA TCPA does Provide protection of a user’s private keys and encrypted data Protect sensitive data from many software attacks, including viruses, worms and trojans. TCPA and Open Source There is full source code for a Linux device driver for the TCPA chip, released under the GPL. Wouldn't it be a kick if Open Source systems were out there in the field doing useful and secure things with TCPA before other sorts of systems showed up trying to do draconian anti-user things? Check out http://www.research.ibm.com/gsal/tcpa/tpm.tar.gz. Embrace, Extend Extinguish In 1997, Peter Biddle was part of a Microsoft skunkworks project to find ways to convince Hollywood to let DVDs play on personal computers. Biddle and his team of scientists came up with the idea of the creating cryptographically secure areas in the operating system called “virtual vaults”. Embrace, Extend, Extinguish As time progressed, Microsoft realized the implications of the research project: that it could address a lot more than just DVD copying. Biddle’s virtual vaults would now store digital certificates that could control anything and everything. Embrace, Extend, Extinguish Microsoft has started to diverge from the TCPA effort and is developing its own hardware and software specification called Palladium. Security expert Bruce Schneier says that Palladium and not TCPA will become the more important standard. One Architecture to Rule Them All and in the Darkness Bind Them Palladium is a work-in-progress much like .NET. This much is known about the architecture of Palladium. One Architecture to Rule Them All and in the Darkness Bind Them The Hardware: The Security Support Component (SSC). A Modified CPU A modified graphics controller A secure keyboard and mouse One Architecture to Rule Them All and in the Darkness Bind Them The Software: The Nexus Notarized Computing Agents One Architecture to Rule Them All and in the Darkness Bind Them When you boot up your PC, the SSC takes charge. The SSC creates an expanding “trust boundary.” The result is a PC booted into a known state with an approved combination of hardware and software. One Architecture to Rule Them All and in the Darkness Bind Them Once the machine is in a known good state, The SSC can certify it as such to third parties. The possibilities seem to be limited only by the marketers' imagination. Uses of Palladium Palladium could be used to implement very strong access controls on confidential documents. Governments and other entities would love this. Uses of Palladium A corporation could set up its documents such that they would only be readable on its PCs. Documents could be set up with automatic expiration dates. Abuses of Palladium Palladium was designed from the start to support the centralized revocation of pirated software. It will also make it easier for people to rent software rather than buying it; and if you stop paying the rent, then not only does the software stop working but so may the files it created. Abuses of Palladium The mechanisms designed to delete pirated music under remote control may be used to delete documents that a court (or a software company) has decided are offensive. Software companies can also make it harder for you to switch to their competitors' products. Palladium and Open Source It is not a secret that Microsoft harbors ill will against GPL’ed Open Source Software. Many Open Source advocates wonder if it will be possible to create a Palladium-ish environment without violating the GPL, which may or may not require a GPL’ed Nexus. Palladium and Open Source It is unclear whether these potential Open Source problems are intentional or merely a byproduct. Microsoft probably sees Palladium more of a way to placate Hollywood than an outright attack at Open Source. Palladium and Open Source As you might guess, Richard Stallman is less than pleased about the prospect of Palladium. Mr. Stallman says that Palladium puts the existence of free operating systems and free applications at risk, because you may not be able to run them at all. Taking It To The Streets The TCPA specification was published in 2000. Atmel is already selling a SSC chip. Some of the existing features in Windows XP and the X-Box are Palladium-ish features: for example, if you change your PC configuration more than a little, you have to reregister all your software with Redmond. Palladium Gives EU the Jitters The EU is not at all happy about the prospect of Palladium. The Europeans see this as a classic case of a solution without a problem. The European IT market is the third largest in the world. Can Microsoft really afford to cheese off this much of a marketing segment? Palladium Gives EU the Jitters Germany's Ministry of Economics and Labor said in a letter to the Bundestag, or parliament, that widespread adoption of Palladium raises the "danger that applications of software for new highsecurity PCs require a license by Microsoft, resulting in high costs." Blows Against The Empire Lucky Green and has filed three applications describing techniques for using Palladium to enforce software licensing. Lucky Green says that he has no intention of ever implementing these techniques, but he will enforce his patents to prevent other from implementing them. But Isn't PC Security a Good Thing? The question is: security for whom? Palladium will not stop virus’, SPAM or trojans. Palladium won’t stop privacy abuses. Palladium does not so much provide security for the user as for the PC vendor, the software supplier, and the content industry. But Isn't PC Security a Good Thing? No doubt Palladium will be bundled with new features so that the package as a whole appears to add value in the short term, but the long-term economic, social and legal implications require serious thought. What If Palladium Doesn’t Work? Microsoft doesn’t make mistakes, right? What If Palladium Doesn’t Work? Who can forget such wonderful products as: Windows 1, Windows 2, MS Net, MSX, LAN Manager, Windows for Pen Computing, Windows CE 1.0 And let’s not forget about Microsoft Bob! Politics Make Strange Bedfellows In 2001, Senator Ernest (Fritz) Hollings (D. Sc) introduced a draft bill called the "Security Systems Standards and Certification Act" (SSSCA). Many were predicting that Trusted Computing technology, as embodied in the TCPA and Palladium proposals, would be mandated by the Hollings bill. Politics Makes Strange Bedfellows It appears this bill had been struck a fatal blow when Hollings lost his Commerce committee chairmanship due to the Democrats losing Senate leadership. On 14-Jan-2003, the Recording Industry Association of America, along with two computer and technology industry trade groups, has agreed not to seek new government regulations to mandate technological controls for copyright protection. Some Parts of Microsoft Make Mistakes On 27-Jan-2003, the Mighty Microsoft Marketing Machine abandoned the Palladium name, in favor of the (no doubt deliberately) snooze-provoking "Next Generation Secure Computing Base" for two reasons: Some Parts of Microsoft Make Mistakes The Palladium name is already used by another company for a product in a similar vein. Since its announcement Palladium has received a lot of attention, been a center of controversy, and been subject to what Microsoft thinks of as misdirected criticism. “I trust it as far as I can comfortably spit a rat!” In the US Department of Defense parlance, a “trusted system or component” is defined as “one which can break the security policy”. So a ‘Trusted Computer’ is one that can break my security? A TCPA/Palladium Reading List http://www.trustedcomputing.org http://www.trustedcomputing.org/docs/main%20v1_1b.pdf http://www.trustedcomputing.org/docs/TCPA_PCSpecificSpecification_v100.pdf http://www.activewin.com/articles/2002/pd.shtml http://zdnet.com.com/2100-1107-941111.html http://news.bbc.co.uk/1/hi/sci/tech/2094167.stm http://www.internetnews.com/xSP/article.php/1378731 http://www.pbs.org/cringely/pulpit/pulpit20020627.html http://www.oreillynet.com/pub/a/webservices/2002/07/09/udell.html http://www.kuro5hin.org/story/2002/7/9/17842/90350 http://microsoft.com/mscorp/execmail/2002/07-18twc.asp http://newsforge.com/newsforge/02/10/21/1449250.shtml?tid=19