All Your Computers Are
Belong to Us!
The History of TCPA
So what is TCPA/Palladium anyway?
 TCPA stands for the Trusted Computing Platform
Alliance ( an
initiative led by Intel.
 Palladium is software that Microsoft says it plans
to incorporate in future versions of Windows.
The History of TCPA
The basic idea - a specially trusted ‘reference
monitor’ that supervises a computer's access
control functions - goes back at least to a paper
written by James Anderson for the USAF in 1972.
 The origins of TCPA can be traced back to a paper
by Martin Kuhn in April, 1997 entitled “The
TrustNo 1 Cryptoprocessor Concept”.
The History of TCPA
Bill Arbaugh, Dave Farber and Jonathan Smith
published a paper in the proceedings of the IEEE
Symposium on Security and Privacy (1997) pp 6571 called “A Secure and Reliable Bootstrap
 It led to a US patent: “Secure and Reliable
Bootstrap Architecture'', U.S. Patent No.
6,185,678, February 6th, 2001. Mr. Arbaugh’s
thinking developed from work he did while
working for the NSA on code signing in 1994.
History of TCPA
In 1999, Microsoft, Intel, IBM, HP, and
Compaq formed what would become the
TCPA. The goal of TCPA was to define a
hardware specification for secure systems.
 The TCPA has released its first hardware
specification, a design just now starting to
appear as part of Intel’s LeGrande processor
TCPA Architecture
Following the TCPA nomenclature, a PC would
look like this going from the higher level, the most
external, the lowest, the most internal:
- Peripherals, drivers, applications
- Disk units, cards, power supply
Motherboard - CPU, memory, connection buses
TCPA Architecture
The new model proposed by TCPA
proposes these architectural changes:
- Without changes
Platform - "TCPA subsystem" is added
Motherboard - Without changes
Microprocessor – Same
TBB - Composed by the TPM and CRTM
The CRTM (Core Root of
Trust Module)
This is the place where execution always begins
when the system starts to run.
 It's certainly the equivalent of the BIOS in our PC.
 When execution starts at the CRTM, it checks its
own integrity, the system components, the Option
ROM of the peripherals, and the code that's being
executed next (the IPL ex.), extending what they
call the "chain of trust".
The TPM (Trusted Platform
This is the most important component, and
it must be sealed to the motherboard in two
different possible ways:
- The TPM is physically bounded to the
- The TPM is a SmartCard placed outside the
PC but in a way only one TPM can be
related to one platform.
The TPM (Trusted Platform
TPM is acting as some special sort of
SmartCard. It's providing functions that
strengthen the system's security and
integrity by a rewritable memory and a
sealed memory (not accessible from the
outside, and never revealed by the TPM)
and has several microprogrammed
cryptographic algorithms:
TPM Crypto Algorithms
 3DES
Applications of TCPA
Protection of user authentication keys
 Protection of user file and filesystem keys
Applications of TCPA
TCPA is not DRM (Digital Rights
 TCPA would, in fact, make a poor DRM
Applications of TCPA
TCPA does not:
Control execution
Block execution based on signatures,
or revocation lists, or approved lists
Applications of TCPA
TCPA does
 Provide protection of a user’s private
keys and encrypted data
 Protect sensitive data from many software
attacks, including viruses, worms and
TCPA and Open Source
There is full source code for a Linux device driver
for the TCPA chip, released under the GPL.
 Wouldn't it be a kick if Open Source systems were
out there in the field doing useful and secure
things with TCPA before other sorts of systems
showed up trying to do draconian anti-user things?
Check out
Embrace, Extend Extinguish
In 1997, Peter Biddle was part of a
Microsoft skunkworks project to find ways
to convince Hollywood to let DVDs play on
personal computers.
 Biddle and his team of scientists came up
with the idea of the creating
cryptographically secure areas in the
operating system called “virtual vaults”.
Embrace, Extend, Extinguish
As time progressed, Microsoft realized the
implications of the research project: that it
could address a lot more than just DVD
 Biddle’s virtual vaults would now store
digital certificates that could control
anything and everything.
Embrace, Extend, Extinguish
Microsoft has started to diverge from the
TCPA effort and is developing its own
hardware and software specification called
 Security expert Bruce Schneier says that
Palladium and not TCPA will become the
more important standard.
One Architecture to Rule
Them All and in the Darkness
Bind Them
Palladium is a work-in-progress much like
This much is known about the architecture of
One Architecture to Rule
Them All and in the Darkness
Bind Them
The Hardware:
 The Security Support Component (SSC).
 A Modified CPU
 A modified graphics controller
 A secure keyboard and mouse
One Architecture to Rule
Them All and in the Darkness
Bind Them
The Software:
 The Nexus
 Notarized Computing Agents
One Architecture to Rule
Them All and in the Darkness
Bind Them
When you boot up your PC, the SSC takes
 The SSC creates an expanding “trust
 The result is a PC booted into a known state
with an approved combination of hardware
and software.
One Architecture to Rule
Them All and in the Darkness
Bind Them
Once the machine is in a known good state,
The SSC can certify it as such to third
 The possibilities seem to be limited only by
the marketers' imagination.
Uses of Palladium
Palladium could be used to implement very
strong access controls on confidential
 Governments and other entities would love
Uses of Palladium
A corporation could set up its documents
such that they would only be readable on its
 Documents could be set up with automatic
expiration dates.
Abuses of Palladium
Palladium was designed from the start to
support the centralized revocation of pirated
 It will also make it easier for people to rent
software rather than buying it; and if you
stop paying the rent, then not only does the
software stop working but so may the files
it created.
Abuses of Palladium
The mechanisms designed to delete pirated
music under remote control may be used to
delete documents that a court (or a software
company) has decided are offensive.
 Software companies can also make it harder
for you to switch to their competitors'
Palladium and Open Source
It is not a secret that Microsoft harbors ill
will against GPL’ed Open Source Software.
 Many Open Source advocates wonder if it
will be possible to create a Palladium-ish
environment without violating the GPL,
which may or may not require a GPL’ed
Palladium and Open Source
It is unclear whether these potential Open
Source problems are intentional or merely a
 Microsoft probably sees Palladium more of
a way to placate Hollywood than an outright
attack at Open Source.
Palladium and Open Source
As you might guess, Richard Stallman is
less than pleased about the prospect of
 Mr. Stallman says that Palladium puts the
existence of free operating systems and free
applications at risk, because you may not be
able to run them at all.
Taking It To The Streets
The TCPA specification was published in 2000.
 Atmel is already selling a SSC chip.
 Some of the existing features in Windows XP and
the X-Box are Palladium-ish features: for
example, if you change your PC configuration
more than a little, you have to reregister all your
software with Redmond.
Palladium Gives EU the Jitters
The EU is not at all happy about the
prospect of Palladium.
 The Europeans see this as a classic case of a
solution without a problem.
 The European IT market is the third largest
in the world. Can Microsoft really afford to
cheese off this much of a marketing
Palladium Gives EU the Jitters
Germany's Ministry of Economics and
Labor said in a letter to the Bundestag, or
parliament, that widespread adoption of
Palladium raises the "danger that
applications of software for new highsecurity PCs require a license by Microsoft,
resulting in high costs."
Blows Against The Empire
Lucky Green and has filed three
applications describing techniques for using
Palladium to enforce software licensing.
Lucky Green says that he has no intention
of ever implementing these techniques, but
he will enforce his patents to prevent other
from implementing them.
But Isn't PC Security a Good
The question is: security for whom?
 Palladium will not stop virus’, SPAM or
 Palladium won’t stop privacy abuses.
 Palladium does not so much provide
security for the user as for the PC vendor,
the software supplier, and the content
But Isn't PC Security a Good
No doubt Palladium will be bundled with
new features so that the package as a whole
appears to add value in the short term, but
the long-term economic, social and legal
implications require serious thought.
What If Palladium Doesn’t
Microsoft doesn’t make mistakes, right?
What If Palladium Doesn’t
Who can forget such wonderful products as:
Windows 1, Windows 2, MS Net, MSX,
LAN Manager, Windows for Pen
Computing, Windows CE 1.0
 And let’s not forget about Microsoft Bob!
Politics Make Strange
In 2001, Senator Ernest (Fritz) Hollings (D.
Sc) introduced a draft bill called the
"Security Systems Standards and
Certification Act" (SSSCA).
 Many were predicting that Trusted
 Computing technology, as embodied in the
TCPA and Palladium proposals, would be
mandated by the Hollings bill.
Politics Makes Strange
It appears this bill had been struck a fatal blow
when Hollings lost his Commerce committee
chairmanship due to the Democrats losing Senate
 On 14-Jan-2003, the Recording Industry
Association of America, along with two computer
and technology industry trade groups, has agreed
not to seek new government regulations to
mandate technological controls for copyright
Some Parts of Microsoft Make
On 27-Jan-2003, the Mighty Microsoft
Marketing Machine abandoned the
Palladium name, in favor of the (no doubt
deliberately) snooze-provoking "Next
Generation Secure Computing Base" for
two reasons:
Some Parts of Microsoft Make
The Palladium name is already used by
another company for a product in a similar
 Since its announcement Palladium has
received a lot of attention, been a center of
controversy, and been subject to what
Microsoft thinks of as misdirected criticism.
“I trust it as far as I can
comfortably spit a rat!”
In the US Department of Defense parlance,
a “trusted system or component” is defined
as “one which can break the security
 So a ‘Trusted Computer’ is one that can
break my security?
A TCPA/Palladium Reading