TCPA/Palladium
All Your Computers Are
Belong to Us!
The History of TCPA

So what is TCPA/Palladium anyway?
 TCPA stands for the Trusted Computing Platform
Alliance (http://www.trustedcomputing.org) an
initiative led by Intel.
 Palladium is software that Microsoft says it plans
to incorporate in future versions of Windows.
http://www.theregister.co.uk/content/4/25852.html
The History of TCPA
The basic idea - a specially trusted ‘reference
monitor’ that supervises a computer's access
control functions - goes back at least to a paper
written by James Anderson for the USAF in 1972.
 The origins of TCPA can be traced back to a paper
by Martin Kuhn in April, 1997 entitled “The
TrustNo 1 Cryptoprocessor Concept”.

The History of TCPA

Bill Arbaugh, Dave Farber and Jonathan Smith
published a paper in the proceedings of the IEEE
Symposium on Security and Privacy (1997) pp 6571 called “A Secure and Reliable Bootstrap
Architecture”.
 It led to a US patent: “Secure and Reliable
Bootstrap Architecture'', U.S. Patent No.
6,185,678, February 6th, 2001. Mr. Arbaugh’s
thinking developed from work he did while
working for the NSA on code signing in 1994.
History of TCPA

In 1999, Microsoft, Intel, IBM, HP, and
Compaq formed what would become the
TCPA. The goal of TCPA was to define a
hardware specification for secure systems.
 The TCPA has released its first hardware
specification, a design just now starting to
appear as part of Intel’s LeGrande processor
architecture.
TCPA Architecture

Following the TCPA nomenclature, a PC would
look like this going from the higher level, the most
external, the lowest, the most internal:
System
- Peripherals, drivers, applications
Platform
- Disk units, cards, power supply
Motherboard - CPU, memory, connection buses
Microprocessor
TCPA Architecture

The new model proposed by TCPA
proposes these architectural changes:
System
- Without changes
Platform - "TCPA subsystem" is added
Motherboard - Without changes
Microprocessor – Same
TBB - Composed by the TPM and CRTM
The CRTM (Core Root of
Trust Module)

This is the place where execution always begins
when the system starts to run.
 It's certainly the equivalent of the BIOS in our PC.
 When execution starts at the CRTM, it checks its
own integrity, the system components, the Option
ROM of the peripherals, and the code that's being
executed next (the IPL ex.), extending what they
call the "chain of trust".
The TPM (Trusted Platform
Module)

This is the most important component, and
it must be sealed to the motherboard in two
different possible ways:
- The TPM is physically bounded to the
platform.
- The TPM is a SmartCard placed outside the
PC but in a way only one TPM can be
related to one platform.
The TPM (Trusted Platform
Module)

TPM is acting as some special sort of
SmartCard. It's providing functions that
strengthen the system's security and
integrity by a rewritable memory and a
sealed memory (not accessible from the
outside, and never revealed by the TPM)
and has several microprogrammed
cryptographic algorithms:
TPM Crypto Algorithms

SHA-1
 RSA
 RNG
 3DES
Applications of TCPA

Protection of user authentication keys
 Protection of user file and filesystem keys
Applications of TCPA

TCPA is not DRM (Digital Rights
Management).
 TCPA would, in fact, make a poor DRM
platform.
Applications of TCPA
TCPA does not:
Control execution
Block execution based on signatures,
or revocation lists, or approved lists
Applications of TCPA
TCPA does
 Provide protection of a user’s private
keys and encrypted data
 Protect sensitive data from many software
attacks, including viruses, worms and
trojans.
TCPA and Open Source

There is full source code for a Linux device driver
for the TCPA chip, released under the GPL.
 Wouldn't it be a kick if Open Source systems were
out there in the field doing useful and secure
things with TCPA before other sorts of systems
showed up trying to do draconian anti-user things?
Check out
http://www.research.ibm.com/gsal/tcpa/tpm.tar.gz.
Embrace, Extend Extinguish

In 1997, Peter Biddle was part of a
Microsoft skunkworks project to find ways
to convince Hollywood to let DVDs play on
personal computers.
 Biddle and his team of scientists came up
with the idea of the creating
cryptographically secure areas in the
operating system called “virtual vaults”.
Embrace, Extend, Extinguish

As time progressed, Microsoft realized the
implications of the research project: that it
could address a lot more than just DVD
copying.
 Biddle’s virtual vaults would now store
digital certificates that could control
anything and everything.
Embrace, Extend, Extinguish

Microsoft has started to diverge from the
TCPA effort and is developing its own
hardware and software specification called
Palladium.
 Security expert Bruce Schneier says that
Palladium and not TCPA will become the
more important standard.
One Architecture to Rule
Them All and in the Darkness
Bind Them
Palladium is a work-in-progress much like
.NET.
This much is known about the architecture of
Palladium.
One Architecture to Rule
Them All and in the Darkness
Bind Them
The Hardware:
 The Security Support Component (SSC).
 A Modified CPU
 A modified graphics controller
 A secure keyboard and mouse
One Architecture to Rule
Them All and in the Darkness
Bind Them
The Software:
 The Nexus
 Notarized Computing Agents
One Architecture to Rule
Them All and in the Darkness
Bind Them

When you boot up your PC, the SSC takes
charge.
 The SSC creates an expanding “trust
boundary.”
 The result is a PC booted into a known state
with an approved combination of hardware
and software.
One Architecture to Rule
Them All and in the Darkness
Bind Them

Once the machine is in a known good state,
The SSC can certify it as such to third
parties.
 The possibilities seem to be limited only by
the marketers' imagination.
Uses of Palladium

Palladium could be used to implement very
strong access controls on confidential
documents.
 Governments and other entities would love
this.
Uses of Palladium

A corporation could set up its documents
such that they would only be readable on its
PCs.
 Documents could be set up with automatic
expiration dates.
Abuses of Palladium

Palladium was designed from the start to
support the centralized revocation of pirated
software.
 It will also make it easier for people to rent
software rather than buying it; and if you
stop paying the rent, then not only does the
software stop working but so may the files
it created.
Abuses of Palladium

The mechanisms designed to delete pirated
music under remote control may be used to
delete documents that a court (or a software
company) has decided are offensive.
 Software companies can also make it harder
for you to switch to their competitors'
products.
Palladium and Open Source

It is not a secret that Microsoft harbors ill
will against GPL’ed Open Source Software.
 Many Open Source advocates wonder if it
will be possible to create a Palladium-ish
environment without violating the GPL,
which may or may not require a GPL’ed
Nexus.
Palladium and Open Source

It is unclear whether these potential Open
Source problems are intentional or merely a
byproduct.
 Microsoft probably sees Palladium more of
a way to placate Hollywood than an outright
attack at Open Source.
Palladium and Open Source

As you might guess, Richard Stallman is
less than pleased about the prospect of
Palladium.
 Mr. Stallman says that Palladium puts the
existence of free operating systems and free
applications at risk, because you may not be
able to run them at all.
Taking It To The Streets

The TCPA specification was published in 2000.
 Atmel is already selling a SSC chip.
 Some of the existing features in Windows XP and
the X-Box are Palladium-ish features: for
example, if you change your PC configuration
more than a little, you have to reregister all your
software with Redmond.
Palladium Gives EU the Jitters

The EU is not at all happy about the
prospect of Palladium.
 The Europeans see this as a classic case of a
solution without a problem.
 The European IT market is the third largest
in the world. Can Microsoft really afford to
cheese off this much of a marketing
segment?
Palladium Gives EU the Jitters

Germany's Ministry of Economics and
Labor said in a letter to the Bundestag, or
parliament, that widespread adoption of
Palladium raises the "danger that
applications of software for new highsecurity PCs require a license by Microsoft,
resulting in high costs."
Blows Against The Empire

Lucky Green and has filed three
applications describing techniques for using
Palladium to enforce software licensing.

Lucky Green says that he has no intention
of ever implementing these techniques, but
he will enforce his patents to prevent other
from implementing them.
But Isn't PC Security a Good
Thing?

The question is: security for whom?
 Palladium will not stop virus’, SPAM or
trojans.
 Palladium won’t stop privacy abuses.
 Palladium does not so much provide
security for the user as for the PC vendor,
the software supplier, and the content
industry.
But Isn't PC Security a Good
Thing?

No doubt Palladium will be bundled with
new features so that the package as a whole
appears to add value in the short term, but
the long-term economic, social and legal
implications require serious thought.
What If Palladium Doesn’t
Work?

Microsoft doesn’t make mistakes, right?
What If Palladium Doesn’t
Work?

Who can forget such wonderful products as:
Windows 1, Windows 2, MS Net, MSX,
LAN Manager, Windows for Pen
Computing, Windows CE 1.0
 And let’s not forget about Microsoft Bob!
Politics Make Strange
Bedfellows

In 2001, Senator Ernest (Fritz) Hollings (D.
Sc) introduced a draft bill called the
"Security Systems Standards and
Certification Act" (SSSCA).
 Many were predicting that Trusted
 Computing technology, as embodied in the
TCPA and Palladium proposals, would be
mandated by the Hollings bill.
Politics Makes Strange
Bedfellows

It appears this bill had been struck a fatal blow
when Hollings lost his Commerce committee
chairmanship due to the Democrats losing Senate
leadership.
 On 14-Jan-2003, the Recording Industry
Association of America, along with two computer
and technology industry trade groups, has agreed
not to seek new government regulations to
mandate technological controls for copyright
protection.
Some Parts of Microsoft Make
Mistakes

On 27-Jan-2003, the Mighty Microsoft
Marketing Machine abandoned the
Palladium name, in favor of the (no doubt
deliberately) snooze-provoking "Next
Generation Secure Computing Base" for
two reasons:
Some Parts of Microsoft Make
Mistakes

The Palladium name is already used by
another company for a product in a similar
vein.
 Since its announcement Palladium has
received a lot of attention, been a center of
controversy, and been subject to what
Microsoft thinks of as misdirected criticism.
“I trust it as far as I can
comfortably spit a rat!”

In the US Department of Defense parlance,
a “trusted system or component” is defined
as “one which can break the security
policy”.
 So a ‘Trusted Computer’ is one that can
break my security?
A TCPA/Palladium Reading
List












http://www.trustedcomputing.org
http://www.trustedcomputing.org/docs/main%20v1_1b.pdf
http://www.trustedcomputing.org/docs/TCPA_PCSpecificSpecification_v100.pdf
http://www.activewin.com/articles/2002/pd.shtml
http://zdnet.com.com/2100-1107-941111.html
http://news.bbc.co.uk/1/hi/sci/tech/2094167.stm
http://www.internetnews.com/xSP/article.php/1378731
http://www.pbs.org/cringely/pulpit/pulpit20020627.html
http://www.oreillynet.com/pub/a/webservices/2002/07/09/udell.html
http://www.kuro5hin.org/story/2002/7/9/17842/90350
http://microsoft.com/mscorp/execmail/2002/07-18twc.asp
http://newsforge.com/newsforge/02/10/21/1449250.shtml?tid=19