Presentation

On

Palladium Cryptography (next generation secure computing base)

By:

Piyush Mittal

Introduction

Palladium is a software architecture

designed by Microsoft to implement parts

of Trusted Computing Concepts on future

versions of Windows OS.

This relies on Hardware technology

designed by members of Trusted

Computing Group which provide security

features, cryptographic co-processors and

ability to hold keys securely.

Properties of Palladium

Architectural enhancement to Windows

kernel and computer hardware.

Will not eliminate any features of

Windows.

New applications must be written.

It will operate with any program user

specifies while maintaining security.

Architecture and Concepts Palladium consists of software and specialized

hardware component developed by Trusted

Computing Group

1. Key hardware components are:

• Trusted Platform Module: provides secure storage of cryptographic keys and a secure co-processor.

• Curtained memory (trusted space)feature in CPU:

Execution space protected from external attacks (protected RAM)

Data within curtained memory can be accessed by applications to which it belongs.

Sealed Storage: Authentication mechanism

that allows program to store secrets.

Secure input output

Attestation: Mechanisms that allow user

to reveal selected characteristics to

external requesters. It is entrusted with

the job of to encrypt and decrypt data

from sealed storage.

Secured Key

Cryptographic key is stored within TPM

Applications provide encrypted data to TPM to be decrypted and decrypted data is provided for authentication

TPM stores a single key securely

Data as an extension stored in encrypted form that can be decrypted only by key in TPM

TPM generates cryptographic signature based on hidden key.

Key Software components are

Nexus: A security kernel that is a part of OS. It provides basic services to trusted agents, such as the establishment of the process mechanisms for with trusted agents and other applications.

Trusted agents: A trusted agent is a program, a part of a program, or a service that runs in user mode in the trusted space.

Together, the nexus and trusted agents

provide the following features:

Trusted data storage, encryption services

for applications to ensure data integrity

and protection.

facilities to enable hardware and software

to authenticate itself.

WORKING OF PALLADIUM

This architecture will include a new security

computing chip and design changes to a

computer’s central processing unit (CPU),

chipsets, and peripheral devices, such as

keyboards and printers.

The pc-specific secret coding within palladium

makes stolen files useless on other machines

as they are physically and cryptographically

locked within the hardware of the machine.

Protection using Palladium

Palladium prevents identity theft and

unauthorized access to personal data on

the user’s device while on the internet

and on other networks.

With palladium, a system’s secrets are

locked in the computer and are only

revealed on terms that the user has

specified.

SHORTCOMINGS AND PIT FALLS

OF PALLADIUM Software and applications have to be

rewritten to synchronize with palladium

or new applications must be written

Changes are to be made to the existing

computer hardware to support palladium.

It would be a long time before this

technology became commonplace.

Conclusion

With the usage of “palladium” systems,

trustworthy, secure interactions will

become possible. This technology will

provide tougher security defenses and

more abundant privacy benefits than ever

before. With palladium, users will have

unparalleled power over system integrity,

personal privacy and data security.