palladium cryptography
DESCRIPTION
Palladium CryptographyTRANSCRIPT
M. S. Ramaiah Institute of Technology 1
Palladium Cryptography
Suma CUSN No: 1MS09TE055
B.E- Telecommunication Engineering
Guide :Prof. B K Sujatha Professor MSRIT, Bangalore
Acknowledgements
I would like to thank
My guide Dr B K Sujatha for her guidance and encouragement and Seminar Coordinator Prof Venu K N
for his support
Our HOD Dr K Natarajan and Former HOD Dr Vijay Kumar B K for giving me an opportunity to present this seminar.
All the staff members for their constant support.2
M. S. Ramaiah Institute of Technology,
Contents
Goals of Network Security Types of Data Threats Present Day Security Systems Secret key and Public key Cryptography Introduction to Palladium Hardware and Software components of Palladium Working of Palladium Disadvantages of Palladium Case study References
M. S. Ramaiah Institute of Technology 3
Goals of Network Security Confidentiality
Data confidentiality implies keeping data private. This privacy could entail physically or logically restricting access to sensitive data or encrypting traffic traversing a network.
Integrity Data integrity ensures that data has not been modified in transit. Also, a data
integrity solution might perform origin authentication to verify that traffic is originating from the source that should be sending it.
Availability The availability of data is a measure of the data’s accessibility. For example, if a
server was down only for five minutes per year, it would have an availability of 99.999 percent.
M. S. Ramaiah Institute of Technology 4
Types of Data Threats
Intruders Casual prying Snooping Commercial Espionage
Viruses Memory Resident viruses Boot Sector Viruses Device Driver Viruses
M. S. Ramaiah Institute of Technology 5
Present Day Security Systems Cryptography Secret Key Cryptography Public Key Cryptography Digital Signatures
User Authentication Authentication using Passwords Authentication using Objects Authentication using Biometrics
Anti Virus Software
Firewalls
M. S. Ramaiah Institute of Technology 6
Secret Key cryptography
• Same key is used for encryption and decryption
M. S. Ramaiah Institute of Technology 7
Public key cryptography
• The Public Key is what its name suggests - Public. It is made available to everyone via a publicly accessible repository or directory. On the other hand, the Private Key must remain confidential to its respective owner.
• Because the key pair is mathematically related, whatever is encrypted with a Public Key may only be decrypted by its corresponding Private Key and vice versa.
M. S. Ramaiah Institute of Technology 8
Illustration of Public Key Cryptography
• For example, if Bob wants to send sensitive data to Alice, and wants to be sure that only Alice may be able to read it, he will encrypt the data with Alice's Public Key. Only Alice has access to her corresponding Private Key and as a result is the only person with the capability of decrypting the encrypted data back into its original form.
M. S. Ramaiah Institute of Technology 9
What is Palladium?
M. S. Ramaiah Institute of Technology 10
Palladium is the code name for a revolutionary set of features for windows operating system. The code name of this initiative “palladium”, is drawn from the Greek mythological goddess of wisdom and protector of civilized life.
Palladium can be touted as the first technology to develop software-hardware synchronization for better data security. Hardware changes incorporated by palladium are reflected in the key components of the CPU, a motherboard chip (cryptographic co-processor), input and output components such as the graphics processor etc. When combined with a new breed of hardware and applications, these “features” will give individuals and groups of user’s greater data security, personal privacy, and system integrity.
Components of Palladium
M. S. Ramaiah Institute of Technology 11
Palladium has two key componentsHardware Components Trusted Space Sealed Storage Secure Input / Output AttestationSoftware Components Nexus Trusted Agents
Hardware Components Trusted Space : This is an execution space is protected from external software
attacks such as a virus. Trusted space is set up and maintained by the nexus and has access to various services provided by palladium, such as sealed storage. In other words it is protected RAM.
Sealed Storage : Sealed storage is an authenticated mechanism that allows a program to store secrets that cannot be retrieved by non-trusted programs such as a virus or Trojan horse.
Secure input and output : A secure path from the keyboard and mouse to palladium applications and a secure path from palladium applications to the screen ensure input-output security.
Attestation : Attestation is a mechanism that allows the user to reveal selected characteristics of the operating environment to external requestors. In reality it takes the form of an encryption co-processor. It is entrusted with the job of encryption and decryption of data “to and from” the “sealed storage”.
M. S. Ramaiah Institute of Technology 12
Software Components Nexus : This component manages trust functionality for palladium user-
mode processes (agents). The nexus executes in kernel mode in the trusted space. It provides basic services to trusted agents, such as the establishment of the process mechanisms for communicating with trusted agents and other applications, and special trust services such as attestation of requests and the sealing and unsealing of secrets.
Trusted Agent : A trusted agent is a program, a part of a program, or a service that runs in user mode in the trusted space. A trusted agent calls the nexus for security related services and critical general services such as memory management. Each trusted agent or entity controls its own sphere of trust and they need not trust or rely on each other.
M. S. Ramaiah Institute of Technology 13
Modes of Operation of a PC
M. S. Ramaiah Institute of Technology 14
Working of Palladium
M. S. Ramaiah Institute of Technology 15
Disadvantages of Palladium
Software and applications have to be rewritten to synchronize with palladium or new applications must be written.
Changes are to be made to the existing computer hardware to support palladium.
It would be a long time before this technology becomes commonplace.
M. S. Ramaiah Institute of Technology 16
Case Study-Reconstructing Data Security of JNTU Examination system using Palladium
Existing System :
The question papers in encrypted form are also made available on the JNTU examination website.
Password to read the CDs is supplied one hour before the commencement of examination to the principal/chief superintendent through internet, cell phone, telephone or Fax.
The principal soon after receipt of password decrypts the original question
papers of that day using the software supplied by JNTU examination branch.
M. S. Ramaiah Institute of Technology 17
Loopholes in Existing System As the encrypted question papers are also available on the Internet
there is every chance of crackers downloading and trying to decrypt them.
There is every chance of failure or miss-match of the college specific CD due to the large number of affiliate colleges (as is been observed in some cases).
Also, in one case, a previous examination CD was mistakenly
decrypted, and the question papers thus printed, distributed initially at an examination centre.
M. S. Ramaiah Institute of Technology 18
Palladium - As a Solution A third party trusted agent (government or private programmed) is
employed who is responsible for granting of access to JNTU examination server. It processes the requests and forwards only those certified by the nexus of the JNTU’s palladium based server.
If an unauthorized system (without palladium) forwards a request, it is
immediately rejected by the server’s trusted agent. Even if an unauthorized palladium PC tries to access the server its request is rejected.
The PC-specific secret coding within palladium makes stolen files useless on
other machines as they are physically and cryptographically locked in the hardware of the server or trusted computer.
M. S. Ramaiah Institute of Technology 19
Restructured examination system using Palladium
M. S. Ramaiah Institute of Technology 20
Advantages
As the process of question paper download is highly secure, the chances of leakage are literally nil.
Since this method is highly trustworthy a single set
question paper system can be employed. An advanced system of Internet communication can
be adopted for a broader reach, thus eliminating the role of CD.
M. S. Ramaiah Institute of Technology 21
References http://epic.org/privacy/consumer/microsoft/palladium.html
http://www.princeton.edu/~achaney/tmve/wiki100k/docs/Next-Generation_Secure_Computing_Base.html
Modern Operating System by Andrew S Tanenbaum
https://www.duo.uio.no/bitstream/handle/10852/19503/FinalxThesis.pdf?sequence=2
CCNA Security by Richard A Deal
http://en.wikipedia.org/wiki/Cryptography
M. S. Ramaiah Institute of Technology 22
Thank You
M. S. Ramaiah Institute of Technology 23