Palladium Cryptography

Suma C
USN No: 1MS09TE055 B.E- Telecommunication Engineering

Guide : Prof. B K Sujatha Professor MSRIT, Bangalore

M. S. Ramaiah Institute of Technology

Acknowledgements
I would like to thank
My guide Dr B K Sujatha for her guidance and encouragement and Seminar Coordinator Prof Venu K N for his support Our HOD Dr K Natarajan and Former HOD Dr Vijay Kumar B K for giving me an opportunity to present this seminar. All the staff members for their constant support. M. S. Ramaiah Institute of Technology,

Contents
Goals of Network Security Types of Data Threats Present Day Security Systems Secret key and Public key Cryptography Introduction to Palladium Hardware and Software components of Palladium Working of Palladium Disadvantages of Palladium Case study References

M. S. Ramaiah Institute of Technology

Goals of Network Security

Confidentiality
Data condentiality implies keeping data private. This privacy could entail physically or logically restricting access to sensitive data or encrypting trafc traversing a network.

Integrity
Data integrity ensures that data has not been modied in transit. Also, a data integrity solution might perform origin authentication to verify that trafc is originating from the source that should be sending it.

Availability
The availability of data is a measure of the datas accessibility. For example, if a server was down only for ve minutes per year, it would have an availability of 99.999 percent.
M. S. Ramaiah Institute of Technology 4

Types of Data Threats

Intruders Casual prying Snooping Commercial Espionage Viruses Memory Resident viruses Boot Sector Viruses Device Driver Viruses
M. S. Ramaiah Institute of Technology 5

Present Day Security Systems

Cryptography Secret Key Cryptography Public Key Cryptography Digital Signatures User Authentication Authentication using Passwords Authentication using Objects Authentication using Biometrics

Anti Virus Software

Firewalls

M. S. Ramaiah Institute of Technology

Secret Key cryptography

Same key is used for encryption and decryption

M. S. Ramaiah Institute of Technology

Public key cryptography

The Public Key is what its name suggests - Public. It is made available to everyone via a publicly accessible repository or directory. On the other hand, the Private Key must remain confidential to its respective owner.

Because the key pair is mathematically related, whatever is encrypted with a Public Key may only be decrypted by its corresponding Private Key and vice versa.

M. S. Ramaiah Institute of Technology

Illustration of Public Key Cryptography

For example, if Bob wants to send sensitive data to Alice, and wants to be sure that only Alice may be able to read it, he will encrypt the data with Alice's Public Key. Only Alice has access to her corresponding Private Key and as a result is the only person with the capability of decrypting the encrypted data back into its original form.

M. S. Ramaiah Institute of Technology

What is Palladium?
Palladium is the code name for a revolutionary set of features for windows operating system. The code name of this initiative palladium, is drawn from the Greek mythological goddess of wisdom and protector of civilized life. Palladium can be touted as the first technology to develop software-hardware synchronization for better data security. Hardware changes incorporated by palladium are reflected in the key components of the CPU, a motherboard chip (cryptographic co-processor), input and output components such as the graphics processor etc. When combined with a new breed of hardware and applications, these features will give individuals and groups of users greater data security, personal privacy, and system integrity.

M. S. Ramaiah Institute of Technology

10

Components of Palladium
Palladium has two key components Hardware Components Trusted Space Sealed Storage Secure Input / Output Attestation Software Components Nexus Trusted Agents
M. S. Ramaiah Institute of Technology 11

Hardware Components
Trusted Space : This is an execution space is protected from external software
attacks such as a virus. Trusted space is set up and maintained by the nexus and has access to various services provided by palladium, such as sealed storage. In other words it is protected RAM.

Sealed Storage : Sealed storage is an authenticated mechanism that allows a

program to store secrets that cannot be retrieved by non-trusted programs such as a virus or Trojan horse.

Secure input and output : A secure path from the keyboard and mouse to
palladium applications and a secure path from palladium applications to the screen ensure input-output security.

Attestation : Attestation is a mechanism that allows the user to reveal selected

characteristics of the operating environment to external requestors. In reality it takes the form of an encryption co-processor. It is entrusted with the job of encryption and decryption of data to and from the sealed storage.

M. S. Ramaiah Institute of Technology

12

Software Components
Nexus : This component manages trust functionality for palladium usermode processes (agents). The nexus executes in kernel mode in the trusted space. It provides basic services to trusted agents, such as the establishment of the process mechanisms for communicating with trusted agents and other applications, and special trust services such as attestation of requests and the sealing and unsealing of secrets. Trusted Agent : A trusted agent is a program, a part of a program, or a service that runs in user mode in the trusted space. A trusted agent calls the nexus for security related services and critical general services such as memory management. Each trusted agent or entity controls its own sphere of trust and they need not trust or rely on each other.

M. S. Ramaiah Institute of Technology

13

Modes of Operation of a PC

M. S. Ramaiah Institute of Technology

14

Working of Palladium

M. S. Ramaiah Institute of Technology

15

Disadvantages of Palladium
Software and applications have to be rewritten to synchronize with palladium or new applications must be written.

Changes are to be made to the existing computer hardware to support palladium. It would be a long time before this technology becomes commonplace.
M. S. Ramaiah Institute of Technology 16

Case Study-Reconstructing Data Security of JNTU Examination system using Palladium

Existing System :
The question papers in encrypted form are also made available on the JNTU examination website.

Password to read the CDs is supplied one hour before the commencement of examination to the principal/chief superintendent through internet, cell phone, telephone or Fax. The principal soon after receipt of password decrypts the original question papers of that day using the software supplied by JNTU examination branch.

M. S. Ramaiah Institute of Technology

17

Loopholes in Existing System

As the encrypted question papers are also available on the Internet there is every chance of crackers downloading and trying to decrypt them. There is every chance of failure or miss-match of the college specific CD due to the large number of affiliate colleges (as is been observed in some cases).

Also, in one case, a previous examination CD was mistakenly decrypted, and the question papers thus printed, distributed initially at an examination centre.
M. S. Ramaiah Institute of Technology 18

Palladium - As a Solution
A third party trusted agent (government or private programmed) is employed who is responsible for granting of access to JNTU examination server. It processes the requests and forwards only those certified by the nexus of the JNTUs palladium based server. If an unauthorized system (without palladium) forwards a request, it is immediately rejected by the servers trusted agent. Even if an unauthorized palladium PC tries to access the server its request is rejected.

The PC-specific secret coding within palladium makes stolen files useless on other machines as they are physically and cryptographically locked in the hardware of the server or trusted computer.

M. S. Ramaiah Institute of Technology

19

Restructured examination system using Palladium

M. S. Ramaiah Institute of Technology

20

Advantages
As the process of question paper download is highly secure, the chances of leakage are literally nil. Since this method is highly trustworthy a single set question paper system can be employed. An advanced system of Internet communication can be adopted for a broader reach, thus eliminating the role of CD.
M. S. Ramaiah Institute of Technology 21

References
http://epic.org/privacy/consumer/microsoft/palladium.html http://www.princeton.edu/~achaney/tmve/wiki100k/docs/NextGeneration_Secure_Computing_Base.html Modern Operating System by Andrew S Tanenbaum https://www.duo.uio.no/bitstream/handle/10852/19503/FinalxThesis.pdf ?sequence=2

CCNA Security by Richard A Deal

http://en.wikipedia.org/wiki/Cryptography
M. S. Ramaiah Institute of Technology 22

Thank You

M. S. Ramaiah Institute of Technology

23