Está en la página 1de 22

Palladium Cryptography

Technical Seminar Report


Submitted to M S Ramaiah Institute of Technology (Autonomous Institute Affiliated to VTU, Belgaum) in partial fulfillment of the requirements for the award of

BACHELOR OF ENGINEERING In TELECOMMUNICATION ENGINEERING


For the Academic Year 2012-13 Submitted By

Suma C 1MS09TE055

DEPARTMENT OF TELECOMMUNICATION ENGINEERING, M.S.RAMAIAH INSTITUTE OF TECHNOLOGY, (Autonomous Institute affiliated to VTU), BANGALORE 560054 April 2013

M.S.RAMAIAH INSTITUTE OF TECHNOLOGY


(Autonomous Institute Affiliated to VTU) Vidya Soudha, Jnana Gangothri MSR Nagar, Bangalore- 560 054, Karnataka

Department of Telecommunication Engineering

CERTIFICATE
This is to certify that the seminar titled Palladium Cryptography carried out by Suma C 1MS09TE055 bonafide student of M.S.Ramaiah Institute of Technology, Bangalore, in partial fulfillment for the award of Bachelor of Engineering in Telecommunication Engineering, of the Visvesvaraya Technological University, Belgaum during the year 2012-2013. It is certified that all corrections/suggestions indicated for Internal Assessment have been incorporated in the Report. The Seminar Report has been approved as it satisfies the academic requirements in respect of Seminar work prescribed for the said Degree.

Dr Sujatha B K Professor Dept. of TC Engg, MSRIT

Dr. K Natarajan Professor and Head, Dept. of TC Engg, MSRIT

ACKNOWLEDGEMENTS

No work is complete without due recognition being given to persons who made it possible. My project is no exception. I would like to place on record, profound gratitude for those who have mattered the most in the successful completion of the project. I would like to express my sincere gratitude to Prof. B.K Sujatha the internal guide for her constant encouragement, continuous feedback and sparing their valuable time for discussion. I am grateful to Dr K Natarajan, Prof and Head of the Department of Telecommunication Engineering and Dr. Vijay Kumar B P, Prof. and Ex Head, Dept of Telecommunication Engineering for their moral support given at various stages. I also wish to express my sincere thanks to our principal Dr. S Y Kulkarni for his inspiration and support at various stages of the project. Last but not the least I would like to thank our staff members, all those who have helped me in the completion of the project.

Suma C 1MS09TE055

ABSTRACT
As we tend towards a more and more computer centric world, the concept of data security has attained a paramount importance. Though present day security systems offer a good level of protection, they are incapable of providing a trust worthy environment and are vulnerable to unexpected attacks. Palladium is a content protection concept that has spawned from the belief that the pc, as it currently stands, is not architecturally equipped to protect a user forms the pitfalls and challenges that an all-pervasive network such as the Internet poses. As a drastic change in pc hardware is not feasible largely due to economic reasons, palladium hopes to introduce a minimal change in this front. A paradigm shift is awaited in this scenario with the advent of usage of palladium, thus making content protection a shared concern of both software and hardware. In the course of this paper the revolutionary aspects of palladium are discussed in detail. A case study to restructure the present data security system of JNTU examination system using palladium is put forward.

TABLE OF CONTENTS
List of Figures..................................................................................................6 List of Acronyms..6 1. Introduction ..7 1.1. Need for Security..7 1.2. Goals of Network Security...7 2. Types of Data Threats...8 2.1 Intruders.8 2.2 Viruses8 3. Overview of Present Day Data Security Systems.10 3.1. Cryptography.10 3.2. User Authentication...11 3.3. Anti Virus Software...11 3.4. Firewall...12 4. Palladium-A Revolutionary Breakthrough in Data Security.12 4.1. Core Principles of Palladium Initiative..12 5. Aspects of Palladium..13 5.1. Hardware Aspects...13 5.2. Software Aspects14 6. Working of Palladium.15 7. Protection using Palladium..15 8. Shortcomings of palladium.16 9. Case Study..16 9.1. Existing System...16 9.2 Palladium as a Solution 17 9.3 Advantages ..18 5

10. Conclusion.19 References.......2 0

List of Figures: Figure 1(a)..............................................Secret Key Cryptography Figure 1(b)...Public Key Cryptography Figure 1(c).Illustration of Public Key Cryptography Figure 2.. Overview of Trusted and Untrusted Modes of operation Figure 3............... Case study: Restructured JNTU examination structure using Palladium List of Acronyms: ATM Automated Teller Machine CPU Central Processing Unit RAM Random Access Memory TSR Terminate and Stay Resident DOS Disk Operating System MBR Master Boot Control PC Personal Computer MS DOS Microsoft Disk Operating System TOR Trusted Operating Route IT Information Technology EDEP Electronic Distribution of Examination Papers CD Compact Disk

1. INTRODUCTION 1.1 NEED FOR SECURITY: Many organizations posses valuable information they guard closely. As more of this information is stored in computers the need of data security becomes increasingly important. Protecting this information against unauthorized usage is therefore a major concern for both operating systems and users alike. 1.2 GOALS OF NETWORK SECURITY: From a security perspective computer systems have 3 general goals with corresponding threats to them as listed below: The first one data confidentiality is concerned with secret data remaining secret. More specifically if the owner of some data has decided that the data should be available only to certain people and no others, then the system should guarantee that release of data to unauthorized people does not occur. Another aspect of this is individual privacy. The second goal, data integrity, means that unauthorized users should not be able to modify any data without the owners permission. Data modification in this context includes not only changing the data, but also removing data and adding false data as well. Thus it is very important that a system should guarantee that data deposited in it remains unchanged until the owner decides to do so. The third goal is system availability, which means that nobody can disturb the system to make it unstable. It must be able to ensure that authorized persons have access to the data and do not suffer from denial of service. The most classical example of a threat it this is excessive PINGing of a web site, in order to slow it down.

2. TYPES OF DATA THREATS: 2.1 Intruders: In security literature people who are nosing around places where they have no business being are called intruders or sometimes adversaries. Intruders can be broadly divided as passive and active. Passive intruders just want to read the files they are not authorized to. Active intruders are more malicious and intend to make unauthorized changes to data. Some of the common activities indulged by intruders are: viii 8

Casual Prying: Non-technical users who wish to read other peoples email and private files mostly do this. Snooping: This term refers to the breaking of the security of a shared computer system or a server. Snooping is generally done as a challenge and is not aimed at stealing or tampering of confidential data. Commercial Espionage: This refers to the determined attempts to make money using secret data. For example an employee in an organization can secure sensitive data and sell it away to rival companies for monetary gains. It is very important that potential intruders (and their corresponding activities) are taken into consideration before devising a security system. This is essential as the level of threat and intended damage differ from one to another. 2.2 Virus: Basically a virus is a piece of code that replicates itself and usually does some damage. In a sense the writer of a virus is also an intruder, often with high technical skills. In the same breath it must be said that a virus need not always be intentional and can simply be a code with disastrous run time errors. The difference between a conventional intruder and a virus is that the former refers to person who is personally trying to break into a system to cause damage whereas the latter is a program written by such a person and then released into the world hoping it causes damage. The most common types of viruses are: executable program viruses, memory resident viruses, boot sector viruses, device driver viruses, macro viruses, source code viruses, Trojan horses etc. Executable Program Virus: This virus is a part of a normal executable program. It is sometime hidden in unused part of the file. Memory resident virus: It is a malicious code that installs in the memory and then infects future programs. Also known as the Terminate and Stay Resident (TSR), it finds a way to load in the computers RAM and then infects the executable files that are opened by the user. Boot Sector Virus: A boot sector virus is a virus that places its own codes and commands into a computer's DOS boot sector or Master Boot Record (MBR). When this type of virus has infected a system, the MBR is usually corrupted and a computer's boot sequence is changed. Boot sector viruses can be dangerous and prolific because they are loaded onto a computer every time one starts up, and in 9

time, they can spread to other readable disks. Booting problems and start up problems, problems with retrieving data, computer performance instability and the inability to locate hard drives are all issues that may arise due to an infection.

Device Driver Virus: A virus which infiltrates a computer via the device driver software: the software used to control peripherals such as the keyboard. Only early operating systems such as MSDOS were susceptible to this type of virus. Macro Virus: In computing terminology, a macro virus is a virus that is written in a macro language: that is to say, a language built into a software application such as a word processor. Since some applications (notably, but not exclusively, the parts of Microsoft Office) allow macro programs to be embedded in documents, so that the programs may be run automatically when the document is opened, this provides a distinct mechanism by which viruses can be spread. This is why it may be dangerous to open unexpected attachments in e-mails. Modern antivirus software detects macro viruses as well as other types. Source Code Virus: Source code viruses are a subset of computer viruses that make modifications to source code located on an infected machine. A source file can be overwritten such that it includes a call to some malicious code. Trojan Horse Virus: A Trojan may give a hacker remote access to a targeted computer system. Operations that could be performed by a hacker on a targeted computer system may include: Use of the machine as part of a botnet (e.g. to perform automated spamming or to distribute Denial-of-service attacks) Crashing the computer Electronic money theft Data theft (e.g. retrieving passwords or credit card information) Installation of software, including third-party malware Downloading or uploading of files on the user's computer Modification or deletion of files 10

Watching the user's screen Viewing the user's webcam Controlling the computer system remotely

3. AN OVERVIEW OF SOME OF THE PRESENT DAY DATA SECURITY SYSTEMS: 3.1 Cryptography: Cryptography is the method in which a message or file, called plain text, is taken and encrypted into cipher text in such a way that only authorized people know how to convert it back to plane text. This is commonly done in four ways: Secret key cryptography, public key cryptography, one way function cryptography and digital signatures. Secret key encryption (also called private-key encryption or symmetric encryption) involves using the same key for encryption and decryption.

Figure 1(a) Public-key cryptography refers to a cryptographic system requiring two separate keys, one of which is secret and one of which is public. Although different, the two parts of the key pair are mathematically linked. One key locks or encrypts the plain text, and the other unlocks or decrypts the cipher text. Neither key can perform both functions by itself. The public key may be published without compromising security, while the private key must not be revealed to anyone not authorized to read the messages.

Figure 1 (b) 11

For example, if Bob wants to send sensitive data to Alice, and wants to be sure that only Alice may be able to read it, he will encrypt the data with Alice's Public Key. Only Alice has access to her corresponding Private Key and as a result is the only person with the capability of decrypting the encrypted data back into its original form.

Figure 1(c) In computer science, a one-way function is a function that is easy to compute on every input, but hard to invert given the image of a random input. The existence of such one-way functions is still an open conjecture. Digital signatures employ a type of asymmetric cryptography. For messages sent through a non secure channel, a properly implemented digital signature gives the receiver reason to believe the message was sent by the claimed sender. Unless the encryption technique used is very complex it is possible, with some effort, for crackers to decrypt files.

3.2 User authentication: It is a method employed by the operating system or a program of a computer to determine the identity of a user. Types of user authentication are: Authentication using passwords, authentication using physical objects (like smart cards, ATM cards etc.), authentication using biometrics (like Finger prints, retinal pattern scan, signature analysis, voice recognition etc.). Inherent problems of user authentication are password cracking, duplication of physical objects and simulation of biometrics by artificial objects. 3.3 Anti-virus software: 12

An anti-virus software scans every executable file on a computers disk looking for viruses known in its database. It then repairs, quarantines or deletes an infected files. However a clever virus can infect the anti-virus software itself. Some of the popular anti-virus softwares are Norton, PC-cillin, McAfee etc. 3.4 Firewalls: It is a method of preventing unauthorized access to a computer system often found in network computers. A firewall is designed to provide normal service to authorized users while at the same time preventing unauthorized users from gaining access to the system. In reality they add a level of inconvenience to legal users and their ability to control illegal access may be questionable. 4. PALLADIUM A REVOLUTIONARY BREAKTHROUGH IN DATA SECURITY Palladium is the code name for a revolutionary set of features for the windows operating system. The code name of this initiative palladium, is a drawn from the Greek mythological goddess of wisdom and protector of civilized life. Till date most forms of data security have been software oriented with little or no hardware involvement. Palladium can be touted as the first technology to develop software-hardware synchronization for better data security. Hardware changes incorporated by palladium are reflected in the key components of the CPU, a motherboard chip (cryptographic co-processor), input and output components such as the graphics processor etc. When combined with a new breed of hardware and applications, these features will give individuals and groups of users greater data security, personal privacy, and system integrity. In addition, palladium will offer enterprise consumers significant new benefits for network security and content protection. 4.1 Core principles of the palladium initiative: Palladium is not a separate operating system. It is based in architectural enhancements to the windows kernel and to computer hardware, including the CPU, peripherals and chipsets, to create a new trusted execution subsystem Palladium will not eliminate any features of windows that users have come to rely on; everything that runs today will continue to run with palladium. It is important to note that while todays applications and devices will continue to work in palladium, they will gain little to no benefit from palladium environment or new applications must be written. 13

In addition, palladium does not change what can be programmed or run on the computing platform. Palladium will operate with any program the user specifies while maintaining security.

Figure 2

5. ASPECTS OF PALLADIUM Palladium comprises two key components: hardware and software. 5.1 Hardware components Engineered for ensuring the protected execution of applications and processes, the protected operating environment provides the following basic mechanisms: Trusted space (or curtained memory): This is an execution space is protected from external software attacks such as a virus. Trusted space is set up and maintained by the nexus and has access to various services provided by palladium, such as sealed storage. In other words it is protected RAM. Sealed storage: Sealed storage is an authenticated mechanism that allows a program to store secrets that cannot be retrieved by non-trusted programs such as a virus or Trojan horse. Information in sealed storage cant be read by 14

other non trusted programs (sealed storage cannot be read by unauthorized secure programs, for that matter, and cannot be read even if another operating system is booted or the disk is carried to another machine.) these stored secrets can be tied to the machine, the nexus or the application. Palladium will also provide mechanisms for the safe and controlled backup and migration of secrets to other machines. In other words it is a secured and encrypted part of the hard disk. Secure input and output: A secure path from the keyboard and mouse to palladium applications and a secure path from palladium applications to the screen ensure input-output security. Attestation: Attestation is a mechanism that allows the user to reveal selected characteristics of the operating environment to external requestors. In reality it takes the form of an encryption co-processor. It is entrusted with the job of encryption and decryption of data to and from the sealed storage. These basic mechanisms provide a platform for building distributed trusted software. 5.2 Software components. The following are the software components of palladium: Nexus (a technology formerly referred to as the trusted operating root (TOR)): This component manages trust functionality for palladium user-mode processes (agents). The nexus executes in kernel mode in the trusted space. It provides basic services to trusted agents, such as the establishment of the process mechanisms for communicating with trusted agents and other applications, and special trust services such as attestation of requests and the sealing and unsealing of secrets.

15

Figure 3 Trusted agents: A trusted agent is a program, a part of a program, or a service that runs in user mode in the trusted space. A trusted agent calls the nexus for security related services and critical general services such as memory management. A trusted agent is able to store secrets using sealed storage and authenticates itself using the attestation services of the nexus. One of the main principles of trusted agents is that they can be trusted or not trusted by multiple entities, such as the user, an IT department, a merchant or a vendor. Each trusted agent or entity controls its own sphere of trust and they need not trust or rely on each other. Together, the nexus and trusted agents provide the following features: Trusted data storage, encryption services for applications to ensure data integrity and protection. Authenticated boot, facilities to enable hardware and software to authenticate itself. 6. WORKING OF PALLADIUM Palladium is a new hardware and software architecture. This architecture will include a new security computing chip and design changes to a computers central processing unit (CPU), chipsets, and peripheral devices, such as keyboards and printers. It also will enable applications and components of these applications to run in a protected memory space that is highly resistant to tempering and interference. The pc-specific secret coding within palladium makes stolen files useless on other machines as they are physically and cryptographically locked within the hardware of the machine. This means software attacks cant expose these secrets. Even if a sophisticated hardware attack were to get at them, these 16

core system secrets would only be applicable to the data within a single computer and could not be used on other computes. 7. PROTECTION USING PALLADIUM Palladium prevents identity theft and unauthorized access to personal data on the users device while on the internet and on other networks. Transactions and processes are verifiable and reliable through the attestable hardware and software architecture and they cannot be imitated. With palladium, a systems secrets are locked in the computer and are only revealed on terms that the user has specified. In addition, the trusted user interface prevents snooping and impersonation. The user controls what is revealed and can separate categories of data on a single computer into distinct realms. Like a set of vaults, realms provide the assurance of separability. With distinct identifiers, policies and categories of data for each, realms allow a user to have a locked-down work environment and fully open surfing environment at the same time, on the same computer. Finally, the palladium architecture will enable a new class of identity service providers that can potentially offer users choices for how their identities are represented in online transactions. These service providers can also ensure that the user is in control of policies for how personal information is revealed to others. In addition, palladium will allow users to employ identity service providers of their own choice. From the perspective of privacy (and anti-virus protection), one of the key benefits of palladium is the ability for users to effectively delegate certification of code. Anyone can certify palladium hardware or software, it is expected that many companies and organizations will offer this service. Allowing multiple parties to independently evaluate and certify palladium capable systems means that users will be able to obtain verification of the systems operation from organizations that they trust. In addition, this will form the basis for a strong business incentive to preserve and enhance privacy and security. Moreover, palladium allows any number of trusted internal or external entities to interact with a trusted component or trusted platform. 8. SHORTCOMINGS AND PIT FALLS OF PALLADIUM Though palladium can provide a higher degree of much needed data security it is not without its share of problems like: Software and applications have to be rewritten to synchronize with palladium or new applications must be written. Changes are to be made to the existing computer hardware to support palladium.

17

It would be a long time before this technology becomes commonplace.

9. CASE STUDY RESTRUCTURING DATA SECURITY OF JNTU EXAMINATION SYSTEM USING PALLADIUM 9.1 EXISTING SYSTEM: In order to eliminate the leakage of question papers, the Jawaharlal Nehru technological university (J.N.T.U), Hyderabad, has recently decided to implement the system of electronic distribution of examination papers (EDEP) a new method of conduct of examinations. In this system 4 sets of question papers are generated and encrypted into a college specific CD. The encrypted CD is supplied to the examination centres about 3 days in advance. The question papers in encrypted form are also made available on the JNTU examination website. Password to read the CDs is supplied one hour before the commencement of examination to the principal/chief superintendent through internet, cell phone, telephone or Fax. The principal soon after receipt of password decrypts the original question papers of that day using the software supplied by JNTU examination branch. The EDEP employs the method of public key cryptography. Though this system is largely stable and secure it has certain loopholes like: As the encrypted question papers are also available on the Internet there is every chance of crackers downloading and trying to decrypt them. This method of 4 sets of question papers has been resented by the student and teacher community alike. There is every chance of failure or miss-match of the college specific CD due to the large number of affiliate colleges (as is been observed in some cases). Also, in one case, a previous examination CD was mistakenly decrypted, and the question papers thus printed, distributed initially at an examination centre. 18

9.2 PALLADUIM AS A SOLUTION: Palladium is based on the concept of trusted space. A closed sphere of trust binds data or a service, to both a set of users and to a set of acceptable applications. Due to this an unauthorized user cannot access the data or software which is based on a server. In the revised system the encrypted question papers are put up on the J.N.T.Us palladium based server and all the affiliate colleges use collegespecific palladium computers. It works as follows: A third party trusted agent (government or private programmed) is employed who is responsible for granting of access to JNTU examination server. It processes the requests and forwards only those certified by the nexus of the JNTUs palladium based server. If an unauthorized system (without palladium) forwards a request, it is immediately rejected by the servers trusted agent. Even if an unauthorized palladium PC tries to access the server its request is rejected. The PC-specific secret coding within palladium makes stolen files useless on other machines as they are physically and cryptographically locked in the hardware of the server or trusted computer. During examinations the palladium computer of the college issues a request to the common trusted agent (of JNTU and college) via internet. This request is granted and each-particular question paper pertaining to that day is accessed by the college.

19

Figure 4

9.3 ADVANTAGES As the process of question paper download is highly secure, the chances of leakage are literally nil. Since this method is highly trustworthy a single set question paper system can be employed. An advanced system of Internet communication can be adopted for a broader reach, thus eliminating the role of CD. Since the download of question papers is request-specific and time bound there cannot be a case of question paper mismatch.

10. CONCLUSION Today, it managers face tremendous challenges due to the inherent openness of end-user machines, and millions of people simply avoid some online transactions out of fear. However, with the usage of palladium systems, trustworthy, secure interactions will become possible. This technology will provide tougher security defences and more abundant privacy benefits than ever before. With palladium, users will have unparalleled power over system integrity, personal privacy and data security.

20

Thus it wouldnt be exaggeration to say that palladium is all to secure the computing world in ways unimaginable.

REFERENCES http://epic.org/privacy/consumer/microsoft/palladium.html http://www.princeton.edu/~achaney/tmve/wiki100k/docs/NextGeneration_Secure_Computing_Base.html Modern Operating System by Andrew S Tanenbaum 21

https://www.duo.uio.no/bitstream/handle/10852/19503/FinalxThesis.pdf? sequence=2 CCNA Security by Richard A Deal http://en.wikipedia.org/wiki/Cryptography

22