21-09-2012, 11:06 AM
PALLADIUM
Palladiumrprt.doc (Size: 293 KB / Downloads: 30)
Abstract
SECURITY in this contemporary scenarios has become a more sensible issue either it may be in the “REAL WORLD” or in the “CYBER WORLD”. In the real world as opposed to the cyber world an attack is often preceded by information gathering. Movie gangsters “case the joint”; soldiers “scout the area”. This is also true in the cyber world. Here the “bad guys” are referred to as intruders, eavesdroppers, hackers, hijackers, etc. The intruders would first have a panoramic view of the victim’s network and then start digging the holes. Today the illicit activities of the hackers are growing by leaps and bounds, viz., “THE RECENT ATTACK ON THE DNS SERVERS HAS CAUSED A LOT OF HULLABALOO ALL OVER THE WORLD”. However, fortunately, the antagonists reacted promptly and resurrected the Internet world from the brink of prostration .certification, Access control by implementing Firewalls etc. To satiate the flaws in the network security more and more advanced security notions are being devised day by day. Our paper covers a wide perspective of such arenas where the contemporary cyber world is revolving around viz., THE DMZ ZONE, PALLADIUM
INTRODUCTION
In June 2002, Microsoft released information regarding its new "Palladium" initiative. Palladium is a system that combines software and hardware controls to create a "trusted" computing platform. In doing so, it would establish an unprecedented level of control over users and their computers.
Palladium could place Microsoft as the gatekeeper of identification and authentication. Additionally, systems embedded in both software and hardware would control access to content, thereby creating ubiquitous Digital Rights Management schemes that can track users and control use of media. Microsoft expects to have elements of the system in place by 2004.
Professor Ross Anderson has written an extensive FAQ on the Palladium system. Seth Schoen of EFF has published a detailed summary of a meeting about Palladium.
SECURE STORAGE AND ATTESTATION
At the time of manufacture, a cryptographic key is generated and stored within the TPM. This key is never transmitted to any other component, and the TPM is designed in such a way that it is extremely difficult to retrieve the stored key by reverse engineering or any other method, even to the owner. Applications can pass data encrypted with this key to be decrypted by the TPM, but the TPM will only do so under certain strict conditions. Specifically, decrypted data will only ever be passed to authenticated, trusted applications, and will only ever be stored in curtained memory, making it inaccessible to other applications and the Operating System. Although the TPM can only store a single cryptographic key securely, secure storage of arbitrary data is by extension possible by encrypting the data such that it may only be decrypted using the securely stored key.
The TPM is also able to produce a cryptographic signature based on its hidden key. This signature may be verified by the user or by any third party, and so can therefore be used to provide remote attestation that the computer is in a secure state.
CURTAINED MEMORY
NGSCB also relies on a curtained memory feature provided by the CPU. Data within curtained memory can only be accessed by the application to which it belongs, and not by any other application or the Operating System. The attestation features of the TPM can be used to confirm to a trusted application that it is genuinely running in curtained memory; it is therefore very difficult for anyone, including the owner, to trick a trusted application into running outside of curtained memory. This in turn makes reverse engineering of a trusted application extremely difficult.
WORKING OF PALLADIUM:
Palladium is a new hardware and software architecture. This architecture will include a new security computing chip and design changes to a computer’s central processing unit (CPU), chipsets, and peripheral devices, such as keyboards and printers. It also will enable applications and components of these applications to run in a protected memory space that is highly resistant to tempering and interference.
The pc-specific secret coding within palladium makes stolen files useless on other machines as they are physically and cryptographically locked within the hardware of the machine. This means software attacks can’t expose these secrets. Even if a sophisticated hardware attack were to get at them, these core system secrets would only be applicable to the data within a single computer and could not be used on other computes.
PALLADIUM-AS A SOLUTION (AS SHOWN IN FIGURE 2)
Palladium is based on the concept of trusted space. A closed sphere of trust binds data or a service, to both a set of users and to a set of acceptable applications. Due to this an unauthorized user cannot access the data or software which is based on a server.
In the revised system the encrypted question papers are put up on the J.N.T.U’s palladium based server and all the affiliate colleges use college-specific palladium computers. It works as follows:
A third party trusted agent (government or private programmed) is employed who is responsible for granting of access to JNTU examination server. It processes the requests and forwards only those certified by the “nexus” of the JNTU’s palladium based server
CONCLUSION:
The capability of security enabled components still lags behind the claims. Basic security challenges in the corporate realm are not yet completely addressed. Nevertheless the cumbersome combats devised against each of the security fissures, yet the cyber MAVERICKS all around the world are succeeding in their ways of perdition. This was quite evident from the E-attacks on BARC server & post-September11th cyber attacks on FBI sites where even sophisticated surveillance systems couldn’t come to their rescue. A case in point is that, E-ATTACKS are becoming notoriously peerless as compared with the traditional nuke-wars. Consequently, in the quench of thirst for more and more secured systems BIOMETRIC SYSTEMS, QUANTUM-CRYPTOGRAPHY and many more are innovatively being implemented at a cumulative pace. If we are not exaggerating, let’s be optimistic of a 100% foolproof, secured global village in the near future. Doesn’t Forget Newton’s law say “Every action has got an equal but opposite reaction”?