NGSCB Provides Secure Computing Platform

NGSCB
1 INTRODUCTION
Today's personal computing environment is built on flexible, extensible, and feature-rich platforms that enable consumers to take advantage of a wide variety of devices, applications, and services. Unfortunately, the evolution of shared networks and the Internet has made computers more susceptible to attacks at the hardware, software, and operating system levels. Increasing existing security measures, such as adding more firewalls and creating password protection schemes, can slow data delivery and frustrate users. Using only software-based security measures to protect existing computers is starting to reach the point of diminishing returns.
These new problems have created the need for a trustworthy computing platform. Users want computers that provide both ease-of-use and protection from malicious programs that can damage their computers or access their personal information. Because they use their computers to process and store more and more valuable and important data, users need a platform that addresses their data security, personal privacy, and system integrity needs.
IT DEPARTMENT,UCE,KARIAVATTOM
Page 1
NGSCB
The next-generation secure computing base (NGSCB) is a combination of new hardware and operating system features that provides a solid foundation on which privacy- and security-sensitive software can be built. NGSCB does not affect the software running in the main operating system; rather, NGSCBcapable computers provide an isolated execution With NGSCB-capable computers, users can choose to work within the standard operating system environment using their existing applications, services, and devices without any changes, or they can choose to run critical processes by using NGSCB-trusted components that exist in a separate, protected operating environment.
Page 2
NGSCB
1.1 TRUSTED COMPUTING

Trusted Computing (TC) is a technology developed and promoted by the Trusted Computing Group, which is an initiative started by companies like AMD, INTEL, IBM, MICROSOFT etc. With Trusted Computing, the computer will consistently behave in expected ways, and those behaviors will be enforced by hardware and software. In practice, Trusted Computing uses cryptography to help enforce a selected behaviour. The main functionality of TC is to allow someone else to verify that only authorized code runs on a system. It aims to provide a level of security which is beyond the control of the PC user, and is therefore resistant to attacks which the user may deliberately or accidentally allow. Trusted computing wrests control from the PC's owner/user, and potentially places it in the hands of content providers or other parties.
Page 3
NGSCB
MICROSOFT PALLADIUM -NGSCB
The Next-Generation Secure Computing Base (NGSCB), formerly known as Palladium, is a software architecture designed by Microsoft which is expected to implement "Trusted Computing" concept on future versions of the Microsoft Windows operating system. Palladium is part of Microsoft's Trustworthy Computing initiative. Microsoft's stated aim for palladium is to increase the security and privacy of computer users. Palladium involves a new breed of hardware and applications in along with the architecture of the Windows operating system. Designed to work side-by-side with the existing functionality of Windows, this significant evolution of the personal computer platform will introduce a level of security that meets the rising customer requirements for data protection, integrity and distributed collaboration. It's designed to give people greater security, personal privacy and system integrity. Internet security is also provided by palladium such as protecting data from virus and hacking of data. In addition to new core components in Windows that will move the Palladium effort forward, Microsoft is working with hardware partners to build Palladium components and features into their products. The new hardware architecture involves some changes to CPUs which are significant from a functional
IT DEPARTMENT,UCE,KARIAVATTOM Page 4
NGSCB
perspective. There will also be a new piece of hardware called for by Palladium that you might refer to as a security chip. It will provide a set of cryptographic functions and keys that are central to what we're doing. There are also some associated changes under the chipset, and the graphics and I/O system through the USB port all designed to create a comprehensive security environment. "Palladium" is the code name for an evolutionary set of features for the Microsoft Windows operating system. When combined with a new breed of hardware and applications, "Palladium" gives individuals and groups of users greater data security, personal privacy and system integrity. Designed to work side-by-side with the existing functionality of Windows, this significant evolution of the personal computer platform will introduce a level of security that meets the rising customer requirements for data protection, integrity and distributed collaboration . NGSCB relies on hardware technology designed by members of the Trusted Computing Group (TCG), which provides a number of security-related features, including fast random number generation, a secure cryptographic co-processor, and the ability to hold cryptographic keys in a manner that should make them impossible to retrieve, even to the machine's owner. It is this latter ability that makes remote attestation of the hardware and software configuration of an NGSCB-enabled computer possible, and to which the opponents of the scheme
NGSCB
chiefly object. Several computer manufacturers are selling computers with the Trusted Platform Module chip, notably IBM Lenovo Think Pads and the Dell OptiPlex GX620. Users implicitly trust their computers with more of their valuable data every day. They also trust their computers to perform more and more important financial, legal and other transactions. "Palladium" provides a solid basis for this trust: a foundation on which privacy- and security-sensitive software can be built. There are many reasons why "Palladium" will be of advantage to users. Among these are enhanced, practical user control; the emergence of new server/service models; and potentially new peer-to-peer or fully peer-distributed service models. The fundamental benefits of "Palladium" fall into three chief categories: greater system integrity, superior personal privacy and enhanced data security.These categories are illustrated in Fig 1.1
Page 6
NGSCB
Fig 1.1 Palladium enabled system Today's personal computing environment has advanced in terms of security and privacy, while maintaining a significant amount of backward compatibility. However, the evolution of a shared, open network (the Internet) has created new problems and requirements for trustworthy computing. As the personal computer grows more central to our lives at home, work and school, consumers and business customers alike are increasingly aware of privacy and security issues. Now, the pressure is on for industry leaders to take the following actions:
Page 7
NGSCB
Build solutions that will meet the pressing need for reliability and integrity. Make improvements to the personal computer such that it can more fully reach its potential and enable a wider range of opportunities. Give customers and content providers a new level of confidence in the computer experience. Continue to support backward compatibility with existing software and user knowledge that exists with Windows systems today. Together, industry leaders must address these critical issues to meet the mounting demand for trusted computing while preserving the open and rich character of current computer functionality.
Page 8
NGSCB
3 ARCHITECTURE
"Palladium" comprises two key components: hardware and software.
3.1 Hardware Components

Hardware Components of Next Generation Secured Computing Base (NGSCB) are also known as Trusted Computing Platform (TCP) which includes:
Trusted Platform Module (TPM) curtained memory feature
Trusted Platform Module (TPM)

Trusted Platform Module (TPM) is a hardware chip embedded in the motherboard, also called SSC - Security Support Component. It provides a number of security-related features, including fast random number generation, a secure cryptographic co-processor, and the ability to hold cryptographic keys so as to prevent them from retrieving by hackers, even the machine's owner. It carries a unique public/private key pair for the computer to establish its identity when needed.
NGSCB
Fig 2: TPM architecture
Random Number Generator: Used for generating asymmetric as well as symmetric keys Asymmetric key generation: This module generates RSA keys for the TPM. Hash engine: It provides SHA-1 functionality. Ecryption decryption engine: It is used for signing/verifying AIK keys.
The various keys used in TPM are : 1.The Endorsement Key (EK) is a pair of RSA keys that is installed when the TPM is manufactured. The public EK value is used to uniquely identify a TPM
NGSCB
and will not change during the TPM's lifetime. The private part of that key cannot be extracted from the TPM, and records of it at manufacture time should be destroyed. Trusted computing wrests control from the PC's owner/user, and potentially places it in the hands of content providers or other parties. The uniqueness of the TPM EK threatens the privacy of the PC user. 2.The Storage Root Key (SRK) is also a pair of RSA keys that is used to encrypt other keys stored outside the TPM. SRK is in effect the Root of Trust for Storage (explained later). SRK can change when a new user takes ownership of the TPM. 3. Platform Configuration Register (PCR) store platform configuration measurements. These measurements are normally hash values (SHA-1) of entities (applications) running on the platform. 4. Attestation Identity Key (AIK): In remote attestation to know that you are communicating with a valid TPM-enabled platform.
Page 11
NGSCB
CURTAINED MEMORY
NGSCB also relies on a curtained memory feature provided by the CPU. Data within curtained memory can only be accessed by the application to which it belongs, and not by any other application or the Operating System. The attestation features of the TPM can be used to confirm to a trusted application that it is genuinely running in curtained memory; it is therefore very difficult for anyone, including the owner, to trick a trusted application into running outside of curtained memory. This in turn makes reverse engineering of a trusted application extremely difficult. Intel's Trusted Execution Technology (TXT) already offers this feature.
Page 12
NGSCB
3.2 Software Components

Hardware Components of Next Generation Secured Computing Base (NGSCB) are also known as Trusted Operating System(TOS) which includes: NEXUS Nexus Computing Agents (NCAs)
NEXUS
The component in Microsoft Windows that manages trust functionality for "Palladium" user-mode processes (agents). The nexus executes in kernel mode in the trusted space. It provides basic services to trusted agents, such as the establishment of the process mechanisms for communicating with trusted agents and other applications, and special trust services such as attestation of requests and the sealing and unsealing of secrets. Special processes that work with nexus are called Agents. Can run different nexuses on a machine but only one nexus at a time;
Page 13
NGSCB
Nexus Computing Agents (NCAs)

A trusted agent is a program, a part of a program, or a service that runs in user mode in the trusted space. A trusted agent calls the nexus for security related services and critical general services such as memory management. A trusted agent is able to store secrets using sealed storage and authenticates itself using the attestation services of the nexus. One of the main principles of trusted agents is that they can be trusted or not trusted by multiple entities, such as the user, an IT department, a merchant or a vendor. Each trusted agent or entity controls its own sphere of trust, and they need not trust or rely on each other.
Together, the nexus and trusted agents provide the following features: Trusted data storage, encryption services for applications to ensure data integrity and protection. Authenticated boot, facilities to enable hardware and software to authenticate itself.
Page 14
NGSCB
COMPUTING ENVIRONMENTS
NSGCB operates two operating systems in ONE system Two Modes: Normal Mode and Trusted Mode.
Normal Mode:
Un-protected environment Same as our current Windows series Fully Controlled by the users
Trusted Mode:
Protected environment
Page 15
NGSCB
Users have no authorities to modify, delete, or copy ANY content. Implemented implementation Fully Controlled by the computers TC: Hardware and Software
FEATURES
The four main features of NGSCB are: 1. Strong Process Isolation 2. Sealed Storage 3. Attestation 4. Secured Path I/O
STRONG PROCESS ISOLATION Isolate protected and non-protected operating environment that are stored in the same memory using curtained memory feature of CPU.
Page 16
NGSCB
Blocks the access of Direct Memory Access (DMA) devices in term of writing and reading to secured block of memory Block access of malicious code like spyware, or viral attack, even if those attacks are launched on the same CPU at the kernel level Claimed: no illegitimate access will occurring in protected environment
SEALED STORAGE
Sealed storage is an authenticated mechanism allows a program to store confidential information by sealing it. Sealed data is only accessible to the program, Nexus, and machine that sealed it, although the capability to access it can be safely passed to other trusted programs(NCA). NGSCB use Trusted Platform Module (TPM)to do this TPM has own encryption services to generate cryptographic key for Sealing.
Page 17
NGSCB
NCA uses these keys to encrypt data, access file system, and provide storage services. Once sealed, data is safe from interception or tampering. Thus sealed data may be stored on unsecured disk drives, sent over unsecured transmission links, or even left in unprotected RAM with no concerns about its interception or misuse. Claimed: No unauthorized application can read the sealed storage whatsoever (at boot up, or running).
Page 18
NGSCB
ATTESTATION This mechanism for authenticating the trustworthiness of software and hardware configurations is a bit like having a document notarized Attestation lets other computers know that your computer is really the computer it claims to be, and is running the software it claims to be running Confirm the recipient that the data was digital signed by the NGSCB and data was cryptographically identifiable Useful in networking, prove its identity securely before transmit any data. Secure path to and from the user This mechanism provides a secure data channel between input and video devices and the nexus. Ensure the information remains securely through the input/output of the devices by encrypting the input/output, ie; creates a secure path. This allows the nexus to assure that data entered by the user and presented to the user cannot be read by Trojan programs or spyware which might try to mimic or intercept input, to obscure or alter output.
NGSCB
Protects computer from: Keystroke recorded(Keyboard sniffing)
6 ADVANTAGES OF PALLADIUM
6.1 BLOCK MALICIOUS CODE One of the more promising aspects that Palladium will bring to end-users is the ability to authenticate the programs they use. A user will allow certain applications access to resources. Originally, it was thought that Palladium would not permit unauthorized code to run on a system; therefore it would stop the execution of programs like viruses. Recently, however, Microsoft has backed off these claims about Palladium. Now it simply claims that Palladium will provide a secure execution environment for anti-virus programs (MS Palladium Technical FAQ). The benefit of a secure environment is that viruses and other malicious code cannot alter the behavior of a Palladium-enabled antivirus program. Microsoft has decided that legacy support for existing Windows applications is important enough so as not to require all programs to be rewritten for Palladium. This means that existing programs and viruses will still run on a Palladium system. The implied benefit to Palladium, aside from the added protection to anti-virus programs, is the increased authentication with new Palladium enabled programs. If Palladium proliferates as Microsoft hopes, there will come a time when legacy support will not be
NGSCB
important anymore, and unauthorized programs will not be run. It appears as though this is the first step on the way to that idea. 6.2 DIGITAL RIGHT MANAGEMENT The digital rights management (DRM) potential with a Palladium system is what content producers and distributors are interested with. Digital rights management has to do with controlling whom and how long content is distributed. Microsoft touts Palladium as being independent of any existing DRM technology today. On the other hand, it acknowledges that Palladium systems are being designed to coincide with DRM technologies to help content developers A Palladium system is supposed to make it easier for individual users to implement DRM on their own personal data. For example, a user may setup a vault containing credit card information. Palladium would allow the user to setup a group of trusted agents that would have access to all or certain parts of that data. Along with data, Palladium promises to give users the option to regulate time interval that data is available to the trusted agents they have specified.
Page 21
NGSCB
7 DISADVANTAGES OF PALLADIUM
7.1 UPGRADES In order to take advantage of what Palladium is supposed to offer, users will have to upgrade both their current operating systems and hardware. The next version of Windows, due out in 2004, will need hardware support for Palladium features to work at all. It is unclear at this point whether the next major Windows release will run on non-Palladium compatible hardware. The central processing unit will have to support the trusted execution mode that Palladium offers. It is clear that future motherboards will need to contain the security chip for Palladium to run properly. More upgrades may be of concern in the area of graphic hardware and peripherals such as keyboards and mice because of the encryption in between these hardware devices and the software they are interacting with. 7.2 INTEROPERABILITY Palladium has received wide criticism for being a so-called General Public License (GPL) killer (Anderson). Now, Microsoft clearly states that the Palladium-enabled operating system will be able to co-exist with any Linux based system, just as their operating systems do today. The question that comes to mind is, will that change with wide spread adoption of the Palladium
NGSCB
architecture? For example, if a bank switches over to exclusively Palladium systems, would customers of that bank who dont run Palladium systems be able to use the banks services? Palladium is not a direct attack on GPL or Linux based system, but is an attempt to change the rules of the names. 5.3 LEGACY PROGRAMS By Microsofts own admission, the Palladium-enabled operating system will not have perfect legacy support (MS Palladium Technical FAQ). All existing debuggers will need to be updated in order to work under Palladium. Performance tools that monitor operating system or user processes will need to be updated. Any memory dump software will not work correctly without changes to support Palladium. Hibernation features of motherboards will need to be updated as well. Memory scrub routines, at the hardware level, will need to be rewritten to accommodate Palladium. The reason for all of these updates is the trusted agent policy that Palladium enforces. No program is allowed to invade the execution space for any other program. In the case of a debugger, it will need special permission from the operating system to monitor the execution space of the target program. Even software developed for the TCPA specification will need to be rewritten if it tries to directly write to any TCPA hardware. This description of incompatible legacy programs is by no means comprehensive; it is simply what Microsoft is disclosing at this time.
NGSCB
8 NGSCB APPLICATIONS
Many applications involved NGSCB: regular computing, networking, DRM, others Example: Microsoft Word Restrict user: View/Copy/Write/Open/Close Not compatible with other *.doc applications, ie. OpenOffice Written document is Signed and Encrypted with Microsoft Word --- Only Word has the private key to decrypt it Networking application: Cannot file-sharing via P2P Cannot open your friends packed programs Presumably Secured with connected in network Microsoft Explorer / Outlook User might be able to see the content but not able to Copy-andPaste to other applications Users have no right to do whatever they wanted to do
Page 24
NGSCB
8 ANALYSIS and CONCLUSIONS

Today, IT managers face tremendous challenges due to the inherent openness of end-user machines, and millions of people simply avoid some online transactions out of fear. However, with the usage of "Palladium" systems, trustworthy, secure interactions will become possible. This technology will provide tougher security defenses and more abundant privacy benefits than ever before. With "Palladium," users will have unparalleled power over system integrity, personal privacy and data security. Independent software vendors (ISVs) that want their applications to take advantage of "Palladium" benefits will need to write code specifically for this new environment. A new generation of "Palladium"- compatible hardware and peripherals will need to be designed and built. The "Palladium" development process will require industry wide collaboration. It can only work with broad trust and widespread acceptance across the industry, businesses and consumers. "Palladium" is not a magic bullet. Clearly, its benefits can only be realized if industry leaders work collaboratively to build "Palladium"compatible applications and systems - and then only if people choose to use
NGSCB
them. But the "Palladium" vision endeavors to provide the trustworthiness necessary to enable businesses, governments and individuals to fully embrace the increasing digitization of life. The Internet and the proliferation of digital content have sparked the need for more privacy and security of data. The looming question whenever anyone talks about security and privacy is: for whom? Palladium certainly gives digital content providers the control over their product that they have wanted for a long time. In recent months, Microsoft has clearly emphasized the benefits that the marriage of Palladium and DRM can bring to end-users. Microsoft claims that users will have complete control of their personal information. The Palladiumenabled operating system isnt due for at least another year. It could take months after the initial release for anyone to feel its effects. It is clear, however, that widespread adoption of Palladium will fundamentally change how we use are personal computers. The question is, will this change be for the better or the worse?
Page 26
NGSCB
10.IEEE-ABSTRACT
This paper appears in: Electronic and Mechanical Engineering and Information Technology (EMEIT), 2011 International Conference on Issue Date : 12-14 Aug. 2011 Volume : 6 On page(s): 3048 - 3053 Print ISBN: 978-1-61284-087-1 INSPEC Accession Number: 12263384 Digital Object Identifier : 10.1109/EMEIT.2011.6023732 Date of Current Version : 19 September 2011
Abstract
This paper mainly analyzes the Microsoft's implementations of Trusted Computing in its Next-Generation Secure Computing Base (NGSCB), and investigates that why NGSCB can build a secure and trusted system, and shows how it is built. In addition, Windows secure ability on withstanding attacks is also presented, and some defects that brought reproach upon NGSCB are proposed. Finally, some related works are listed, compared with the NGSCB.
Index Terms
IEEE Terms Computer architecture , Computers , Hardware , Kernel , Security
INSPEC
o
Controlled Indexing next generation networks , operating systems (computers) , security of data
Non Controlled Indexing Microsoft implementation , NGSCB , Windows secure ability , next generation secure computing base , secure system , trusted computing technology , trusted system
Author Keywords CPU rings , isolation kernel , kernel integrity check , trusted Comput
Page 27
NGSCB
9 BIBILIOGRAPHY
A Trusted Open Platform Paul England, Butler Lampson, John Manferdelli, Bryan Willman: Microsoft Corporation.(IEEE JOURNAL, ISSN: 0018-9162) Research on Trusted Computing Implementations in Windows-Shu-xia Wang; Yin-chuan Wang; ISBN: 978-1-4244-7669-5 technet.microsoft.com Anderson, R. TCPA / Palladium Frequently Asked Questions Version 1.0. July2002. University of Cambridge Online. 5 Jan 2003 <http://www.cl.cam.ac.uk/users/rja14/tcpa-faq.html>. Trusted Computing Group : www.trustedcomputinggroup.org Microsoft Palladium.. Electronic Privacy Information Center Online. <http://www.epic.org/privacy/consumer/microsoft/palladium.html>.
Page 28

NGSCB Provides Secure Computing Platform

Hochgeladen von

Dokumentinformationen

Originalbeschreibung:

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

NGSCB Provides Secure Computing Platform

Hochgeladen von

Copyright:

Verfügbare Formate

NGSCB

1.1 TRUSTED COMPUTING

MICROSOFT PALLADIUM -NGSCB

3.1 Hardware Components

Trusted Platform Module (TPM) curtained memory feature

Trusted Platform Module (TPM)

Fig 2: TPM architecture

3.2 Software Components

Nexus Computing Agents (NCAs)

Protects computer from: Keystroke recorded(Keyboard sniffing)

8 ANALYSIS and CONCLUSIONS

IEEE Terms Computer architecture , Computers , Hardware , Kernel , Security

Das könnte Ihnen auch gefallen