Schneier Analyzes Palladium

bcrowell writes "This month's CryptoGram from Bruce Schneier has an analysis of what little information people have been able to glean (without signing an NDA) about Microsoft's Palladium initiative." We might as well throw in a direct link to Schneier's look at the MPAA License to Hack bill as well.

More info here

[countach]

There is more info at the EFF here. And donate some money while you're at it. That's more likely to help than a slashdot whine.

TCPA / Palladium FAQ v1.0

[Camillo]

Bruce also refers to Ross Anderson's TCPA/Palladium FAQ, which is well worth a read. Of particular /. interest is question 18, cryptically titled "Ugh. What else?":

"TCPA will undermine the General Public License (GPL), under which many free and open source software products are distributed." "You will still be free to make modifications to the modified code, but you won't be able to get a certificate that gets you into the TCPA system."

A lot of background information can also be found from Ross' page about Economics and Security.

You should ask yourself the question "if a computer can run code in a protected environment, whose code would you be willing to let into the computer?" Once it's there, it is protected - even from you.

Re:TCPA / Palladium FAQ v1.0

[pmz]

Part of the answer for question 22 in Ross' FAQ is even more disturbing:

"When I asked [the Microsoft Research speaker] whether this meant getting rid of linux he replied that linux users would have to be made to use content screening."

Currently, there is a "digital divide" between those who have computers and Internet access and those who don't. Palladium raises the bar to divide those who have Palladium and those who don't. This scares the shit out of me (not literally, now, put probably so in a few years).

If power over people is founded in controlling information, then....

On the same topic...

[jnd3]

Bob Cringely wrote a column on the same topic about a month ago. He called Palladium a Rosetta Stone for malicious hackers. Sounds like a blast.

That's just what I want, another Microsoft initiative aimed at security. They've done such a good job at it so far that now I'm a whisper away from getting my account canceled by my ISP -- all because some Outlook/Outlook Express user somewhere has Klez and our e-mail address.

hardware and software keys.

[mikeee]

Yeah. The problem is that the keys you'ld have to get to build VMpd aren't the software keys, they're the hardware keys. The software keys are what you'ld need to break into a partition on an unmodded palladium box.

This is essentially how an XBox works; having learned (now, finally) from the modchip fiasco, the plan for Palladium calls for embedding the key *inside* the CPU. It might be possible to steal this and then emulate pdCPU in software, but getting that key out will be tricky and no doubt illegal.

(Which means VMWare will never run palladium apps, btw...)

Re:hardware and software keys.

[pjrc]

The base assumption in the XBox paper is that the key is unique to each box. ...

By the way, the hardware used may have been expensive, but the hardware PRODUCED to do it was valued by the author at about $50. So a device could be created to spit out the codes easily and cheaply.

I just wanted to interject a quick reality check. Sure, it looks cheap and easy when quickly reading the paper (or just reading comments on slashdot, most written by people who themselves skimmed or did even read it). It looks so simple and easy...

The bare circuit board was made by Advanced Circuits using their $33 each service (that I've used a few times for my own projects). At the time they had a minimum of 2 boards, now it's three. $99 (plus shipping) is still a GREAT price for prototype circuit boards with 6 mil spacing. The norm for the industry is in the $300 neighborhood.

But that $100 only gets you a tiny bare circuit board with a LVDS to TTL buffer chip and 6 mil traces at the same spacing as the traces on the xbox circuit board (nice of them to route the signals on the outer layer instead of an inner layer with the vias burried under the BGA package).

Another component he used as a Xilinx development board, which probably sells for several hundred dollars, and featured a nice Virtex series FPGA chip (expensive). Even if you get the chip as a free sample, you'll need a 4 to 6 layer board (which is way outside of the $33 double sided service), and the ones with flexible choices of I/O signalling only come in BGA packages... which requires very expensive equipment or hiring an board assembly company to solder it. Those chips can only be programmed using proprietary software. Xilinx does provide some limited free software, but the full version sells between $700 to $2500 depending on which chips is supports.

Now I suppose if you're working in your basement, your labor might be free... but consider the difficultly of soldering those 6 mil traces to the matching 6 mil tracks on the xbox PCB. Also consider that he hand-routed the signals inside the FPGA chip for 200 MHz performance... a very difficult and time consuming task, and he manually tweaked the propagation delay of the clock to get his sampling into the center of the stable bit times of the waveforms on the xbox board.

I've spent quite a bit of time designing with FPGAs (eg, the mp3 player on my website), and I can tell you that this hand optimizing the internal layout of the FPGA, custom tweaked for the other delays in his system, is some very serious voodoo magic that takes an incredible amount of time and patience.

Anyway, my point is that the cost is much more than $50... as a student or engineer with access to much of the equipment, you can discount those other costs. Even if the hardware and software were free, the skill required is absolutely astounding. I know it's easy to read a paper like that and lump it into the collective memory of blubs that "appeared on slashdot" without any (or much) appreciation for what an incredible feat it was.

That's why I'm writing this long-winded message... to remind and armchair would-be hardware hackers out there that reading a paper like that prepares one for mastery in hardware hacking about as well as watching the olympic on television prepares one to be a champion figure skater.

So a device could be created to spit out the codes easily and cheaply. It also would not have to be attached for a long period of time, just long enough to retrieve the key. As such you could, theoretically take your xbox to a shop, and be handed the key 2 minutes later. Wouldn't have to solder anything either.

It would be trivial for Microsoft to make all those signals in inner layers of the circuit board in future revisions. Many other more sophisticated counter measures are also possible. Technically unsophisticated laws, like say, the DCMA also serve as a pretty good deterant (at least against a shop doing the work for profit).

But even with the xbox, as it was 1/2 a year ago, the key extraction is a very tough job. The bug in the secret bootloader that allowed the lookup tables for hardware config to bypass the entire process has almost certainly been fixed by now (reportedly, Nvidia recently reported a significant loss on an inventory of xbox specific chips that had to be scrapped... one can only assume they had the original bootloader code and the chips they're making now have a different key and that bug fixed).

So next time you watch figure skating, and they make it look so easy... the same is true with this sort of hardware hacking. Anyone who really does design and play with hardware can tell you that the process described in that paper was absolutely astounding. And while it was relatively cheap, it certainly costs MUCH more than $50.

Re:Offtopic- he's getting overly complex

[killthiskid]

I have flown multiple times in my time in the military, once clear over the Atlantic over to Germany, and I have NEVER seen a pilot with a weapon, let alone ever had any sort of weapon along for the ride.

Of course, these were all peace time, but you are incorrect in saying that pilots carry weapons in the military. While it may occure, I believe it is the exception, not the rule.

Am I really the first person to notice this?

[tdye]

Or have we all just given up commenting about it... Bruce's name is spelled wrong in the headline.

Sheesh...