Slashdot Mirror
Schneier Analyzes Palladium
bcrowell writes "This month's CryptoGram from Bruce Schneier has an analysis of what little information people have been able to glean (without signing an NDA) about Microsoft's Palladium initiative." We might as well throw in a direct link to Schneier's look at the MPAA License to Hack bill as well.
The latest Crypto-Gram has some things to day about Pd, or Palladium as the full name goes. It is interesting, but it doesn't say anything about somthing that sprang to my mind - the possibility of a virtual machine that runs as a Pd device, on top of a non-Pd device, completely breaking the security. This would be hard to do I expect, but not impossible. Those who have written VmWare and similar programs probably have it in them to reverse engineer the protocols used and re-produce them in software, for the sake of argument call it VmPd.
It goes like this:
VmPd runs on a PC, VmPd contains all keys required to access all areas of itself. VmPd is trusted, because it is a trusted PC (which is the point of this whole mess) to do what it is expected to do. For the sake of argument assume we have downloaded The Little Mermaid under license from Disney, and we are only allowed to play it once. We turn off VmPd, and all we have is an encrypted jumble on our hard disk where we set up the partition to host it. We also have the keys to read it though, and simply decrypt the move and show it to our hypothetical little children as many times as we like.
This works because, as I understand it, Pd only allows you to access material with certain rights, depending on what access partition it is under. If Disney set up an access partition for downloading movies, this will be done in a way that trusts your Pd machine.
Assuming that Disney only give you a key when you pay for one, that key will always work unless they can chance how the movie is encrypted. It is conceivable that they would have a player that on-the-fly re-encrypts the movie with a new public key as you view it, every time you view it, and they only give you the new private key when you pay for it. But the transmission of the key is encrypted, trusted because you have a Pd device, so you just intercept the key on its way into VmPd, don't play the movie, and decrypt it yourself and watch as many times as you like.
I am probably missing something, but it makes for interesting thinking.
There is more info at the EFF here. And donate some money while you're at it. That's more likely to help than a slashdot whine.
This sums it up pretty nicely, I think.
With all this non-resalable equipment and media, has anyone done an environmental impact study in terms of waste disposal, when your computer and/or it's current OS load and the CDROMs it came on can no longer be donated to the local orphanage?
We're already having problems with monitors and computers (it costs to throw a monitor away where I live, unless you take it to the dumpster at 3AM), with most printed circuit board finding their way to heavily contaminating the countryside during cheap-labor disassembly after shipping to Asia.
-- Terry
Viewed from the 10,000ft level, it sounds like a common Hollywood plot (Pd in parens):
It's the year 2050 (2004) and the government (MS) is telling everybody how they will live (compute). Trust is guaranteed by the government (MS) and violators will be punished (digitally locked out). The people (programmers), though outwardly happy (productive), harbor deep lingering desires for freedom (open source).
Then, along comes a rough-shaven, rogue hero (hacker), played by Stallone or Schwarzenegger (Torvalds). The aforementioned hero (hacker) then liberates the people (programmers) from the tyranny of the government (MS). The people (programmers) are overjoyed, their lives have returned to normal.
So - if it ever played out like this, I'm sure someone in Hollywood already has the rights to the script. Will they own us?
Alan.
"TCPA will undermine the General Public License (GPL), under which many free and open source software products are distributed." "You will still be free to make modifications to the modified code, but you won't be able to get a certificate that gets you into the TCPA system."
A lot of background information can also be found from Ross' page about Economics and Security.
You should ask yourself the question "if a computer can run code in a protected environment, whose code would you be willing to let into the computer?" Once it's there, it is protected - even from you.
Bruce Writes:
"It's hard to sort out the antitrust implications of Pd. Lots of people have written about it. Will Microsoft jigger Pd to prevent Linux from running? They don't dare."
I dont have the same impression of Microsoft that Bruce seems to have. If i go trough what they have done in the past there is nothing they wouldnt do to get more control. They will almost certainly have a licence tailored to make it hard for Open Source/Linux to implement it without breaking GPL.
Considering that GPL is a bigger threat to them than linux itself i assume they will take a shot at it. GPL is the one thing stopping them from stomping all over Open Source wreaking hawoc like in Simpson. They much prefer the BSD licence where they can "borrow" code since the despite their extremely big cashpile cant get people who knows how to code.
HTTP/1.1 400
After reading the article, I can't imagine that a home user would ever make a point of purchasing a system on the order described. Hardware-level tampering resistance is a good thing for Department of Defense computers, say, but does the average home user, surfing the web and storing recipes, really have to worry about someone leeching that information from residual information that could (maybe) be gleaned from the CPU itself?
Dear lord! Perish the thought.
I can't even imagine most companies having to deploy something on this order to safeguard their data. Hell, I'm not even sure the military needs it.
For reference, the Department of Defense has a series of guides and guidelines for locking systems down to ensure security. These are called STIGs and are created by DISA (Defense Internal Security Agency) and the NSA (National Security Agency). When the guides are applied the machines are as secure as can be made.
Part of the guidelines cover physical security; i.e., if someone can reach your hardware physically without being cleared for it, you fail that part of the check. As such, I can't imagine how Palladium would not be redundant to things we already have in place.
For good security, you can use smartcards with a PKI certificate, anyway. Don't let someone sign on without one, don't let them access data without one, have an active and interested central monitoring and issuing authority and practice good physical security. Save the money you'd spend on Palladium equipment.
We're already well down that road. It is very easy to see a day when the general computing device we all know and love will be illegal because it makes it way too easy to copy digital data. Nevermind that what made the general computing device popular is that it manipulates digital data so easily.
We all know what the industry wants. THe industry wants a pay per view world where every consumer pays every time he views industry owned content and the industry is protected from competition because they control the technology that allows content to be created. It isn't about fairness. It isn't about content authors getting paid. It's about greed, plain and simple.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
Palladium, Pd46, Heat of vaporization 357.0 kJ/mol. I quess kJ/mol means, KiloJournalists / Microsoft's Obfuscated Literature?
as all chemistry students will learn:
Palladium (Pd) + MP[3/G/EG] (MP*) => Fire.
$cat
This brought two ideas to mind...
Ok, time for work...
Curmudgeon Gamer: Not happy
To quote : "3. Like everything else Microsoft produces, Pd will have security holes large enough to drive a truck through. Lots of them. And the ones that are in hardware will be much harder to fix. Be sure to separate the Microsoft PR hype about the promise of Pd from the actual reality of Pd 1.0."
Sure, Microsoft has to date produced lots of software with security holes "large enough to drive a truck through". However bear in mind that the holes have usually been a consequence of the overriding principle of wanting to keep things user-friendly at all costs. Their past history doesnt imply anything about how secure they can make their stuff. Certainly, Microsoft hires a lot of smart people and I'm sure that if they were given the mandate to design and implement a secure infrastructure, they could do it - something that Bruce seems to think is impossible.
There is no such thing as luck. Luck is nothing but an absence of bad luck.
No circuit boards would be dumped in Asia. They would remain embedded in ever growing stacks of redundant consumer electronics devices in American living rooms.
One side effect: sales of outlet strips, surge protectors, A/V cables and video selector switches will skyrocket. Buy Belkin stock today to get in on the ground floor.
The home user bought Office 2000 because of the helpful little paperclip. He will buy this.
Being defeatist about it doesn't do squat. I bring these kinds of articles to work. I leave them in the lunch room. I don't have to proselytise any more than that; everyone knows it's me leaving them, and they ask me. I tell them what's going on and what they can do about it, including the downsides ("You will have to learn more about your computer. You will have to do some research before you buy new hardware. You won't have as many commercial applications available, and that includes games.").
I keep a supply of Live-CD distros in my desk and I give them away. Microsoft has lost several Joe Sixpack level customers from this activity. I will help people do the switch, while making it clear to them that I'm not an expert or a professional, just a guy willing to help; I will always make a full backup if they have a burner (except for XP), and I will always recommend a dual-boot at least to start with, and I will always promise to do my best to restore their system (no guarantees) if they decide to go back to all-Windows. So far no one has taken me up on that last one.
The base assumption in the XBox paper is that the key is unique to each box. But that it isn't relevent.
Once captured off the bus the key can be revealed and used to decrypt everything else as necessary.
By the way, the hardware used may have been expensive, but the hardware PRODUCED to do it was valued by the author at about $50. So a device could be created to spit out the codes easily and cheaply. It also would not have to be attached for a long period of time, just long enough to retrieve the key. As such you could, theoretically take your xbox to a shop, and be handed the key 2 minutes later. Wouldn't have to solder anything either.
Can someone please explain why the desired level of security can't be obtained by only software?
Because the control mechanism in any von Neumann machine is in the same band as the stuff being controlled (ie, the OS - which enforces the security policy - operates in the same space - the CPU's available memory - as the programs which may, or may not, behave themselves).
Ultimately, the only way to have a secure audit trail for how a computer got to its current state is to have the verifier out of band from the verified. This is why you need the trusted component (the tamper proof verifier which can sign the logs of the host system). Assuming no-one can get to the trusted component private keys (even, or especially, the computer owner), another computer can trust the signature to be an accurate representation of the state of the original machine.
By the way, it's this in-band control mechanism which means that the Internet Protocols have an incredibly hard time defending themselves against DoS attacks - because the ICMP packets travel along the same route as the TCP/UDP packets. If you can interfere with the data stream, you can interfere with the control stream as well. The phone companies found this out ages ago, which is why whistling at 2600Hz doesn't work any more.
--Ng
I don't think any of us here will disagree that piracy happens, and, to individuals such as yourself, it might truly be a problem. However, our two main gripes are 1) they're going about fighting it in all the wrong ways, and 2) the amount of money actually lost to the RIAA through piracy is so small as to be insignificant (to them; if any of us actually got that amount of money it would probably make us very happy), and, from what I can tell, only a very tiny fraction of that would get back to the artists/movie makers/etc.
To address these points more fully:
1) Yes, the piracy happens, and digital piracy happens, but by far the biggest piracy is analog. Most of the problem isn't people ripping a DVD of a movie and distributing that (though it happens); the problem you mentioned, movies appearing early, is usually accomplished by some insider (or semi-insider) leaking it; they have access to the original source material, so none of this would stop them from copying it. The other problem is that they are assuming the consumers are all thieves, and thus punishing everyone for the sins of a few. What they could be doing instead is looking for better ways to make buying the product attractive (like dropping prices or something).
2) The RIAA/MPAA talk about numbers of pirated copies sold in a certain period (side note: how the heck do they even know? Do the pirates tell them??), and take those, with the amounts they would have been paid, had all those copies been bought from them, and come up with an amount that they call the amount of money they've lost to piracy during that period. The first problem with this is that, if they had not bought the pirated copies, most of those people would not have bought anything from the RIAA/MPAA. Then, even if those numbers were correct, I think they could afford it. How much do they spend on campaign contributions a year? I would bet that it's at least as much. And, of course, the "poor artists" who are being robbed by the "evil pirates" would get very little of the money.
Once again, if any of this information is inaccurate, please do not be offended; instead, simply tell me what I've gotten wrong.
Dan Aris
Fun. Free. Online. RPG. BattleMaster.
Yes and no here's my take on it
/.ers who rely on ourselves and open sources of information. Your wallet is only the tip of the iceburg, they want your mind, Pd is The Matrix with nightly reboots.
I disagree with Schneier on several points -
Will Microsoft jigger Pd to prevent Linux from running? They don't dare.
and earlier he says -
Some say that Pd is, in fact, Microsoft's attempt to preempt the TCPA spec.) TCPA is the Trusted Computing Platform Alliance, an organization with just under 200 corporate members
So does he think for a moment that Linux is a "corporate member"? Linux is by it's definition a community, not a corporation and thus cannot "be a member" of the TCPA, of course corporations who sell Linux can be members, but as the corporations involved with Linux are a fraction of what Linux actually is, Linux as a community could be damaged severely if this comes to pass.
Additionally, a new chip is required: a tamper-resistant secure processor.
And who's going to upgrade all those old machines that don't have the chip? And what of all those old machines donated at the end of their corporate or home lives to schools and charities? How much of the data swirling around the data buses is encrypted? Do we need new memory / I/O buses that are deemed "secure"? Are there requirements for sheilding the buses from electromagnetic surveilence? Or are they mandated to be open to some mandated authority? So many questions, and NO answers, if they really have been working on Pd since 1997 and there are no answers to these fundemental questions then I call BS.
Pd provides protection against two broad classes of attacks. Automatic software attacks (viruses, Trojans, network-mounted exploits) are contained because an exploited flaw in one part of the system can't affect the rest of the system.
Or *nix as it's usually called. Given that MS software has been and continues to be highly insecure does anyone really think that they can pull this off? The paragraph continues -
And local software-based attacks (e.g., using debuggers to pry things open) are protected because of the separation between parts of the system.
So how much will I have to pay MS to run a debugger? And will there be any other debuggers allowed to run other than MS ones?
There are security features that tie programs and data to CPU and to user, and encrypt them for privacy.
Does that mean that every user (member of family, freind, co-worker, etc) that uses a machine will require a seperate licence to get a seperate key or is it all encrypted with the owners rather than users key? And how are data and keys moved from machine to machine? What happens if keys (like the Regiistry before hand) become corrupt?
Your computer will have several partitions, each of which will be able to read and write its own data.
And what if a partition becomes corrupted? Do we have some sort of digital reciept if we got something from the Net so that we can get back from the Net what was lost locally? If so who enforces the contractual obligations of the digital seller? What if the seller ceases trading?
There's nothing in Pd that prevents someone else (MPAA, Disney, Microsoft, your boss) from setting up a partition on your computer and putting stuff there that you can't get at.
So the MPAA could just DoS me by using up all my drive space so I don't have any room to put MP3s on my machine?
Microsoft has repeatedly said that they are not going to mandate DRM, or try to control DRM systems, but clearly Pd was designed with DRM in mind.
They also say that they arent an abusive monopoly or that they arent hiding anything by not decaring share optionson their balance sheet.
There seem to be good privacy controls, over and above what I would have expected.
So no dial in to MS then to give up your blood type and sexual preference then??
And Microsoft has claimed that they will make the core code public, so that it can be reviewed and evaluated.
When? 2010? 2050?
It's hard to sort out the antitrust implications of Pd.
Why would they care? Hasnt Bruce been following the current case? Doesnt he realise that MS 0wnz the DoJ?
Will it take standard Internet protocols and replace them with Microsoft-proprietary protocols? I don't think so.
The word Halloween comes to mind...
Will Microsoft enforce its Pd patents as strongly as it can? Almost certainly.
Except in countried where software patents arent recognised
Lots of information about Pd will emanate from Redmond over the next few years, some of it true and some of it not.
Whoa! Some of it "true"?
1. A "trusted" computer does not mean a computer that is trustworthy. The DoD's definition of a trusted system is one that can break your security policy; i.e., a system that you are forced to trust because you have no choice. Pd will have trusted features; the jury is still out as to whether or not they are trustworthy.
Didnt NT have a C5 rating? Hehe...
I doubt that you or I could, and still enjoy the richness of the Internet. Microsoft really doesn't care about what you think; they care about what the RIAA and the MPAA think. Microsoft can't afford to have the media companies not make their content available on Microsoft platforms, and they will do what they can to accommodate them.
Yeah I mean it's not like people are ripping CDs and DVDs all the time and making them available over the Net with downloads in the billions per month or anything.... DOH!
3. Like everything else Microsoft produces, Pd will have security holes large enough to drive a truck through. Lots of them. And the ones that are in hardware will be much harder to fix. Be sure to separate the Microsoft PR hype about the promise of Pd from the actual reality of Pd 1.0.
At last! Pd is right now a big PR exercise with a bit of crappy MS code behind it that probably has hundreds of obvious holes (buffer overflow anyone?)
4. Pay attention to the antitrust angle. I guarantee you that Microsoft believes Pd is a way to extend its market share, not to increase competition.
and -
There's also a lot I don't like, and am scared of. My fear is that Pd will lead us down a road where our computers are no longer our computers, but are instead owned by a variety of factions and companies all looking for a piece of our wallet. To the extent that Pd facilitates that reality, it's bad for society. I don't mind companies selling, renting, or licensing things to me, but the loss of the power, reach, and flexibility of the computer is too great a price to pay.
Pd is about the control of information, where/how you get it and how you use it, usually the perview of media companies, governments, religous leaders etc for most people on this planet, as opposed to some of us
Any sufficiently advanced man is indistinguishable from God
By the way, the hardware used may have been expensive, but the hardware PRODUCED to do it was valued by the author at about $50. So a device could be created to spit out the codes easily and cheaply.
I just wanted to interject a quick reality check. Sure, it looks cheap and easy when quickly reading the paper (or just reading comments on slashdot, most written by people who themselves skimmed or did even read it). It looks so simple and easy...
The bare circuit board was made by Advanced Circuits using their $33 each service (that I've used a few times for my own projects). At the time they had a minimum of 2 boards, now it's three. $99 (plus shipping) is still a GREAT price for prototype circuit boards with 6 mil spacing. The norm for the industry is in the $300 neighborhood.
But that $100 only gets you a tiny bare circuit board with a LVDS to TTL buffer chip and 6 mil traces at the same spacing as the traces on the xbox circuit board (nice of them to route the signals on the outer layer instead of an inner layer with the vias burried under the BGA package).
Another component he used as a Xilinx development board, which probably sells for several hundred dollars, and featured a nice Virtex series FPGA chip (expensive). Even if you get the chip as a free sample, you'll need a 4 to 6 layer board (which is way outside of the $33 double sided service), and the ones with flexible choices of I/O signalling only come in BGA packages... which requires very expensive equipment or hiring an board assembly company to solder it. Those chips can only be programmed using proprietary software. Xilinx does provide some limited free software, but the full version sells between $700 to $2500 depending on which chips is supports.
Now I suppose if you're working in your basement, your labor might be free... but consider the difficultly of soldering those 6 mil traces to the matching 6 mil tracks on the xbox PCB. Also consider that he hand-routed the signals inside the FPGA chip for 200 MHz performance... a very difficult and time consuming task, and he manually tweaked the propagation delay of the clock to get his sampling into the center of the stable bit times of the waveforms on the xbox board.
I've spent quite a bit of time designing with FPGAs (eg, the mp3 player on my website), and I can tell you that this hand optimizing the internal layout of the FPGA, custom tweaked for the other delays in his system, is some very serious voodoo magic that takes an incredible amount of time and patience.
Anyway, my point is that the cost is much more than $50... as a student or engineer with access to much of the equipment, you can discount those other costs. Even if the hardware and software were free, the skill required is absolutely astounding. I know it's easy to read a paper like that and lump it into the collective memory of blubs that "appeared on slashdot" without any (or much) appreciation for what an incredible feat it was.
That's why I'm writing this long-winded message... to remind and armchair would-be hardware hackers out there that reading a paper like that prepares one for mastery in hardware hacking about as well as watching the olympic on television prepares one to be a champion figure skater.
So a device could be created to spit out the codes easily and cheaply. It also would not have to be attached for a long period of time, just long enough to retrieve the key. As such you could, theoretically take your xbox to a shop, and be handed the key 2 minutes later. Wouldn't have to solder anything either.
It would be trivial for Microsoft to make all those signals in inner layers of the circuit board in future revisions. Many other more sophisticated counter measures are also possible. Technically unsophisticated laws, like say, the DCMA also serve as a pretty good deterant (at least against a shop doing the work for profit).
But even with the xbox, as it was 1/2 a year ago, the key extraction is a very tough job. The bug in the secret bootloader that allowed the lookup tables for hardware config to bypass the entire process has almost certainly been fixed by now (reportedly, Nvidia recently reported a significant loss on an inventory of xbox specific chips that had to be scrapped... one can only assume they had the original bootloader code and the chips they're making now have a different key and that bug fixed).
So next time you watch figure skating, and they make it look so easy... the same is true with this sort of hardware hacking. Anyone who really does design and play with hardware can tell you that the process described in that paper was absolutely astounding. And while it was relatively cheap, it certainly costs MUCH more than $50.
PJRC: Electronic Projects, 8051 Microcontroller Tools