Palladium
This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA
Overview
Download & View Palladium as PDF for free.
More details
- Words: 2,847
- Pages: 13
Visit: www.geocities.com/chinna_chetan05/forfriends.html
PALLADIUM (NGSCB)
1
Email: [email protected]
Visit: www.geocities.com/chinna_chetan05/forfriends.html
Content: •
Abstract
•
Introduction
Architecture and Technical Details Secure Storage and Attestation Curtained Memory •
Working of palladium
•
Protection using palladium
Uses of palladium Digital Rights Management Network Security Multiplayer Games
•
2
Case study
Email: [email protected]
Visit: www.geocities.com/chinna_chetan05/forfriends.html
o
Re-structing data security of jntu examination system
Existing system
Palladium-as a solution Advantages •
Conclusion
Today the illicit activities of the hackers are growing by leaps and bounds, viz.,
Abstract: “SECURITY”
in
this
contemporary
scenarios has become a more sensible issue either it may be in the “REAL WORLD” or in the “CYBER WORLD”. In the real world as opposed to the cyber world an attack is often preceded by information gathering. Movie gangsters “case the joint”; soldiers “scout the area”. This is also true in the cyber world. Here the “bad guys” are referred to as intruders,
eavesdroppers,
hackers,
hijackers, etc. The intruders would first have a panoramic view of the victim’s network and then start digging the holes.
3
Email: [email protected]
“THE RECENT ATTACK ON THE DNS SERVERS HAS CAUSED A LOT OF HULLABALOO
ALL OVER THE
WORLD”.
However, fortunately, the
antagonists
reacted
promptly
and
resurrected the Internet world from the brink of prostration. Newton’s law says “Every action has got an equal but opposite reaction”.
So is the case with this.
Nevertheless the security breaches and eavesdroppers, the technological prowess has been stupendously developed to defy against each of the assaults. Our paper covers
the
ADVANCED
technical
Visit: www.geocities.com/chinna_chetan05/forfriends.html combats that have been devised all through the way, thus giving birth to the notion of “NETWORK -SECURITY”. Various
antidotes
that
are
in
fact
inextricable with security issues are – Cryptography, Authentication, Integrity and Non Repudiation, Key Distribution and certification, Access control by implementing Firewalls etc. To satiate the flaws in the network security
more
and
more
advanced
security notions are being devised day by day. Our paper covers a wide perspective of such arenas where the contemporary cyber world is revolving around viz., THE
DMZ
ZONE,
CRYPTOGRAPHY, KERBEROS
PALLADIUM IP
Sec
&
AUTHENTICATION
SYSTEM.
Introduction In June 2002, Microsoft released information regarding its new "Palladium" initiative. Palladium is a system that combines software and hardware controls to create a "trusted" computing platform. In doing so, it would establish an unprecedented level of control over users and their computers. Palladium could place Microsoft as the gatekeeper of identification and authentication. Additionally, systems embedded in both software and hardware would control access to content, thereby creating ubiquitous Digital Rights Management schemes that can track users and control use of media. Microsoft expects to have elements of the system in place by 2004. Professor Ross Anderson has written an extensive FAQ on the Palladium system. Seth Schoen of EFF has published a detailed summary of a meeting about Palladium. Known Elements of the Palladium System •
•
4
Email: [email protected]
The system purports to stop viruses by preventing the running of malicious programs. The system will store personal data within an encrypted folder.
Visit: www.geocities.com/chinna_chetan05/forfriends.html •
• •
•
The system will depend on hardware that has either a digital signature or a tracking number. The system will filter spam. The system has a personal information sharing agent called "My Man." The system will incorporate Digital Rights Management technologies for media files of all types (music, documents, e-mail communications). Additionally, the system purports to transmit data within the computer via encrypted paths.
Many questions remain regarding the Palladium system. For instance, is the system even necessary? Many of the known elements are already offered by third parties or could be accomplished through simple means that do not require identification and authentication. For instance, simply avoiding the use of Microsoft's Outlook e-mail software, which in some cases automatically executes attachments, can prevent the running of malicious code and the spread of viruses. Products already exist that can store personal information on encrypted partitions of the user's hard drive. Spam avoidance is served by a number of tools, such as whitelists, blacklists, and filtering, without any requirement of identification or authentication. "Trusted" Computing Means Controlled Computing
5
Email: [email protected]
Architecture and Technical Details
Architecture of NGSCB A complete Microsoft-based Trusted Computing-enabled system will consist not only of software components developed by Microsoft but also of hardware components developed by the Trusted Computing Group. The majority of features introduced by NGSCB are heavily reliant on specialised hardware and so will not operate on contemporary PCs. In current Trusted Computing specifications, there are two hardware components; the Trusted Platform Module (TPM), which will provide secure storage of cryptographic keys and a secure cryptographic co-processor, and a curtained memory feature in the Central Processing Unit (CPU). In NGSCB, there are two software components, the Nexus, a security kernel that is part of the Operating System, and Nexus Computing
Visit: www.geocities.com/chinna_chetan05/forfriends.html Agents (NCAs), trusted modules within NGSCB-enabled applications.
Secure Storage and Attestation At the time of manufacture, a cryptographic key is generated and stored within the TPM. This key is never transmitted to any other component, and the TPM is designed in such a way that it is extremely difficult to retrieve the stored key by reverse engineering or any other method, even to the owner. Applications can pass data encrypted with this key to be decrypted by the TPM, but the TPM will only do so under certain strict conditions. Specifically, decrypted data will only ever be passed to authenticated, trusted applications, and will only ever be stored in curtained memory, making it inaccessible to other applications and the Operating System. Although the TPM can only store a single cryptographic key securely, secure storage of arbitrary data is by extension possible by encrypting the data such that it may only be decrypted using the securely stored key. The TPM is also able to produce a cryptographic signature based on its hidden key. This signature may be verified by the user or by any third party, and so can therefore be used to provide remote attestation that the computer is in a secure state.
Curtained Memory NGSCB also relies on a curtained memory feature provided by the CPU. Data within curtained memory can only be accessed by the application to which it belongs, and not by any other application or the Operating System. The attestation features of the TPM can be used to confirm to a trusted application that it is genuinely running in curtained memory; it is therefore very difficult for anyone, including the owner, to trick a trusted application into running outside of curtained memory. This in turn makes reverse engineering of a trusted application extremely difficult.
Applications NGSCB-enabled applications are to be split into two distinct parts, the NCA, a trusted module with access to a limited Application Programming Interface (API), and an untrusted portion, which has access to the full Windows API. Any code which deals with NGSCB functions must be located within the NCA. The reason for this split is that the Windows API has developed over many years and is as a result extremely complex and difficult to audit for security bugs. To maximise security, trusted code is required to use a smaller, carefully audited API. Where security is not paramount, the full API is available.
Working of palladium:
6
Email: [email protected]
Visit: www.geocities.com/chinna_chetan05/forfriends.html
attack were to get at them, these core Palladium is a new hardware and
software
architecture.
This
architecture will include a new security
system secrets would only be applicable to the data within a single computer and could not be used on other computes.
computing chip and design changes to a computer’s
central
processing
unit
(CPU), chipsets, and peripheral devices,
Protection using palladium:
such as keyboards and printers. It also will enable applications and components of these applications to run in a protected memory space that is highly resistant to tempering and interference. The pc-specific secret coding within palladium makes stolen files useless on other machines as they are physically and cryptographically locked within the hardware of the machine. This means software attacks can’t expose these secrets. Even if a sophisticated hardware Email: [email protected]
7
Palladium prevents identity theft and unauthorized access to personal data on the user’s device while on the internet and on other networks. Transactions and processes are verifiable and reliable through the attestable hardware and software architecture and they cannot be imitated. With palladium, a system’s secrets are locked in the computer and are only revealed on terms that the user has
Visit: www.geocities.com/chinna_chetan05/forfriends.html specified. In addition, the trusted user
of code. Anyone can certify ‘palladium”
interface
and
hardware or software, and it is expected
impersonation. The user controls what is
that many companies and organizations
revealed and can separate categories of
will offer this service. Allowing multiple
data on a single computer into distinct
parties to independently evaluate and
realms. Like a set of vaults, realms
certify “ palladium” capable systems
provide the assurance of separability.
means that users will be able to obtain
With distinct identifiers, policies and
verification
categories of data for each, realms allow
from organizations that they trust. In
a user to have a locked-down work
addition, this will form the basis for a
environment and fully open surfing
strong business incentive to preserve and
environment at the same time, on the
enhance privacy and security. Moreover,
same computer.
palladium allows any number of trusted
prevents
snooping
of the system’s operation
internal or external entities to interact Finally, the “ palladium” architecture will enable a new class of identity
service
providers
that
platform.
can
potentially offer users choices for how their identities are represented in online transactions. These service providers can also ensure that the user is in control of policies for how personal information is revealed to others. In addition, palladium will allow users to employ identity service providers of their own choice. From the perspective of privacy ( and anti-virus protection), one of the key benefits of palladium is the ability for users to effectibely delegate certification Email: [email protected]
8
with a trusted component or trusted
Uses: NGSCB is currently set to be a framework for building Trusted Computing applications. It therefore has a wide range of potential uses, but does not inherently provide any features from the point of view of the user.
Digital Rights Management By utilising the attestation, curtained memory and cryptographic features of the TPM, a secure form of Digital Rights Management (DRM) may be developed; critics charge that although it does not
Visit: www.geocities.com/chinna_chetan05/forfriends.html provide DRM features itself, DRM is nevertheless the primary motivation for the development of NGSCB.
diminishes the enjoyment of those games by legitimate players. Common methods of cheating include:
DRM would be implemented by encrypting DRM-protected files and only making the decryption key available to trusted applications. A wide range of copy-protection and similar features could thereby be implemented, limited only by the imagination. For example, it would be possible to create a file that can only be read on one computer, or within one organisation, or a file that can only be opened for reading three times. While any DRM-protected file could be just as easily copied or read as an unprotected file, it would be impossible to decrypt the file at an unauthorised destination, rendering it useless.
Network Security In corporate and educational networking environments, a desirable feature of NGSCB is the ability of each workstation to securely attest that no unauthorised modifications have been made either to its hardware or software. A workstation that is unable to authenticate itself can then be automatically denied access to some or all network services pending investigation.
Multiplayer Games The attestation and curtained memory features of NGSCB could also potentially be used to prevent most kinds of cheating in multiplayer games. Cheating by various means is currently prevalent in a number of multiplayer games and
9
Email: [email protected]
•
Modification of the game executable or video drivers, e.g. to allow the player to see through walls. This type of cheat can be prevented by using remote attestation to confirm that neither the game executable nor the video driver has been modified.
•
Modification of game network traffic in transit between the client and server, e.g. to augment a player's ability to aim their weapon in a first-person shooter game. This type of cheat can be prevented by encryption of network traffic within curtained memory prior to transmission, and corresponding decryption on the server.
Case study: RESTRUCTURING DATA SECURITY OF JNTU EXAMINATION SYSTEM USING PALLADIUM Existing system: In order to eliminate the leakage of question papers, the Jawaharlal Nehru
Visit: www.geocities.com/chinna_chetan05/forfriends.html technological
⇒
⇒
⇒
university
(J.N.T.U),
Hyderabad, has recently decided to
secure it has certain loopholes like:
implement the system of Electronic
1. As the encrypted question papers are
Distribution
Papers
also available on the Internet there is
(EDEP) – a new method of conducting
every chance of crackers downloading
the examinations.
and trying to decrypt them.
of
Examination
In this system, 4 sets of question papers
2. This method of 4 sets of question
are generated and encrypted into a
papers has been resented by the student
“college-specific” C.D.
and teacher community alike.
The encrypted CD is supplied to the
3. There is every chance of failure or mis-
examination centers about 3 days in
match of the college specific C.D., due to
advance.
the large number of affiliate colleges (as
The question papers in encrypted form
is been observed in some cases).
are also made available on the JNTU
4. Also, in one case, a previous
examination website.
examination
Password to read the CDs is supplied
C.D.
was
mistakenly
decrypted, and the question papers thus
one hour before the commencement of
printed,
examination
principal/chief
examination center.
internet,
Palladium-as a solution (as shown in
superintendent
to
the
through
cell
phone, telephone or Fax. ⇒
Though this system is largely stable and
The principal soon after receipt of
distributed
initially
at
an
figure 2) Palladium
is based on the
password decrypts the original question
concept of trusted space. A closed
papers of that day using the software
sphere of trust binds data or a service,
supplied by JNTU examination branch.
to both a set of users and to a set of
The EDEP employs the method of public
acceptable applications. Due to this an
key cryptography.
unauthorized user cannot access the
1 0
Email: [email protected]
Visit: www.geocities.com/chinna_chetan05/forfriends.html by the “nexus” of the JNTU’s palladium based server. 2. If an unauthorized system (without palladium) forwards a request it is immediately rejected
by
the
server’s
trusted agent. Even if an unauthorized palladium PC tries to access the server its request is rejected. 3. The PC-specific secret coding data or software which is based on a
within palladium makes stolen
server.
files useless on other machines In the revised system the
as they are physically and
encrypted question papers are put up
cryptographically
on the J.N.T.U’s palladium based
within the hardware of the
server and all the affiliate colleges use
server or trusted computer.
college-specific palladium computers. It works as follows: (government
or
programmed)
is
is
private employed
responsible
for
the
college issues a request to the common trusted agent (of JNTU internet.
and This
college) request
via is
granting of access to JNTU
granted and each-particular
examination
question paper pertaining to
server.
It
processes the requests and forwards only those certified
1 1
examinations
palladium computer of the
1. A third party trusted agent
who
4. During
locked
Email: [email protected]
Visit: www.geocities.com/chinna_chetan05/forfriends.html that day is accessed by the
Nevertheless the cumbersome combats
college.
devised against each of the security fissures, yet the cyber MAVERICKS all around the world are succeeding in their ways of perdition. This was quite evident from the E-attacks on BARC server & post-September11th cyber attacks on FBI
ADVANTAGES: As the process of question paper
sites where even sophisticated
down load is highly secure, the
surveillance systems couldn’t come to
chances of leakage are literally nil.
their rescue. A case in point is that, E-
Since
this
method
is
highly
ATTACKS are becoming notoriously
trustworthy a single set question
peerless as compared with the traditional
paper system can be employed.
nuke-wars. Consequently, in the quench
An advanced system of Internet
of thirst for more and more secured
communication can be adopted for a
systems BIOMETRIC SYSTEMS,
broader reach, thus eliminating the
QUANTUM-CRYPTOGRAPHY and
role of C.D.
many more are innovatively being
Since the download of question
implemented at a cumulative pace. If
papers is “request-specific and time
we are not exaggerating, let’s be
bound” there can not be a case of
optimistic of a 100% foolproof, secured
question paper mis-match.
global village in the near future. Doesn’t
Conclusion: The capability of security enabled components still lags behind the claims. Basic security challenges in the corporate realm are not yet completely addressed.
1 2
Email: [email protected]
Forget Newton’s law say “Every Every action has got an equal but opposite reaction”?
Visit: www.geocities.com/chinna_chetan05/forfriends.html REFERENCES:
♦ ♦ ♦
Digit magazine,
Topics- 1 & 2.
Microsoft Press Pass, Topics- 3 & 4.
J.N.T.U website
Case
Study.
1 3
Email: [email protected]
PALLADIUM (NGSCB)
1
Email: [email protected]
Visit: www.geocities.com/chinna_chetan05/forfriends.html
Content: •
Abstract
•
Introduction
Architecture and Technical Details Secure Storage and Attestation Curtained Memory •
Working of palladium
•
Protection using palladium
Uses of palladium Digital Rights Management Network Security Multiplayer Games
•
2
Case study
Email: [email protected]
Visit: www.geocities.com/chinna_chetan05/forfriends.html
o
Re-structing data security of jntu examination system
Existing system
Palladium-as a solution Advantages •
Conclusion
Today the illicit activities of the hackers are growing by leaps and bounds, viz.,
Abstract: “SECURITY”
in
this
contemporary
scenarios has become a more sensible issue either it may be in the “REAL WORLD” or in the “CYBER WORLD”. In the real world as opposed to the cyber world an attack is often preceded by information gathering. Movie gangsters “case the joint”; soldiers “scout the area”. This is also true in the cyber world. Here the “bad guys” are referred to as intruders,
eavesdroppers,
hackers,
hijackers, etc. The intruders would first have a panoramic view of the victim’s network and then start digging the holes.
3
Email: [email protected]
“THE RECENT ATTACK ON THE DNS SERVERS HAS CAUSED A LOT OF HULLABALOO
ALL OVER THE
WORLD”.
However, fortunately, the
antagonists
reacted
promptly
and
resurrected the Internet world from the brink of prostration. Newton’s law says “Every action has got an equal but opposite reaction”.
So is the case with this.
Nevertheless the security breaches and eavesdroppers, the technological prowess has been stupendously developed to defy against each of the assaults. Our paper covers
the
ADVANCED
technical
Visit: www.geocities.com/chinna_chetan05/forfriends.html combats that have been devised all through the way, thus giving birth to the notion of “NETWORK -SECURITY”. Various
antidotes
that
are
in
fact
inextricable with security issues are – Cryptography, Authentication, Integrity and Non Repudiation, Key Distribution and certification, Access control by implementing Firewalls etc. To satiate the flaws in the network security
more
and
more
advanced
security notions are being devised day by day. Our paper covers a wide perspective of such arenas where the contemporary cyber world is revolving around viz., THE
DMZ
ZONE,
CRYPTOGRAPHY, KERBEROS
PALLADIUM IP
Sec
&
AUTHENTICATION
SYSTEM.
Introduction In June 2002, Microsoft released information regarding its new "Palladium" initiative. Palladium is a system that combines software and hardware controls to create a "trusted" computing platform. In doing so, it would establish an unprecedented level of control over users and their computers. Palladium could place Microsoft as the gatekeeper of identification and authentication. Additionally, systems embedded in both software and hardware would control access to content, thereby creating ubiquitous Digital Rights Management schemes that can track users and control use of media. Microsoft expects to have elements of the system in place by 2004. Professor Ross Anderson has written an extensive FAQ on the Palladium system. Seth Schoen of EFF has published a detailed summary of a meeting about Palladium. Known Elements of the Palladium System •
•
4
Email: [email protected]
The system purports to stop viruses by preventing the running of malicious programs. The system will store personal data within an encrypted folder.
Visit: www.geocities.com/chinna_chetan05/forfriends.html •
• •
•
The system will depend on hardware that has either a digital signature or a tracking number. The system will filter spam. The system has a personal information sharing agent called "My Man." The system will incorporate Digital Rights Management technologies for media files of all types (music, documents, e-mail communications). Additionally, the system purports to transmit data within the computer via encrypted paths.
Many questions remain regarding the Palladium system. For instance, is the system even necessary? Many of the known elements are already offered by third parties or could be accomplished through simple means that do not require identification and authentication. For instance, simply avoiding the use of Microsoft's Outlook e-mail software, which in some cases automatically executes attachments, can prevent the running of malicious code and the spread of viruses. Products already exist that can store personal information on encrypted partitions of the user's hard drive. Spam avoidance is served by a number of tools, such as whitelists, blacklists, and filtering, without any requirement of identification or authentication. "Trusted" Computing Means Controlled Computing
5
Email: [email protected]
Architecture and Technical Details
Architecture of NGSCB A complete Microsoft-based Trusted Computing-enabled system will consist not only of software components developed by Microsoft but also of hardware components developed by the Trusted Computing Group. The majority of features introduced by NGSCB are heavily reliant on specialised hardware and so will not operate on contemporary PCs. In current Trusted Computing specifications, there are two hardware components; the Trusted Platform Module (TPM), which will provide secure storage of cryptographic keys and a secure cryptographic co-processor, and a curtained memory feature in the Central Processing Unit (CPU). In NGSCB, there are two software components, the Nexus, a security kernel that is part of the Operating System, and Nexus Computing
Visit: www.geocities.com/chinna_chetan05/forfriends.html Agents (NCAs), trusted modules within NGSCB-enabled applications.
Secure Storage and Attestation At the time of manufacture, a cryptographic key is generated and stored within the TPM. This key is never transmitted to any other component, and the TPM is designed in such a way that it is extremely difficult to retrieve the stored key by reverse engineering or any other method, even to the owner. Applications can pass data encrypted with this key to be decrypted by the TPM, but the TPM will only do so under certain strict conditions. Specifically, decrypted data will only ever be passed to authenticated, trusted applications, and will only ever be stored in curtained memory, making it inaccessible to other applications and the Operating System. Although the TPM can only store a single cryptographic key securely, secure storage of arbitrary data is by extension possible by encrypting the data such that it may only be decrypted using the securely stored key. The TPM is also able to produce a cryptographic signature based on its hidden key. This signature may be verified by the user or by any third party, and so can therefore be used to provide remote attestation that the computer is in a secure state.
Curtained Memory NGSCB also relies on a curtained memory feature provided by the CPU. Data within curtained memory can only be accessed by the application to which it belongs, and not by any other application or the Operating System. The attestation features of the TPM can be used to confirm to a trusted application that it is genuinely running in curtained memory; it is therefore very difficult for anyone, including the owner, to trick a trusted application into running outside of curtained memory. This in turn makes reverse engineering of a trusted application extremely difficult.
Applications NGSCB-enabled applications are to be split into two distinct parts, the NCA, a trusted module with access to a limited Application Programming Interface (API), and an untrusted portion, which has access to the full Windows API. Any code which deals with NGSCB functions must be located within the NCA. The reason for this split is that the Windows API has developed over many years and is as a result extremely complex and difficult to audit for security bugs. To maximise security, trusted code is required to use a smaller, carefully audited API. Where security is not paramount, the full API is available.
Working of palladium:
6
Email: [email protected]
Visit: www.geocities.com/chinna_chetan05/forfriends.html
attack were to get at them, these core Palladium is a new hardware and
software
architecture.
This
architecture will include a new security
system secrets would only be applicable to the data within a single computer and could not be used on other computes.
computing chip and design changes to a computer’s
central
processing
unit
(CPU), chipsets, and peripheral devices,
Protection using palladium:
such as keyboards and printers. It also will enable applications and components of these applications to run in a protected memory space that is highly resistant to tempering and interference. The pc-specific secret coding within palladium makes stolen files useless on other machines as they are physically and cryptographically locked within the hardware of the machine. This means software attacks can’t expose these secrets. Even if a sophisticated hardware Email: [email protected]
7
Palladium prevents identity theft and unauthorized access to personal data on the user’s device while on the internet and on other networks. Transactions and processes are verifiable and reliable through the attestable hardware and software architecture and they cannot be imitated. With palladium, a system’s secrets are locked in the computer and are only revealed on terms that the user has
Visit: www.geocities.com/chinna_chetan05/forfriends.html specified. In addition, the trusted user
of code. Anyone can certify ‘palladium”
interface
and
hardware or software, and it is expected
impersonation. The user controls what is
that many companies and organizations
revealed and can separate categories of
will offer this service. Allowing multiple
data on a single computer into distinct
parties to independently evaluate and
realms. Like a set of vaults, realms
certify “ palladium” capable systems
provide the assurance of separability.
means that users will be able to obtain
With distinct identifiers, policies and
verification
categories of data for each, realms allow
from organizations that they trust. In
a user to have a locked-down work
addition, this will form the basis for a
environment and fully open surfing
strong business incentive to preserve and
environment at the same time, on the
enhance privacy and security. Moreover,
same computer.
palladium allows any number of trusted
prevents
snooping
of the system’s operation
internal or external entities to interact Finally, the “ palladium” architecture will enable a new class of identity
service
providers
that
platform.
can
potentially offer users choices for how their identities are represented in online transactions. These service providers can also ensure that the user is in control of policies for how personal information is revealed to others. In addition, palladium will allow users to employ identity service providers of their own choice. From the perspective of privacy ( and anti-virus protection), one of the key benefits of palladium is the ability for users to effectibely delegate certification Email: [email protected]
8
with a trusted component or trusted
Uses: NGSCB is currently set to be a framework for building Trusted Computing applications. It therefore has a wide range of potential uses, but does not inherently provide any features from the point of view of the user.
Digital Rights Management By utilising the attestation, curtained memory and cryptographic features of the TPM, a secure form of Digital Rights Management (DRM) may be developed; critics charge that although it does not
Visit: www.geocities.com/chinna_chetan05/forfriends.html provide DRM features itself, DRM is nevertheless the primary motivation for the development of NGSCB.
diminishes the enjoyment of those games by legitimate players. Common methods of cheating include:
DRM would be implemented by encrypting DRM-protected files and only making the decryption key available to trusted applications. A wide range of copy-protection and similar features could thereby be implemented, limited only by the imagination. For example, it would be possible to create a file that can only be read on one computer, or within one organisation, or a file that can only be opened for reading three times. While any DRM-protected file could be just as easily copied or read as an unprotected file, it would be impossible to decrypt the file at an unauthorised destination, rendering it useless.
Network Security In corporate and educational networking environments, a desirable feature of NGSCB is the ability of each workstation to securely attest that no unauthorised modifications have been made either to its hardware or software. A workstation that is unable to authenticate itself can then be automatically denied access to some or all network services pending investigation.
Multiplayer Games The attestation and curtained memory features of NGSCB could also potentially be used to prevent most kinds of cheating in multiplayer games. Cheating by various means is currently prevalent in a number of multiplayer games and
9
Email: [email protected]
•
Modification of the game executable or video drivers, e.g. to allow the player to see through walls. This type of cheat can be prevented by using remote attestation to confirm that neither the game executable nor the video driver has been modified.
•
Modification of game network traffic in transit between the client and server, e.g. to augment a player's ability to aim their weapon in a first-person shooter game. This type of cheat can be prevented by encryption of network traffic within curtained memory prior to transmission, and corresponding decryption on the server.
Case study: RESTRUCTURING DATA SECURITY OF JNTU EXAMINATION SYSTEM USING PALLADIUM Existing system: In order to eliminate the leakage of question papers, the Jawaharlal Nehru
Visit: www.geocities.com/chinna_chetan05/forfriends.html technological
⇒
⇒
⇒
university
(J.N.T.U),
Hyderabad, has recently decided to
secure it has certain loopholes like:
implement the system of Electronic
1. As the encrypted question papers are
Distribution
Papers
also available on the Internet there is
(EDEP) – a new method of conducting
every chance of crackers downloading
the examinations.
and trying to decrypt them.
of
Examination
In this system, 4 sets of question papers
2. This method of 4 sets of question
are generated and encrypted into a
papers has been resented by the student
“college-specific” C.D.
and teacher community alike.
The encrypted CD is supplied to the
3. There is every chance of failure or mis-
examination centers about 3 days in
match of the college specific C.D., due to
advance.
the large number of affiliate colleges (as
The question papers in encrypted form
is been observed in some cases).
are also made available on the JNTU
4. Also, in one case, a previous
examination website.
examination
Password to read the CDs is supplied
C.D.
was
mistakenly
decrypted, and the question papers thus
one hour before the commencement of
printed,
examination
principal/chief
examination center.
internet,
Palladium-as a solution (as shown in
superintendent
to
the
through
cell
phone, telephone or Fax. ⇒
Though this system is largely stable and
The principal soon after receipt of
distributed
initially
at
an
figure 2) Palladium
is based on the
password decrypts the original question
concept of trusted space. A closed
papers of that day using the software
sphere of trust binds data or a service,
supplied by JNTU examination branch.
to both a set of users and to a set of
The EDEP employs the method of public
acceptable applications. Due to this an
key cryptography.
unauthorized user cannot access the
1 0
Email: [email protected]
Visit: www.geocities.com/chinna_chetan05/forfriends.html by the “nexus” of the JNTU’s palladium based server. 2. If an unauthorized system (without palladium) forwards a request it is immediately rejected
by
the
server’s
trusted agent. Even if an unauthorized palladium PC tries to access the server its request is rejected. 3. The PC-specific secret coding data or software which is based on a
within palladium makes stolen
server.
files useless on other machines In the revised system the
as they are physically and
encrypted question papers are put up
cryptographically
on the J.N.T.U’s palladium based
within the hardware of the
server and all the affiliate colleges use
server or trusted computer.
college-specific palladium computers. It works as follows: (government
or
programmed)
is
is
private employed
responsible
for
the
college issues a request to the common trusted agent (of JNTU internet.
and This
college) request
via is
granting of access to JNTU
granted and each-particular
examination
question paper pertaining to
server.
It
processes the requests and forwards only those certified
1 1
examinations
palladium computer of the
1. A third party trusted agent
who
4. During
locked
Email: [email protected]
Visit: www.geocities.com/chinna_chetan05/forfriends.html that day is accessed by the
Nevertheless the cumbersome combats
college.
devised against each of the security fissures, yet the cyber MAVERICKS all around the world are succeeding in their ways of perdition. This was quite evident from the E-attacks on BARC server & post-September11th cyber attacks on FBI
ADVANTAGES: As the process of question paper
sites where even sophisticated
down load is highly secure, the
surveillance systems couldn’t come to
chances of leakage are literally nil.
their rescue. A case in point is that, E-
Since
this
method
is
highly
ATTACKS are becoming notoriously
trustworthy a single set question
peerless as compared with the traditional
paper system can be employed.
nuke-wars. Consequently, in the quench
An advanced system of Internet
of thirst for more and more secured
communication can be adopted for a
systems BIOMETRIC SYSTEMS,
broader reach, thus eliminating the
QUANTUM-CRYPTOGRAPHY and
role of C.D.
many more are innovatively being
Since the download of question
implemented at a cumulative pace. If
papers is “request-specific and time
we are not exaggerating, let’s be
bound” there can not be a case of
optimistic of a 100% foolproof, secured
question paper mis-match.
global village in the near future. Doesn’t
Conclusion: The capability of security enabled components still lags behind the claims. Basic security challenges in the corporate realm are not yet completely addressed.
1 2
Email: [email protected]
Forget Newton’s law say “Every Every action has got an equal but opposite reaction”?
Visit: www.geocities.com/chinna_chetan05/forfriends.html REFERENCES:
♦ ♦ ♦
Digit magazine,
Topics- 1 & 2.
Microsoft Press Pass, Topics- 3 & 4.
J.N.T.U website
Case
Study.
1 3
Email: [email protected]
Related Documents
Palladium
June 2020 11
Microsoft Palladium
May 2020 9
Microsoft Palladium
June 2020 4
Palladium Nanop.doc
December 2019 8
High Palladium Alloy
August 2019 9