PALLADIUM CRYPTOGRAPHY

1: ABSTRACT
As we tend towards a more and more
computer centric world, the concept of
data security has attained a paramount
importance. Though present day security
systems offer a good level of protection,
they are incapable of providing a trust
worthy environment and are vulnerable
to unexpected attacks. Palladium is a
content protection concept that has
spawned from the belief that the pc, as it
currently stands, is not architecturally
equipped to protect a user forms the
pitfalls and challenges that an allpervasive network such as the Internet
poses. As a drastic change in pc hardware
is not feasible largely due to economic
reasons, palladium hopes to introduce a
minimal change in this front. A paradigm
shift is awaited in this scenario with the
advent of usage of palladium, thus making
content protection a shared concern of
both software and hardware. In the course
of this paper the revolutionary aspects of
palladium are discussed in detail.

2: INTRODUCTION
Cryptography is the method in which a
message or file, called plain text, is taken
and encrypted into cipher text in such a
way that only authorized people know how
to convert it back to plain text. This is
done commonly in four ways:
Secret key cryptography, public key
cryptography,
one
way
function
cryptography and digital signatures.
Unless the encryption technique used is
very complex it is possible, with some
effort, for crackers to decrypt files.
Palladium is the code name for a
revolutionary set of features for the
windows operating system. The code
name of this initiative palladium, is a
moniker drawn from the Greek
mythological goddess of wisdom and
protector of civilized life. Till date most

forms of data security have been software

oriented with little or no hardware
involvement. Palladium can be touted as
the first technology to develop softwarehardware synchronization for better data
security. Hardware changes incorporated
by palladium are reflected in the key
components of the CPU, a motherboard
chip (cryptographic co-processor), input
and output components such as the
graphics processor etc. When combined
with a new breed of hardware and
applications, these features will give
individuals and groups of users greater
data security, personal privacy, and system
integrity. In addition, palladium will offer
enterprise consumers significant new
benefits for network security and content
protection.

3: NEED OF CRYPTOGRAPHY:
Need for security:
Many organizations posses valuable
information they guard closely. As more of
this information is stored in computers the
need of data security becomes increasingly
important. Protecting this information
against unauthorized usage is therefore a
major concern for both operating systems
and users alike.
Threats of data:
From a security perspective computer
systems have 3 general goals with
corresponding threats to them as listed
below:

The first one data confidentiality is

concerned with secret data remaining
secret. More specifically if the owner of
some data has decided that the data should

be available only to certain people and no

others, then the system should guarantee
that release of data to unauthorized people
does not occur. Another aspect of this is
individual privacy.
The second goal, data integrity,
means that unauthorized users should not
be able to modify any data without the
owners permission. Data modification in
this context includes not only changing the
data, but also removing data and adding
false data as well. Thus it is very important
that a system should guarantee that data
deposited in it remains unchanged until the
owner decides to do so.
The third goal, system availability,
means that nobody can disturb the system
to make unstable. It must be able to ensure
that authorized persons have access to the
data and do not suffer form denial of
service. The most classical example of a
threat it this is excessive PINGing of a
web site, in order to slow it down.

4: CORE PRINCIPLES OF THE

PALLADIUM INITIATIVE:
Palladium is not a separate operating
system. It is based in architectural
enhancements to the windows kernel and
to computer hardware, including the CPU,
peripherals and chipsets, to create a new
trusted execution subsystem.
1. Palladium will not eliminate any
features of windows that users have
come to rely on; everything that
runs today will continue to run
with palladium.
2. It is important to note that while
todays applications and devices
will continue to work in
palladium, they will gain little to
no benefit from palladium
environment or new applications
must be written.
3. In addition, palladium does not
change what can be programmed or
run on the computing platform.
Palladium will operate with any

program the user specifies while

maintaining security.

5: ASPECTS OF PALLADIUM
Palladium comprises two key components:
hardware and software.
Hardware components
Engineered for ensuring the protected
execution of applications and processes,
the protected operating environment
provides the following basic mechanisms:
Trusted space (or curtained memory):
This is an execution space is protected
form external software attacks such as a
virus. Trusted space is set up and
maintained by the nexus and has access to
various services provided by palladium,
such as sealed storage. In other words it is
protected R.A.M.
Sealed storage: Sealed storage is an
authenticated mechanism that allows a
program to store secrets that cannot be
retrieved by non-trusted programs such as
a virus or Trojan horse. Information in
sealed storage cant be read by other nontrusted programs (sealed storage cannot be
read by unauthorized secure programs, for
that matter, and cannot be read even if
another operating system is booted or the
disk is carried to another machine.) these
stored secrets can be tied to the machine,
the nexus or the application. Palladium
will also provide mechanisms for the safe
and controlled backup and migration of
secrets to other machines. In other words it
is a secured and encrypted part of the hard
disk. Secure input and output: A secure
path from the keyboard and mouse to
palladium applications and a secure path
from palladium applications to the screen
ensure input-output security.
Attestation: Attestation is a mechanism
that allows the user to reveal selected
characteristics
of
the
operating
environment to external requestors. In
reality it takes the form of an encryption
co-processor. It is entrusted with the job of
encryption and decryption of data to and
from the sealed storage.

These basic mechanisms provide a

platform for building distributed trusted
software.
Software components
The following are the software
components of palladium:
Nexus (a technology formerly referred
to as the trusted operating root (TOR)):
This
component
manages
trust
functionality for palladium user-mode
processes (agents). The nexus executes in
kernel mode in the trusted space. It
provides basic services to trusted agents,
such as the establishment of the process
mechanisms for communicating with
trusted agents and other applications, and
special trust services such as attestation of
requests of requests and the sealing and
unsealing of secrets.
Trusted agents: A trusted agent is a
program, a part of a program, or a service
that runs in user mode in the trusted space.
A trusted agent calls the nexus for security
related services and critical general
services such as memory management. A
trusted agent is able to store secrets using
sealed storage and authenticates itself
using the attestation services of the nexus.
One of the main principles of trusted
agents is that they can be trusted or not
trusted by multiple entities, such as the
user, an IT department, a merchant or a
vendor. Each trusted agent or entity
controls its own sphere of trust and they
need not trust or rely on each other.
Together, the nexus and trusted agents
provide the following features:
Trusted data storage, encryption
services for applications to ensure data
integrity and protection.
Authenticated boot, facilities to enable
hardware and software to authenticate
itself.

6: WORKING OF PALLADIUM
Palladium is a new hardware and software
architecture. This architecture will include
a new security computing chip and design
changes to a computers central processing

unit (CPU), chipsets, and peripheral

devices, such as keyboards and printers. It
also will enable applications and
components of these applications to run in
a protected memory space that is highly
resistant to tempering and interference.
The pc-specific secret coding within
palladium makes stolen files useless on
other machines as they are physically and
cryptographically locked within the
hardware of the machine. This means
software attacks cant expose these secrets.
Even if a sophisticated hardware attack
were to get at them, these core system
secrets would only be applicable to the
data within a single computer and could
not be used on other computers.

7:
PROTECTION
PALLADIUM

USING

Palladium prevents identity theft and

unauthorized access to personal data on
the users device while on the internet and
on other networks. Transactions and
processes are verifiable and reliable
through the attestable hardware and
software architecture and they cannot be
imitated. With palladium, a systems
secrets are locked in the computer and are
only revealed on terms that the user has
specified. In addition, the trusted user
interface
prevents
snooping
and
impersonation. The user controls what is
revealed and can separate categories of
data on a single computer into distinct
realms. Like a set of vaults, realms provide
the assurance of separability. With distinct
identifiers, policies and categories of data
for each, realms allow a user to have a
locked-down work environment and fully
open surfing environment at the same
time, on the same computer.
Finally, the palladium architecture will
enable a new class of identity service
providers that can potentially offer users
choices for how their identities are
represented in online transactions. These
service providers can also ensure that the
user is in control of policies for how
personal information is revealed to others.

In addition, palladium will allow users to

employ identity service providers of their
own choice. From the perspective of
privacy ( and anti-virus protection), one of
the key benefits of palladium is the ability
for users to effectibely delegate
certification of code.
Anyone can certify palladium hardware
or software, and it is expected that many
companies and organizations will offer this
service. Allowing multiple parties to
independently evaluate and certify
palladium capable systems means that
users will be able to obtain verification of
the systems operation from organizations
that they trust. In addition, this will form
the basis for a strong business incentive to
preserve and enhance privacy and security.
Moreover, palladium allows any number
of trusted internal or external entities to
interact with a trusted component or
trusted platform.

8: SHORTCOMINGS AND PIT

FALLS OF PALLADIUM
Though palladium can provide a higher
degree of much needed data security it is
not without its share of problems like:
1. Software and applications have to be
rewritten to synchronize with palladium or
new applications must be written.
2. Changes are to be made to the existing
computer hardware to support palladium.
3. It would be a long time before this
technology became common place.

9: CONCLUSION
Today, it managers face tremendous
challenges due to the inherent openness of
end-user machines, and millions of people
simply avoid some online transactions out
of fear. However, with the usage of
palladium systems, trustworthy, secure
interactions will become possible. This
technology will provide tougher security
defenses and more abundant privacy
benefits than ever before. With palladium,
users will have unparalleled power over
system integrity, personal privacy and data

security. Thus it wouldnt be exaggeration

to say that palladium is all to secure the
computing world in ways unimaginable.

10. REFERENCES:

Modern Operating Systems by

Andrew. S. Tanenbaum.
Digit magazine.
Microsoft Press Pass.
J.N.T.U website.