TCPA and Palladium Are the Benefits of the Hardware Changes Enough to Justify an Upgrade? Omar Bakr, Hareesh Nair, Aman Narang, Tony Scelfo Department of Electrical Engineering and Computer Science Massachusetts Institute of Technology, Cambridge, MA December 11, 2002 MIT Course 6.805 Prof. Hal AbelsonABSTRACT TCPA and Palladium, two proposed hardware changes to the x86 architecture, hope to solve a number of current security issues on the open net. In this paper, we take a look at six hot security issues and determine what TCPA and Palladium add. If the hardware enhancement makes a significant step in solving a specific security concern, we consider the practical concerns of switching to a new hardware architecture and if the upgrade is worth the added security. We find that in most cases, there is not a significant increase in security to justify the process of upgrading to new hardware. 2TABLE OF CONTENTS ABSTRACT....................................................................................................................... 2 TABLE OF CONTENTS ................................................................................................. 3 INTRODUCTION............................................................................................................. 6 1 TRUSTED COMPUTING ..................................................................................... 10 1.1 What is Trusted Computing? ........................................................................ 10 1. Platform Authentication and Attestation: ............................................................. 10 2. Platform Integrity Reporting:................................................................................ 10 3. Protected Storage:................................................................................................. 10 1.2 TCPA and Palladium Architectures ............................................................. 10 TCPA........................................................................................................................ 10 -Authenticated boot:........................................................................................... 11 -Sealed Storage .................................................................................................... 11 Palladium ................................................................................................................. 13 -Trusted Mode vs. Standard Mode (right hand side vs. left hand side)......... 13 -The Nexus:.......................................................................................................... 14 -Curtained Memory:........................................................................................... 15 -Sealed Storage:................................................................................................... 15 -Secure IO:........................................................................................................... 16 2 MALICIOUS CODE .............................................................................................. 17 2.1 Threat Model................................................................................................... 17 2.2 How the Problem is Addressed Today .......................................................... 18 2.2.1 Signatures.................................................................................................. 18 2.2.2 Sandboxing ............................................................................................... 19 2.2.3 Bounded Memory ..................................................................................... 19 2.2.4 Type Checking .............................................................................................. 19 2.3 How Palladium and TCPA can Help ............................................................ 20 2.3.1 Sealed Key Storage ................................................................................... 20 2.3.2 Curtained Memory .................................................................................... 20 2.3.3 Code Signing............................................................................................. 21 2.4 Problems that Still Exist................................................................................. 21 2.4.1 Preventing Data from Being Erased ......................................................... 21 2.4.2 Need for Trusted Third Party .................................................................... 22 2.4.3 Weakness of Limitations........................................................................... 22 2.5 Is the New Architecture Practical? ............................................................... 22 3 STOLEN HARDWARE ......................................................................................... 23 3.1 Threat Model................................................................................................... 23 3.2 How the Problem is Addressed Today .......................................................... 25 3.2.1 Password Encryption ................................................................................ 25 3.2.2 Remote Key Storage ................................................................................. 25 3.3 How Palladium and TCPA can Help ............................................................ 25 3.3.1 Sealed Key Storage ................................................................................... 25 3.3.2 Application Security ................................................................................. 26 3.3.3 Attestation ................................................................................................. 26 3.4 Problems that Still Exist................................................................................. 26 33.4.1 Computers can Still be Stolen................................................................... 26 3.5 Is the New Architecture Practical? ............................................................... 27 4 E-MAIL AUTHENTICATION ............................................................................. 27 4.1 Threat Model................................................................................................... 27 4.2 How the Problem is Addressed Today .......................................................... 28 4.2.1
View Full Document