IP: Bruce Schneier comments on Palladium and the TCPA

[Dave Farber <dave () farber net>]

------ Forwarded Message
From: "Robert J. Berger" <rberger () ibd com>
Date: Fri, 16 Aug 2002 17:24:42 -0700
To: Dave Farber IP <dave () farber net>, Dewayne Hendricks
<dewayne () warpspeed com>
Subject: Bruce Schneier comments on Palladium and the TCPA

Palladium and the TCPA
http://www.counterpane.com/crypto-gram-0208.html#1

There's been more written about Microsoft's Palladium security initiative
than about anything else in computer security in a very long time. My URL
list of comments, analysis, and opinions goes on for quite a while. Which is
interesting, because we really don't know anything about the details of what
it is or how it works. Much of this is based on reading between the lines in
the various news reports, conversations I've had with Microsoft people (none
of them under NDA), and conversations with people who've had conversations.
But since I don't know anything for sure, all of this could be wrong.

Palladium (like chemists, Microsoft calls it "Pd" for short) is Microsoft's
implementation of the TCPA spec, sort of. ("Sort of" depends on who you ask.
Some say it's related. Some say they do similar things, but are unrelated.
Some say that Pd is, in fact, Microsoft's attempt to preempt the TCPA spec.)
TCPA is the Trusted Computing Platform Alliance, an organization with just
under 200 corporate members (an impressive list, actually) trying to build a
trusted computer. The TCPA 1.1 spec has been published, and you can obtain
the 1.2 spec under NDA. Pd doesn't follow the spec exactly, but it's along
those lines, sort of.

Pd has been in development for a long time, since at least 1997. The best
technical description is the summary of a meeting with Microsoft engineers
by Seth Schoen of the EFF (URL below). I'm not going to discuss the details,
because systems with an initial version of Pd aren't going to ship until
2004 -- at least -- andthe details are all likely to change.

Basically, Pd is Microsoft's attempt to build a trusted computer, much as I
discussed the concept in "Secrets and Lies" (pages 127-130); read it for
background). The idea is that different users on the system have limitations
on their abilities, and are walled off from each other. This is impossible
to achieve using only software; and Pd is a combination hardware/software
system. In fact, Pd affects the CPU, the chip set on the motherboard, the
input devices (keyboard, mouse, etc.), and the video output devices
(graphics processor, etc.). Additionally, a new chip is required: a
tamper-resistant secure processor.

Microsoft readily acknowledges that Pd will not be secure against hardware
attacks. They spend some effort making the secure processor annoying to pry
secrets out of, but not a whole lot of effort. They assume that the
tamper-resistance will be defeated. It is their intention to design the
system so that hardware attacks do not result in class breaks: that breaking
one machine doesn't help you break any others.

Pd provides protection against two broad classes of attacks. Automatic
software attacks (viruses, Trojans, network-mounted exploits) are contained
because an exploited flaw in one part of the system can't affect the rest of
the system. And local software-based attacks (e.g., using debuggers to pry
things open) are protected because of the separation between parts of the
system.

There are security features that tie programs and data to CPU and to user,
and encrypt them for privacy. This is probably necessary to make Pd work,
but has a side-effect that I'm sure Microsoft is thrilled with. Like books
and furniture and clothing, the person who currently buys new software can
resell it when he's done with it. People have a right to do this -- it's
called the "First Sale Doctrine" in the United States -- but the software
industry has long claimed that software is not sold, but licensed, and
cannot be transferred. When someone sells a Pd-equipped computer, he is
likely to clear his keys so that his identity can't be used or files can't
be read. This will also serve to erase all the software he purchased. The
end result might be that people won't be able to resell software, even if
they wanted to.

Pd is inexorably tied up with Digital Rights Management. Your computer will
have several partitions, each of which will be able to read and write its
own data. There's nothing in Pd that prevents someone else (MPAA, Disney,
Microsoft, your boss) from setting up a partition on your computer and
putting stuff there that you can't get at. Microsoft has repeatedly said
that they are not going to mandate DRM, or try to control DRM systems, but
clearly Pd was designed with DRM in mind.

There seem to be good privacy controls, over and above what I would have
expected. And Microsoft has claimed that they will make the core code
public, so that it can be reviewed and evaluated. It's about time they
realized that lots of people are willing to do their security work for free.

It's hard to sort out the antitrust implications of Pd. Lots of people have
written about it. Will Microsoft jigger Pd to prevent Linux from running?
They don't dare. Will it take standard Internet protocols and replace them
with Microsoft-proprietary protocols? I don't think so. Will you need a
Pd-enabled device -- the system is meant for both general-purpose computers
and specialized media devices -- in order to view copyrighted content? More
likely. Will Microsoft enforce its Pd patents as strongly as it can? Almost
certainly.

Lots of information about Pd will emanate from Redmond over the next few
years, some of it true and some of it not. Things will change, and then
change again. The final system may not look anything like what we've seen to
date. This is normal, and to be expected, but when you continue to read
about Pd, be sure to keep several things in mind.

1. A "trusted" computer does not mean a computer that is trustworthy. The
DoD's definition of a trusted system is one that can break your security
policy; i.e., a system that you are forced to trust because you have no
choice. Pd will have trusted features; the jury is still out as to whether
or not they are trustworthy.

2. When you think about a secure computer, the first question you should ask
is: "Secure for whom?" Microsoft has said that Pd allows the computer-owner
to prevent others from putting their own secure areas on the computer. But
really, what is the likelihood of that really happening? The NSA will be
able to buy Pd-enabled computers and secure them from all outside influence.
I doubt that you or I could, and still enjoy the richness of the Internet.
Microsoft really doesn't care about what you think; they care about what the
RIAA and the MPAA think. Microsoft can't afford to have the media companies
not make their content available on Microsoft platforms, and they will do
what they can to accommodate them. There's often a large gulf between what
you can get in theory -- which is what Microsoft is stressing in their Pd
discussions -- and what you will be able to have in practice. This is where
the primary danger lies.

3. Like everything else Microsoft produces, Pd will have security holes
large enough to drive a truck through. Lots of them. And the ones that are
in hardware will be much harder to fix. Be sure to separate the Microsoft PR
hype about the promise of Pd from the actual reality of Pd 1.0.

4. Pay attention to the antitrust angle. I guarantee you that Microsoft
believes Pd is a way to extend its market share, not to increase
competition.

There's a lot of good stuff in Pd, and a lot I like about it. There's also a
lot I don't like, and am scared of. My fear is that Pd will lead us down a
road where our computers are no longer our computers, but are instead owned
by a variety of factions and companies all looking for a piece of our
wallet. To the extent that Pd facilitates that reality, it's bad for
society. I don't mind companies selling, renting, or licensing things to me,
but the loss of the power, reach, and flexibility of the computer is too
great a price to pay.

<http://www.theregus.com/content/4/25378.html>
<http://www.msnbc.com/news/770511.asp?cp1=1>
<http://news.com.com/2100-1001-938973.html?tag=cd_mh>
<http://www.eweek.com/article2/0,3959,267488,00.asp>
<http://www.internetweek.com/story/INW20020626S0007>
<http://www.osopinion.com/perl/story/18379.html>
<http://www.infoworld.com/articles/hn/xml/02/06/25/020625hnpalladium.xml>
<http://www.newscientist.com/news/news.jsp?id=ns99992449>
<http://www.washingtonpost.com/wp-dyn/articles/A51780-2002Jun26.html>
<http://www.theregus.com/content/4/25630.html>
<http://www.internetweek.com/story/INW20020626S0007>

Seth Schoen's meeting summary:
<http://vitanuova.loyalty.org/2002-07-03.html>

Opinions:
<http://www.nytimes.com/2002/07/04/business/04SCEN.html>
<http://online.securityfocus.com/columnists/96>
<http://zdnet.com.com/2102-1107-942699.html>
<http://online.securityfocus.com/columnists/93>
<http://zdnet.com.com/2102-1107-939817.html>
<http://www.theregister.co.uk/content/4/25843.html>
<http://www.pbs.org/cringely/pulpit/pulpit20020627.html>

Ross Anderson on TCPA and Palladium:
<http://www.cl.cam.ac.uk/users/rja14/tcpa-faq.html>
<http://www.theregus.com/content/4/25415.html>

TCPA Web site:
<http://www.trustedcomputing.org/tcpaasp4/index.asp>

-- 
Robert J. Berger - Internet Bandwidth Development, LLC.
15550 Wildcat Ridge Saratoga, CA 95070
408-882-4755 Fax: 408-490-2868 rberger () ibd com http://www.ibd.com


------ End of Forwarded Message

For archives see:
http://www.interesting-people.org/archives/interesting-people/