Next-Generation Secure Computing Base
Encyclopedia
The Next-Generation Secure Computing Base (NGSCB), formerly known as Palladium, is a software architecture designed by Microsoft
Microsoft
Microsoft Corporation is an American public multinational corporation headquartered in Redmond, Washington, USA that develops, manufactures, licenses, and supports a wide range of products and services predominantly related to computing through its various product divisions...

 which is expected to implement parts of the controversial "Trusted Computing
Trusted Computing
Trusted Computing is a technology developed and promoted by the Trusted Computing Group. The term is taken from the field of trusted systems and has a specialized meaning. With Trusted Computing, the computer will consistently behave in expected ways, and those behaviors will be enforced by...

" concept on future versions of the Microsoft Windows
Microsoft Windows
Microsoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal...

 operating system
Operating system
An operating system is a set of programs that manage computer hardware resources and provide common services for application software. The operating system is the most important type of system software in a computer system...

. NGSCB is part of Microsoft's Trustworthy Computing
Trustworthy Computing
The term Trustworthy Computing has been applied to computing systems that are inherently secure, available, and reliable. The Committee on Information Systems Trustworthiness’ publication, Trust in Cyberspace, defines such a system as one which...

 initiative. Microsoft's stated aim for NGSCB is to increase the security and privacy of computer users, but critics assert that the technology will not only fail to solve the majority of contemporary IT security problems, but also result in an increase in vendor lock-in
Vendor lock-in
In economics, vendor lock-in, also known as proprietary lock-in or customer lock-in, makes a customer dependent on a vendor for products and services, unable to use another vendor without substantial switching costs...

 and thus a reduction in competition in the IT marketplace.

NGSCB relies on hardware technology designed by members of the Trusted Computing Group
Trusted Computing Group
The Trusted Computing Group , successor to the Trusted Computing Platform Alliance , is an initiative started by AMD, Hewlett-Packard, IBM, Intel, and Microsoft to implement Trusted Computing...

 (TCG), which provides a number of security-related features, including fast random number generation
Random number generation
A random number generator ) is a computational or physical device designed to generate a sequence of numbers or symbols that lack any pattern, i.e. appear random....

, a secure cryptographic co-processor, and the ability to hold cryptographic keys in a manner that should make them impossible to retrieve, even to the machine's owner. It is this latter ability that makes remote attestation of the hardware and software configuration of an NGSCB-enabled computer possible, and to which the opponents of the scheme chiefly object. Several computer manufacturers are selling computers with the Trusted Platform Module
Trusted Platform Module
In computing, Trusted Platform Module is both the name of a published specification detailing a secure cryptoprocessor that can store cryptographic keys that protect information, as well as the general name of implementations of that specification, often called the "TPM chip" or "TPM Security...

 chip, notably IBM
IBM
International Business Machines Corporation or IBM is an American multinational technology and consulting corporation headquartered in Armonk, New York, United States. IBM manufactures and sells computer hardware and software, and it offers infrastructure, hosting and consulting services in areas...

/Lenovo ThinkPad
ThinkPad
ThinkPad is line of laptop computers originally sold by IBM but now produced by Lenovo. They are known for their boxy black design, which was modeled after a traditional Japanese lunchbox...

s and the Dell OptiPlex GX620
Dell OptiPlex
Dell, Inc. targets its OptiPlex line of desktop computers for sale into the corporate, government and education markets. These systems typically contain Intel CPUs, beginning with the Pentium and with the Core i7 , although Dell sells some models with AMD CPUs as well...

.

Microsoft has not published any materials regarding NGSCB on their MSDN site since March 2004, and none of the principal features described in the existing NGSCB materials have appeared in the two major versions of Windows since 2004 (Windows Vista and Windows 7).

Architecture and technical details

A complete Microsoft-based Trusted Computing-enabled system will consist not only of software components developed by Microsoft but also of hardware components developed by the Trusted Computing Group. The majority of features introduced by NGSCB are heavily reliant on specialized hardware and so will not operate on PCs predating 2004.

In current Trusted Computing specifications, there are two hardware components; the Trusted Platform Module
Trusted Platform Module
In computing, Trusted Platform Module is both the name of a published specification detailing a secure cryptoprocessor that can store cryptographic keys that protect information, as well as the general name of implementations of that specification, often called the "TPM chip" or "TPM Security...

 (TPM), which will provide secure storage of cryptographic keys and a secure cryptographic co-processor, and a curtained memory feature in the Central Processing Unit
Central processing unit
The central processing unit is the portion of a computer system that carries out the instructions of a computer program, to perform the basic arithmetical, logical, and input/output operations of the system. The CPU plays a role somewhat analogous to the brain in the computer. The term has been in...

 (CPU). In NGSCB, there are two software components, the Nexus, a security kernel that is part of the Operating System which provides a secure environment (Nexus mode) for trusted code to run in, and Nexus Computing Agents (NCAs), trusted modules which run in Nexus mode within NGSCB-enabled applications.

Secure storage and attestation

At the time of manufacture, a cryptographic key is generated and stored within the TPM. This key is never transmitted to any other component, and the TPM is designed in such a way that it is extremely difficult to retrieve the stored key by reverse engineering or any other method, even to the owner. Applications can pass data encrypted with this key to be decrypted by the TPM, but the TPM will only do so under certain strict conditions. Specifically, decrypted data will only ever be passed to authenticated, trusted applications, and will only ever be stored in curtained memory, making it inaccessible to other applications and the Operating System. Although the TPM can only store a single cryptographic key securely, secure storage of arbitrary data is by extension possible by encrypting the data such that it may only be decrypted using the securely stored key.

The TPM is also able to produce a cryptographic signature based on its hidden key. This signature may be verified by the user or by any third party, and so can therefore be used to provide remote attestation that the computer is in a secure state.

Curtained memory

NGSCB also relies on a curtained memory feature provided by the CPU. Data within curtained memory can only be accessed by the application to which it belongs, and not by any other application or the Operating System. The attestation features of the TPM can be used to confirm to a trusted application that it is genuinely running in curtained memory; it is therefore very difficult for anyone, including the owner, to trick a trusted application into running outside of curtained memory. This in turn makes reverse engineering of a trusted application extremely difficult.

Applications

NGSCB-enabled applications are to be split into two distinct parts, the NCA, a trusted module with access to a limited Application Programming Interface
Application programming interface
An application programming interface is a source code based specification intended to be used as an interface by software components to communicate with each other...

 (API), and an untrusted portion, which has access to the full Windows API. Any code which deals with NGSCB functions must be located within the NCA.

The reason for this split is that the Windows API
Windows API
The Windows API, informally WinAPI, is Microsoft's core set of application programming interfaces available in the Microsoft Windows operating systems. It was formerly called the Win32 API; however, the name "Windows API" more accurately reflects its roots in 16-bit Windows and its support on...

 has developed over many years and is as a result extremely complex and difficult to audit for security bugs. To maximise security, trusted code is required to use a smaller, carefully audited API. Where security is not paramount, the full API is available.

Uses

NGSCB is meant as an implementation of Trusted Computing, its potential uses are therefore similar. Proponents claim that TC will make computers safer, less prone to viruses and malware, and thus more reliable from an end-user perspective. In addition, they also claim that Trusted Computing will allow computers and servers to offer improved computer security over that which is currently available.

Digital Rights Management

By utilizing the attestation, curtained memory and cryptographic features of the TPM, a secure form of Digital Rights Management
Digital rights management
Digital rights management is a class of access control technologies that are used by hardware manufacturers, publishers, copyright holders and individuals with the intent to limit the use of digital content and devices after sale. DRM is any technology that inhibits uses of digital content that...

 (DRM) may be developed; critics charge that although it does not provide DRM features itself, DRM is nevertheless the primary motivation for the development of NGSCB.

DRM would be implemented by encrypting DRM-protected files and only making the decryption key available to corporate trusted applications. A wide range of copy-protection and similar features could thereby be implemented, limited only by the imagination. For example, it would be possible to create a file that can only be read on one computer, or within one organization, or a file that can only be opened for reading three times. While any DRM-protected file could be just as easily copied or read as an unprotected file, it would be extremely difficult to decrypt the file at an unauthorized destination, rendering it useless.

Network access

In corporate and educational networking environments, a desirable feature of NGSCB is the ability of each workstation to securely attest that no unauthorized modifications have been made either to its hardware or software. A workstation that is unable to authenticate itself can then be automatically denied access to some or all network services at will.

Owner Override

Critics have proposed 'Owner Override' as a potential solution to these problems. In such a system, the key stored by the TPM would still be inaccessible. However, a secure method for the owner to identify themselves would be provided, and through this method the owner would be able to force the TPM to make a false attestation or decrypt data for an application that would not otherwise be allowed access to that data. This feature would ensure that owners continue to have ultimate control over their computers and software and data stored on them, although it would also make Trusted Computing useless for purposes such as DRM
Digital rights management
Digital rights management is a class of access control technologies that are used by hardware manufacturers, publishers, copyright holders and individuals with the intent to limit the use of digital content and devices after sale. DRM is any technology that inhibits uses of digital content that...

. Trusted Computing would still have some uses in preventing misuse by anyone other than the owner, for example in a business or educational environment where computing facilities are made available by an employer or school for use by an employee or student.

Criticism

NGSCB and Trusted Computing can be used to intentionally and arbitrarily lock certain users out from use of certain files, products and services, for example to lock out users of a competing product, potentially leading to severe vendor lock-in
Vendor lock-in
In economics, vendor lock-in, also known as proprietary lock-in or customer lock-in, makes a customer dependent on a vendor for products and services, unable to use another vendor without substantial switching costs...

. This is analogous to a contemporary problem in which many businesses feel compelled to purchase and use Microsoft Word in order to be compatible with associates who use that software. Today this problem is partially solved by products such as OpenOffice.org
OpenOffice.org
OpenOffice.org, commonly known as OOo or OpenOffice, is an open-source application suite whose main components are for word processing, spreadsheets, presentations, graphics, and databases. OpenOffice is available for a number of different computer operating systems, is distributed as free software...

 which provide limited compatibility with Microsoft Office file format
File format
A file format is a particular way that information is encoded for storage in a computer file.Since a disk drive, or indeed any computer storage, can store only bits, the computer must have some way of converting information to 0s and 1s and vice-versa. There are different kinds of formats for...

s. Under NGSCB, if Microsoft Word were to encrypt documents it produced, no other application would be able to decrypt them, regardless of its ability to read the underlying file format.

NGSCB and Trusted Computing are ineffectual at solving the majority of contemporary security problems, for example computer virus
Computer virus
A computer virus is a computer program that can replicate itself and spread from one computer to another. The term "virus" is also commonly but erroneously used to refer to other types of malware, including but not limited to adware and spyware programs that do not have the reproductive ability...

es and trojan
Trojan horse (computing)
A Trojan horse, or Trojan, is software that appears to perform a desirable function for the user prior to run or install, but steals information or harms the system. The term is derived from the Trojan Horse story in Greek mythology.-Malware:A destructive program that masquerades as a benign...

s. Despite this fact, Microsoft has in the past claimed that NGSCB was necessary to combat the threat of future virus outbreaks against Microsoft Windows users. Microsoft is no longer making claims that NGSCB will solve these virus problems.

Bruce Schneier
Bruce Schneier
Bruce Schneier is an American cryptographer, computer security specialist, and writer. He is the author of several books on general security topics, computer security and cryptography, and is the founder and chief technology officer of BT Managed Security Solutions, formerly Counterpane Internet...

 in his Crypto-Gram Newsletter wrote
"There's a lot of good stuff in Pd, and a lot I like about it. There's also a lot I don't like, and am scared of. My fear is that Pd will lead us down a road where our computers are no longer our computers, but are instead owned by a variety of factions and companies all looking for a piece of our wallet. To the extent that Pd facilitates that reality, it's bad for society. I don't mind companies selling, renting, or licensing things to me, but the loss of the power, reach, and flexibility of the computer is too great a price to pay."

Availability

When originally announced, NGSCB was expected to be part of the then next major version of the Windows Operating System, Windows Vista
Windows Vista
Windows Vista is an operating system released in several variations developed by Microsoft for use on personal computers, including home and business desktops, laptops, tablet PCs, and media center PCs...

 (then known as Longhorn). However, in May 2004, Microsoft was reported to have shelved the NGSCB project. This was quickly denied by Microsoft who released a press release stating that they were instead "revisiting" their plans. The majority of features of NGSCB are now not expected to be available until well after the release of Windows Vista. However, Vista includes "BitLocker
BitLocker Drive Encryption
BitLocker Drive Encryption is a full disk encryption feature included with the Ultimate and Enterprise editions of Microsoft's Windows Vista and Windows 7 desktop operating systems, as well as the Windows Server 2008 and Windows Server 2008 R2 server platforms. It is designed to protect data by...

", which can make use of a Trusted Platform Module
Trusted Platform Module
In computing, Trusted Platform Module is both the name of a published specification detailing a secure cryptoprocessor that can store cryptographic keys that protect information, as well as the general name of implementations of that specification, often called the "TPM chip" or "TPM Security...

 chip to facilitate secure startup and full-drive encryption. TPMs are already integrated in many systems using Intel's Core 2 Duo processors or AMD's Athlon 64
Athlon 64
The Athlon 64 is an eighth-generation, AMD64-architecture microprocessor produced by AMD, released on September 23, 2003. It is the third processor to bear the name Athlon, and the immediate successor to the Athlon XP...

 processors using the AM2 socket
Socket AM2
The Socket AM2, renamed from Socket M2 , is a CPU socket designed by AMD for desktop processors, including the performance, mainstream and value segments...

.

History of the Name

Microsoft originally publicized the NGSCB technology under the code name
Code name
A code name or cryptonym is a word or name used clandestinely to refer to another name or word. Code names are often used for military purposes, or in espionage...

 Palladium
Palladium (mythology)
In Greek and Roman mythology, a palladium or palladion was an image of great antiquity on which the safety of a city was said to depend. "Palladium" especially signified the wooden statue of Pallas Athena that Odysseus and Diomedes stole from the citadel of Troy and which was later taken to the...

, which was the word for a mythical talisman that guaranteed the security of Troy. Its working title was "Next-Generation Secure Computing Base," much as .NET
.NET Framework
The .NET Framework is a software framework that runs primarily on Microsoft Windows. It includes a large library and supports several programming languages which allows language interoperability...

's working title was "Next-Generation Windows Services." In early 2006, Microsoft renamed the NGSCB team at Microsoft to the System Integrity Team.

External links

The source of this article is wikipedia, the free encyclopedia.  The text of this article is licensed under the GFDL.
 
x
OK