Posted on 04/21/2003 3:19:08 PM PDT by Eala
SAN FRANCISCO Just three weeks before Microsoft Corp. publicly details plans to create a secure operating mode for Windows PCs, two top cryptographers have raised concerns about Microsoft's approach. Whitfield Diffie, a distinguished engineer at Sun Microsystems Laboratories, said an integrated security scheme for computers is inevitable, but the Microsoft approach is flawed because it fails to give users control over their security keys. Ronald Rivest, an MIT professor and founder of RSA Security, called for a broad public debate about the Microsoft move.
Microsoft first tipped its plans, formerly code-named Palladium, about a year ago. Since then some details have emerged about the concepts for what Microsoft now calls the next-generation secure computing base (NGSCB, pronounced "enscub").
Microsoft has detailed its plans to as many as 30 partners under non-disclosure agreements. The company plans to unveil the full technical details and partnerships behind its plans at the Windows Hardware Engineering Conference in early May.
The Microsoft approach lends itself to market domination, lock out, and not really owning your own computer. That's going to create a fight that dwarfs the debates of the 1990's, said Diffie as part of a broad panel discussion on cryptography at the RSA Conference here Monday (April 14).
To risk sloganeering, I say you need to hold the keys to your own computer, added Diffie to strong applause for the audience of several hundred security specialists.
We should be watching this to make sure there are the proper levels of support we really do want, said Rivest.
The right way to look at this is you are putting a virtual set-top box inside your PC. You are essentially renting out part of your PC to people you may not trust, said Rivest in an interview after the panel.
We need to understand the full implications of this architecture. This stuff may slip quietly on to people's desktops, but I suspect it will be more a case of a lot of debate, he added.
Rivest said some experts have discussed setting up a forum in technical society for such a debate, but he was unaware of any current moves to do that. Likewise Diffie said he was not aware of any specific alternative to NGSCB in the works at Sun.
You want a standard, not competing approaches for something like this, Diffie added.
Sun once considered but rejected the notion of releasing a computer that would not boot without the presence of a cryptographically signed operating system. The process of selling the computer would have been similar to a cryptographic transaction of handing over security keys to the end user.
In Microsoft's NGSCB approach, users would have to consciously evoke a secure operating mode that would be turned off by default. New instructions in the CPU as well as changes in the memory controller would help carve out a protected space in main memory to load a small, secure operating system kernel.
The PC approach also depends on a $5 encryption and flash module that assists authentication and identification functions based on stored keys and hashed values. NGSCB also requires secure channels between a keyboard and main memory and between a display interface and a graphics chip and its frame buffer.
Holding pattern
Microsoft has made no decisions about when it will put the new functionality into Windows while it waits on availability of many of the specially modified components it requires from companies such as Intel and AMD collaborating on the effort. We are running many functions now in emulation, said Stephen Heil, a security evangelist at Microsoft.
Microsoft has also not finalized decisions about how it will license the NGSCB technology and make it open for others to review. Its an important series of decisions we need to make that will have broad importance for NGSCB and Microsoft. We are focusing on that now said Mario Juarez, a group product manager for NGSCB at Microsoft.
We've got a number of different licensing buckets. It's kind of like a Venn diagram, added Heil.
Over the past six months, Microsoft has created a group of at least 100 developers working on NGSCB as part of a broad new security business unit at Microsoft under Mike Nash. An awful lot of what has happened [in the last nine months] is just filling out the team into a fully functioning product group. There's been a lot of work spent hiring, said Juarez.
Microsoft hopes its WinHEC presentations on securityas much as 18 hours of talks over three dayswill end debates about whether the approach will work and begin the task of engaging a broader group of developers on the nuts and bolts of building it out, said Amy Carroll, a group product manager in the new security group.
Unhhh, M$ thinks that only the hardware is yours. Everything else is on a conditional license from M$. Once you understand that, then all else follows.
With a name like Whitfield, how can one not be distinguished?
In any case, the government refuses to be excluded from the comings and goings on our computers and the internet. Just like most MS idiotware that does everything for you whether you want it to or not.... it's for our own good.
Actually, the seeds for the destruction for any large organization are already planted within itself. Sooner or later, Microsoft will do something that will open the door to their competitors.
I use Microsoft products because they meet my needs at a price I am willing to pay, but there is a price I am not willing to pay, at which point I will look for something else.
...or just toss the computer out, and get my life back. :-)
Whitfield Diffie is one of the half dozen or so top cryptographers in the world.
So9
They may not have the option; one of the ultimate requirements of the Palladium system is a "secure" boot process, so the BIOS won't even load a non-conforming, non-signed operating system. Thus, you can't even use another operating system unless it is signed by the central authority, who may have no desire or obligation to do so.
And thanks to DMCA-type laws (supported mostly by Democrats like Hollings, who are in the pockets of the entertainment media, but which have some stupid Republican backers as well), any attempt to create a work-around would be a felony.
Bump for later reading
Nefertiti@-->---
They've already signed on, as has AMD. They were a bit concerned about the signing issue, but feel confident that as long as they control the hardware (and thus the "top-level" authority), that it won't be a problem for them.
Dell already ships Red Hat Linux as an option. So do others. If Microsoft does get Intel to go with a secure BIOS line, Intel will still sell chips with a different BIOS to enable other OS'es
If the laws currently being proposed are allowed to pass (and they have a lot of support), Intel won't have an option to offer an alternative, because only "secure" (i.e., those that incorporate so-called digital rights management) operating systems will be legal. Linux could get approval by submitting itself to the signing authority, but it would no longer be the "free" model (i.e., build whatever / whenever you want) any longer.
Because if they don't other chip makers will fill the need.
AMD has already signed on as well, so the only alternative would be Via (whose x86 core is a full generation behind the competition). And if the legislation passes, it would be illegal to import them in any case. Of course, Intel could just sign a copy of Linux (Red Hat or some other distribution), but that won't really solve the fundamental problem, because Intel won't do so unless that particular build incorporates DRM / similar technologies. When systems like this are fully implemented, the days of having full control of your computer are over. You won't even be able to write code from scratch, since it will never run unless you have signing authority, which the corporations can't give out (even assuming they wanted to do so) without breaking the proposed laws.
The between-the-lines text is that RIAA is going to "lock down" your PC so that you cannot copy CDs, MP3s, etc. MS and Intel must be co-opted to make the scheme work.
Of course you can still capture an audio stream but there will be quality degradation--with some noise possibly deliberately injected. Who knows?
--Boris
Actually everyone calls him Whit. I have met the man myself. Very impressive guy.
It's worse than that. If you don't own the encryption keys, it's not your computer anymore.
Not only will your software expire if you don't pay the rent, all of your documents will be locked up too.
You might have a built-in rootkit that's exploitable by whomever wrote the software.
It would be a marketer's dream come true. Imagine logos, pop-ups, banners all over your screen and you can't turn them off... unless, perhaps, you pay an extra fee.... maybe.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.