[prev in list] [next in list] [prev in thread] [next in thread] 

List:       isn
Subject:    [ISN] TCPA / Palladium Frequently Asked Questions
From:       InfoSec News <isn () c4i ! org>
Date:       2002-06-28 8:30:16
[Download RAW message or body]

http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html

Version 0.1 26 June 2002 

1. What are TCPA and Palladium? 

TCPA stands for the Trusted Computing Platform Alliance (TCPA), an
initiative led by Intel. Their website is here. Their stated goal is
`a new computing platform for the next century that will provide for
improved trust in the PC platform.' Palladium appears to be a
Microsoft version which will be rolled out in future versions of
Windows, will build on TCPA hardware, and will add some extra
features. The Palladium announcement appears to have been provoked by
a paper I presented on the security issues relating to open source and
free software at a conference on Open Source Software Economics in
Toulouse on the 20th June. This paper criticised TCPA as
anticompetitive. This has been amply confirmed by new revelations over
the past few days.


2. What does TCPA / Palladium do, in ordinary English?

Its obvious application is to embed digital rights management (DRM)  
technology in the PC. The less obvious implications include making it
easier for application software vendors to lock in their users.


3. So I won't be able to play MP3s on my PC any more?

With existing MP3s, you may be all right for some time. But in future,
TCPA / Palladium will make it easier to sell music, movies, books and
other content packaged so that people can play them on their PCs but
not copy them. You might be allowed to lend your copy of some digital
music to a friend, but then your own backup copy won't be playable
until your friend gives you the main copy back. Quite possibly you
will not be able to lend music at all. (It looks likely that the music
publisher will be able to make the rules - and to change them at will
by remote control.)


4. How does it work?

TCPA provides for a monitoring component to be mounted in future PCs.  
The likely implementation in the first phase of TCPA is a `Fritz' chip
- a smartcard chip or dongle soldered to the motherboard.

When you boot up your PC, Fritz takes charge. He checks that the boot
ROM is as expected, executes it, measures the state of the machine;  
then checks the first part of the operating system, loads and executes
it, checks the state of the machine; and so on. The trust boundary, of
hardware and software considered to be known and verified, is steadily
expanded. A table is maintained of the hardware (audio card, video
card etc) and the software (O/S, drivers, etc); if there are
significant changes, the machine must be re-certified. The result is a
PC booted into a known state with an approved combination of hardware
and software. Control is then handed over to enforcement software in
the operating system - this is presumably Palladium if your operating
system in Windows.

Once the machine is in this state, Fritz can certify it to third
parties: for example, he will do an authentication protocol with
Disney to prove that his machine is a suitable recipient of `Snow
White'. The Disney server then sends encrypted data, with a key that
Fritz will use to unseal it. Fritz makes the key available only so
long as the environment remains `trustworthy'. For this purpose,
`trustworthy' means that the media player application won't make any
unauthorised copies of content.

[...]



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo@attrition.org with 'unsubscribe isn'
in the BODY of the mail.
[prev in list] [next in list] [prev in thread] [next in thread]