R. A. Hettinga on Sat, 6 Jul 2002 22:09:13 +0200 (CEST)

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

<nettime> Revenge of the WAVEoids: Palladium Clues May Lie In AMD Motherboard Design

Hash: SHA1

I figured this was probably going on, but the following article is my
first confirmation.

WAVE, some of you might remember, was started by a former NatSemi
Chairman back before the internet got popular. It was going to be a
dial-up book-entry-to-the-screen content control system with special
boards and chips patented to down to it's socks. Sort of like 3Com,
I'm sure. First I heard about it was, ironically, in a 1990-ish Peter
Huber article in Forbes, touted as the Next Big Thing. (Convergence,
don'tcha know...) This is same Peter Huber who wrote the Geodesic
Network, which, along with bearer financial cryptography, is a
cornerstone of the way I look at the universe. Paradoxes abound, boys
and girls.

In the meantime, WAVE Systems stock has been listed, then de-listed,
then re-listed, and, God only knows what it is now.

I even got an offer from that Chairman and Grey Eminence of WAVE to
come speak to FC97, if we comped him, of course. As General Chair of
the conference I had to gently let him know that FC was a
peer-reviewed conference, and if his tech people wanted to send a
paper and it got accepted by the Program Committee, (a whole bunch of
top-drawer cryptographers, lawyers, and bankers), they were perfectly
welcome, and, he, like I, could sit in the audience, watch the talks,
and hit the beach in the afternoon with everyone else. Never got
anything back for some reason. :-). We even got the DivX guys
presenting papers that first (and second) year, so content control
was never an issue, though I expect that trade-secret skullduggery
certainly was.

Which makes sense. WAVE's stockholders, called WAVEoids by themselves
and others, are practically millennial in their belief that WAVE will
conquer the world and the company's failure to date is due to a giant
short-seller's conspiracy of some kind. Lots of Secret Sauce there,

If BillG has swallowed this stuff, hook, line, and sinker, as someone
has noted before, then, frankly, he must have access to better drugs
than most of us. It also means that he's grasping at conceptual
straws, economically, and if he persists in following this folly to
the bitter end, his dream of software-kudzu world domination will
finally choke his company once and for all.

So, be careful what you wish for, Bill. On a geodesic network, no
central node can route all the information. Like Gilmore says about
censorship on the same network, any putative top of an internet
pyramid chokes instead, and the network simply routes around it.

The paradox in all of this is that only way that crypto to the screen
is going to work is if the screen is literally *buying* the content
shown on that screen, for cash, in a raw commodity market of some
kind. And, if *that's* really the case, there's no need for IP law in
what amounts to information commodity market in perfect competition,
not a monopolistically competitive market requiring brands, patents,
and copyrights. Finally, such a system cannot use a
book-entry-to-the-device system, because the cheapest cash will be
done without identity at all.

In such a world digital "rights" "management", and content "control"
are contradictions in terms, if not preposterous notions on their


Version: PGP 7.5




Palladium Clues May Lie In AMD Motherboard Design
June 26, 2002
By: Mark Hachman

A two-year-old whitepaper authored by AMD and encryption firm Wave Systems
may offer additional clues to the design of PCs incorporating Palladium,
Microsoft's new security initiative.

Wave, based in Lee, Mass., has partnered with Microsoft rival Sun
Microsystems, Hewlett-Packard, Verisign and RSA Data Systems, among others,
in creating the EMBASSY verification system, originally pitched as a tool
for e-commerce. In August of 2000, Wave and AMD authored a whitepaper on
how the solution could be integrated into a motherboard using AMD's Athlon
microprocessor, which a Wave executive said is now entering field trials

"Wave and AMD are developing a Trusted Client reference platform to enable
trust and security to be delivered to the PC," the whitepaper reads. "By
integrating Wave's EMBASSY Trusted Client system into AMD's Athlon
motherboard reference design, we will deliver a template for building cost
optimized Trusted Client PCs."

The paper is authored by researchers Kevin R. Lefebvre and Bill Chang of
Wave, and Geoffrey Strongin, who is spearheading AMD's Palladium work.
Strongin said Monday that the company had begun work on a Palladium-type
solution before Microsoft approached the company. AMD and Wave announced a
partnership in March 2000.

Wave's board of directors includes George Gilder and Nolan Bushnell, the
founder of Atari.

The whitepaper, forwarded to ExtremeTech by reader and consultant Andreas
W. Kuhn, contains many similarities to Palladium's potential feature set:
the ability to sell multimedia content by the chapter or track, the
possible ability to block spam by accurately verifying the sender and
recipient of a message; increased privacy, and serving as a trusted client.
However, the AMD-Wave whitepaper also postulates the need for multiple
protection schemes, something that Microsoft's limited public statements
have not addressed.

"Furthermore, support needs to be provided for multiple protection schemes,
since there will clearly be several schemes available and content creators
will demand the flexibility to define their own protection requirements,"
the whitepaper says.

In an interview Tuesday morning, John Callahan, vice-president of marketing
for Wave, said Wave had spent over $120 million developing the EMBASSY
system, only to see Microsoft's Palladium system receive all the attention.
"It's tremendously ironic," he said.

The whitepaper can not be considered a roadmap to the design of a
Palladium-enabled PC, although it is one practical solution. The whitepaper
was written at around the time the Trusted Computing Platform Association
(TCPA) was formed in the fall of 2000; both Wave and AMD belong to the
TCPA. And, while Palladium uses some form of CPU-level processing of
security algorithms, the AMD-Wave whitepaper's example seems wholly tied to
an off-chip security processor, the EMBASSY.

"It closely tracks with what's been enunciated (by Microsoft)," Callahan
said. "It's a hardened solution with a software OS As most people in the
industry know, most people said software alone would do the job. We've had
to put up with a lot of slings and arrows."

Wave's EMBedded Application Security System (EMBASSY) is actually an
embedded microprocessor of undisclosed complexity, which contains secure
non-volatile memory, secure I/O, a secure real-time clock, and operating
system. Wave currently sells the chip as part of a "cryptographic service
provider kit," which uses a small client terminal to encrypt data like
email. However, the chip can be sold into a variety of applications.

According to the whitepaper, the reference design allows for the running of
secure boot, TCPA integrity metrics, strong user authentication, and secure
BIOS upgrades. "We will also provide the Wave EMBASSY metering application
to support various commerce models for consumer entertainment content," the
whitepaper adds.

The EMBASSY device remains active throughout the entire boot process,
hanging off the Low-Pin Count (LPC) bus--the replacement for the ISA
bus--and connected to the core logic's south bridge. AMD's Strongin hinted
that AMD would license any necessary intellectual property to other chipset
makers, continuing the chip company's cooperation with other chipset

Block diagram of AMD-Wave motherboard design
click on image for full view

When activated, EMBASSY asks for some identifying information from the
user-whether from a smart card reader, secure keypad, or other biometric
device-which is then transferred securely into the EMBASSY's memory.
Fingerprint readers, a class of biometric devices, have already been easily
defeated, however.

"This configuration allows the EMBASSY Device to be active throughout the
entire bootup process, thus capable of performing a Secure Boot," the
whitepaper reads. "The root of trust within this configuration is the
system BIOS where during the bootup process the BIOS will perform a self
test and pass the trusted EMBASSY OS to the EMBASSY Device. At that time,
the EMBASSY Device will perform the data collection of the system
parameters during bootup and crosscheck the collected information with the
trusted information stored within the EMBASSY Device's secure memory. If
there are any discrepancies found, the system will alert the end user and
appropriate action can be taken."

The chip also works to prevent defeating the chip at the BIOS level. "With
the EMBASSY Device in this configuration, an upgrade of the BIOS requires
the system to go through the EMBASSY Device, allowing the EMBASSY Device to
validate the upgrade process before the BIOS ROM is reflashed," the
whitepaper adds.

According to Callahan, the system is in trials with NEC Computers' Packard
Bell division, which sells PCs in Europe, Asia, and Latin America, but not
in the U.S. A spokeswoman for Packard Bell in the United Kingdom could not
be reached by press time for confirmation.

"The test is just coming on line," Wave's Callahan said.

Microsoft's Palladium: A New Security Initiative
June 25, 2002
By: Mark Hachman and Sebastian RupleyPC Magazine

In a move that seeks to extend Microsoft's newfound company-wide focus on
security to future versions of the Windows operating system and to hardware
products, Microsoft officials are discussing a new initiative, code-named

Palladium involves new security components to be built into Windows, but it
also depends heavily on hardware makers--including Intel and AMD--building
in Palladium functionality to their products. While none of the new
features and products will arrive this year, the effort appears to be a
large-scale push toward a new breed of software- and hardware-driven
security standards.

Mario Juarez is group product manager of the Palladium product team at
Microsoft. Juarez's team falls under the Windows operating system group.
"Palladium is a code name for a set of features for the Windows operating
system," said Juarez. "It involves a new breed of hardware and applications
in tandem with a rearchitecture of the Windows operating system. It's
designed to give people greater security, personal privacy and system

In addition to new core components in Windows that will move the Palladium
effort forward, Microsoft is working with hardware partners to build
Palladium components and features into their products. "The new hardware
architecture involves some changes to CPUs which are significant from a
functional perspective," says Juarez. "There will also be a new piece of
hardware called for by Palladium that you might refer to as a security
chip. It will provide a set of cryptographic functions and keys that are
central to what we're doing. There are also some associated changes under
the chipset, and the graphics and I/O system through the USB port--all
designed to create a comprehensive security environment."

The approach outwardly seems to mimic that of the Trusted Computing
Platform Alliance, whose specification was finalized in January 2001. TCPA
calls for the creation of a "Trusted Platform Module"(TPM), a discrete
cryptographic processor residing on the PC's motherboard that contains a
unique digital signature.

Palladium, on the other hand, uses a PC's microprocessor to run some form
of low-level encryption, and can also use a TPM-like module for additional
encryption, according to Geoffrey Strongin, AMD's platform security

"When you fire the system up," Juarez says, "you'll choose to run this
particular 'secure processing environment' which we call the Trusted
Operating System Root. You might think of this as a micro-kernel that
manages trusted code in a way that's physically isolated from the rest of
the system, so it's inherently impervious to things like viruses."

Via the Trusted Operating System Root, says Juarez, users will be able to
create and deploy secure services through software agents. "You can create
an environment where you determine what information about you gets revealed
to others, such as personal information in an online transaction, or
information about your hardware that needs to be revealed to a network
you're operating with. We're trying to create this in such a way that there
is no architectural limitation on what you can get these agents to do."

Cryptography is key to the effort with the software agents, Juarez says.
"We're looking at the usual suspects there, including current deployments
of public-key cryptography as well as some powerful symmetrical processing
cryptography systems. However, we're going to try to approach cryptography
in a new and powerful way."

Compliant Hardware

If Palladium is built upon a TCPA model, then it's possible that the
specific hardware used within the PC will also be used to identify it, as
Microsoft's Windows Activation regulation already does. "Once the data is
sealed inside the TPM with a storage key, the sealed data can only be
accessed from this hard drive with this platform configuration," reads a
statement on Intel's Web site discussing the TCPA.

According to Juarez, Intel and AMD are among several microprocessor vendors
participating with Microsoft in developing Palladium-aware products. Juarez
says several dozen other companies have been contacted to participate.
National Semiconductor, which was the first company to publicly announce
the manufacture of a TPM, is "fully supporting Palladium from a hardware
perspective," according to a company spokeswoman. She declined to comment
further, citing NDA restrictions with Microsoft.

Members of the Palladium alliance described their efforts as necessary.
"The TCPA's been around for a while; there's been a million press releases,
but no one's really cared about it," said a spokesman for Intel, which
declined to make an executive available to address Palladium questions. For
his part, AMD's Strongin said that his company had independently worked to
extend the TCPA/TPM model before Microsoft approached it.

The biggest single difference between TCPA and Palladium, according to
Strongin, is that in Palladium, "trusted processing" is taking place on the
main CPU. Strongin declined to discuss any details of a redesign, but said
the "differences between what's in microcode and what's not in microcode is
not a terribly important one--it's a behavioral effect."

"There will be new modes and new instructions," Strongin said.
"'Extensions' is a better term." AMD uses a set of instructions called
3DNow! to accelerate 3D and other multimedia functions.

The "Palladium component" will leverage AMD's work on the TPM, Strongin
said. He added that AMD would probably license the component to other
chipset manufacturers. "We also look to the infrastructure (providers) to
provide support for this," Strongin added.

Wave Systems Corp. was involved with both the design of the National
SafeKeeper TPM component and with the Internal Security, Trust and Privacy
Alliance, which released an open, policy-configurable framework in late
May, spearheaded by Carnegie-Mellon University. Representatives of Wave
Systems were unavailable for comment; the ISTPA's director, Kevin O'Neill,
declined to comment on Palladium.

AMD's Strongin said its Palladium component was done entirely in-house, and
the development was "fairly mature". He would not say when the chip would
be brought to market, however. "We'll be there when we're needed to be,"
Strongin said. Microsoft has been sharpening its focus on security all
year. In January of this year, in an internal memo to all Microsoft
employees, Microsoft chairman and chief software architect Bill Gates
called for a sweeping shift in Microsoft's company focus, toward better
security. The contents of the memo were covered by PC Magazine's sister
publication eWeek. In addition to several security-related announcements
made in recent months, Microsoft has also been pushing forward with a
broad-based plan for protecting online identities, although its Passport
technology has raised privacy concerns.

Privacy and Digital-Rights Management

Currently, some of the issues surrounding Palladium--how digital-rights
management will be applied to e-mail and media files, Palladium's apparent
ability to block spam, and the reaction of the public and of PC and
consumer-electronics companies--are simply not known. Executives said
they've tried to factor in all of these concerns in what will undoubtedly
be an intensely sensitive issue.

Privacy is a top concern of the Palladium initiative, AMD's Strongin said.
When Intel tried to place a unique identification string within its Pentium
CPUs, privacy advocates were outraged at the potential ability of a Web
site to discover exactly who was accessing it, rather than getting access
only to a semi-anonymous IP address.

Strongin originally said that the Palladium policy would be opt-out rather
than opt-in, but changed his stance when asked for clarification.

"We're neutral on opt-in or opt-out," he said. "It's very fundamentally
different than when the Pentium processor contained a serial number that
was open and accessible. (In Palladium), when you have things turned on any
ID is cryptographically protected, and is not identifiable to the Web."

But Strongin also said he hoped that security and privacy were not mutually
exclusive. AMD is a member of the ISTPA, he said. "We are extraordinarily
sensitive to privacy issues, and the missteps in this space," he said. "All
that is forewarned and forearmed... When you turn cookies off you have a
lousy Web browsing experience. The key is to have cookies on, have good
privacy and be protected from attacks that exploit cookies."

Additionally, Microsoft has been involved in the TCPA, along with partners
such as Compaq, Hewlett-Packard, Intel and IBM, for several years.
According to the mission statement posted at the TCPA Web site, the
alliance's goal is to "drive and implement TCPA specifications for an
enhanced HW- and OS-based trusted computing platform that implements trust
into client, server, networking, and communication platforms." There are
over 170 member companies in the TCPA, and regular meetings. However,
Microsoft's Juarez is quick to emphasize that Palladium is a much more
forward-looking effort for the company than anything that's gone before,
for Microsoft. "This is not TCPA," says Juarez. "This is a forward looking
thing that's very much designed to meet needs tomorrow, as the world
becomes more interconnected. This initiative won't reach full steam
tomorrow or next year, but Palladium will be built into a future version of
Windows. It's too early to say specifically when that will happen." Juarez
also says Microsoft continues to believe in the goals of the TCPA, and
characterizes Palladium as a complementary effort.

"We think we're raising the bar on security, not lowering the bar on
privacy," AMD's Strongin said.

"Palladium": Microsoft Revisits Digital-Rights Management
June 24, 2002

Microsoft Corp. has apparently revisited the concept of digital-rights
management, leaking a story of a new "Palladium" security initiative to
Newsweek magazine.

The Newsweek article details a three-level array of hardware encryption
within the PC and other devices, tied together by Microsoft-certified
services. As of press time, neither Microsoft nor any software or hardware
developers had officially confirmed the story.

The software, according to Newsweek, promises to: ensure trustworthiness,
apparently through hardware identification; protect information through
hardware encryption; stop viruses, worms, and spam, although exactly how
was not really detailed; safeguard privacy, through a Passport-like system,
called, seriously, "My Man", that would theoretically allow consumers to
release certain specified bits of data about themselves; and a means of
"controlling your information after you send it," a digital-rights
management program that also is not wholly explained.

Palladium is apparently supported by both Advanced Micro Devies Inc. and
Intel Corp., who, according to the magazine, have pledged to make
"components' which will support the initiative. It was not clear whether
the components would be something more than a microprocessor with a unique
identifier, which Intel tried before being shouted down by privacy experts,
or a chipset development program.

"As now envisioned, Palladium will ship "in a future version of Windows."
(Perhaps in the next big revision, due around 2004.)," Newsweek said. "By
then the special security chips will be rolling out of the fabs, and the
computer makers-salivating at an opportunity to sell more boxes-will have
motherboards to accommodate them. There will also be components that
encrypt information as it moves from keyboard to computer (to prevent
someone from wiretapping or altering what you type) and from computer to
screen (to prevent someone from generating a phony output to your monitor
that can trick you into OKing something you hadn't intended to). Only
certain applications will access the part of Windows (nicknamed "the nub")
that performs Palladium's functions with the help of the security
chip-everything else will work exactly the same."

ExtremeTech will have more details as they become available.

Microsoft's Palladium: Security for whom?
June 24, 2002
By: Brett Glass

Software giant Microsoft today leaked the first bits of information about a
comprehensive security scheme called "Palladium" -- named after a statue of
the goddess Athena (also called Pallas) which guarded the gates of the
legendary city of Troy.

According to an MSNBC article penned by veteran computer industry author
Steven Levy, Palladium will involve designing copy protection and digital
rights management directly into the silicon of a new generation of PCs --
much as it was into Microsoft's XBox video game system. But the new scheme
will go several steps farther. Data will be encrypted not only as it moves
from machine to machine, but also as it moves between components of the
machine (e.g. from the video card to the monitor).

The article also mentions provisions for "disappearing" e-mail, which can
no longer be read after a certain date, and agents which, like Microsoft's
current Passport "Wallet," could keep your personal information available
for distribution to third parties. The system is claimed to protect against
viruses and worms via "code signing," used in Microsoft's XBox and also in
its ActiveX controls for Internet Explorer and other products.

While Levy's article doesn't delve into the technical details of the
proposed scheme, a careful reading suggests that Palladium is not so much
about security for computer users as about the security of the income
streams of Microsoft and large content providers. These companies will be
empowered to lock up software and content, making it effectively "self
destruct" unless you pay additional money (either "per view" or by

The article claims that encryption of data as it travels between
peripherals will protect against keyboard sniffers and other snooping
devices. Alas, this is not a strong argument for the scheme, because, as
described in a recent PC Magazine article, it is relatively simple to embed
a keystroke sniffer entirely within a keyboard ahead of the encryption
circuitry. Nor will software sniffers be impossible to produce, unless
Microsoft sees fit to prohibit any and all monitoring, remote control, or
remote administration software -- including its own! -- from being deployed
on the new platform.

While it may not be effective against snooping, end-to-end hardware
encryption is right at the top of media moguls' wish lists. Members of
organizations such as the RIAA and MPAA hope to prevent the creation of any
copy of digital media -- even those which consumers are legally entitled to
make under the doctrine of "fair use" -- by encrypting audio and video
until the very instant they reach your speakers and screen.

The Privacy Question

Palladium, like most digital rights management (DRM) schemes, raises
privacy concerns as well. Microsoft has already made Microsoft Office and
Windows XP stop working if you don't surrender personal information for
inclusion in its massive databases. XP nags consumers to insert still more
private data to Microsoft's Passport system, which has already been shown
to be have serious weaknesses (see Further Reading) and whose "single
sign-on" puts all of your eggs in one basket. (If the account is cracked,
everything in your wallet is exposed.) Windows Media Player, which
implements some of Microsoft's DRM schemes, was shown not long ago to be
keeping a list of titles that users played -- and sending that information
back to Microsoft (see Further Reading). And the system as a whole is under
the control of a company whose business practices, as revealed by evidence
in the recent antitrust case against the software giant, do not inspire
consumer confidence.

The promise of disappearing e-mail also raises the question of whether
Palladium would do good or ill. Who would benefit the most from such a
feature: an ordinary citizen who tracks his correspondence with friends and
family? Or a corporate executive (such as Microsoft's own Bill Gates or Jim
Allchin) who wishes that the sort of paper trail that was revealed in the
Microsoft-DoJ case had somehow conveniently evaporated? How about the
executives at Enron, Qwest, Global Crossing, Waste Management, Rite-Aid,
and other companies that were engaged in market manipulation, or shady
accounting practices?

Another Hurdle for Software Developers

Palladium could also tie the hands of software developers, forcing them to
seek permission from Microsoft before publishing products for the new
computer systems. (Video game manufacturers, including Microsoft itself,
routinely do this.) This could limit consumer choice: Would Microsoft
willingly grant permission for the development of alternative operating
systems (such as OpenBSD, which is generally regarded as far more secure
than Windows) to run on these new machines? Would Microsoft require
developers to sign exclusive contracts, promising that they would not
develop for other platforms, before their code could be "signed" so that it
ran on the new machine?

And would the code signing system really protect against viruses and worms?
Malware often works not by introducing new programs into the system, but by
issuing malicious commands in, or through, existing ones. Microsoft
reported in 2001 that Verisign had been duped, by someone posing as a
Microsoft employee, into issuing keys in Microsoft's name. Such keys could
be used to make a malicious ActiveX control, script, or program appear as
if it had originated from Microsoft. (The scam went unreported for more
than 6 weeks, after which Microsoft posted an advisory warning that it
posed a "grave risk.") The code signing system used in Microsoft's XBox --
though embedded in hardware -- was recently broken by a student tinkering
in his spare time. (See Xbox Security Defeated.)

The ultimate motivation for Microsoft's Palladium, however, could well be
US Senator Fritz Hollings' CBDPTA (formerly the SSSCA) -- a bill, promoted
by the entertainment industry, which would require copy protection to be
built into virtually every product containing a microprocessor. What if the
CBDPTA passed... and Microsoft was, conveniently, the only entity willing
(or, due to patents, able) to produce an operating system that met its
requirements? The announcement of Palladium sets the stage for Microsoft,
which previously opposed the bill, to change its stance, supporting
legislation that would make it illegal for consumers to use products that
did not have built-in digital handcuffs. This, most of all, should be what
concerns consumers about Palladium.

R. A. Hettinga <mailto: rah@ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

#  distributed via <nettime>: no commercial use without permission
#  <nettime> is a moderated mailing list for net criticism,
#  collaborative text filtering and cultural politics of the nets
#  more info: majordomo@bbs.thing.net and "info nettime-l" in the msg body
#  archive: http://www.nettime.org contact: nettime@bbs.thing.net