An attack on paypal --> secure UI for browsers

[Nomen Nescio]

Joe Ashwood writes:
> From: "Anonymous" <nobody_at_cryptofortress.com> 
> > You clearly know virtually nothing about Palladium. 

> I still stand by, "Arbitrarily trusting anyone to write a secure program 
> simply doesn't work" regardless of how many times MS says "trust us" any 
> substantially educated person should as well be prepared to either trust a 
> preponderance of evidence, or perform their own examination, neither of 
> these options is available.

Apparently you neglected to read
http://www.microsoft.com/resources/ngscb/NGSCB_Overview.mspx, where
Microsoft says (as they have repeated many times) "Customers and partners
need reliable ways to ensure the quality of technology that addresses
the critical needs met by NGSCB. That's why Microsoft will make available
for public review the source code of the core piece of enabling software
in NGSCB, called the 'nexus,' so it can be evaluated and validated by
third parties for both security and privacy considerations."

Therefore some educated person (obviously not you, at least not yet)
will in fact be able to perform their own examination of the trusted part
of the OS, since it will have its source code published for exactly this
sort of review.


> The information available does not cover the 
> technical information, in fact their "Technical FAQ" about it actually has 
> the following: 
>
> "Q: Does this technology require an online connection to be used? 
>
> A: No. " 
>
> That is just sooooo enlightening, and is about as far from a useful answer 
> as possible. 

Very few of the Technical FAQ answers are so brief.  In this case, it is
a stupid question and deserves a trivial answer.  The only reason it is
in there is because of the lies spread by Lucky Green and Ross Anderson,
all about how Palladium will connect to a central server and refuse to
let you work with your own documents, or delete files that Microsoft or
the U.S. Government don't like.


> > NCAs do not have 
> > "complete access to private information".  Quite the opposite.  Rather, 
> > NCAs have the power to protect private information such that no other 
> > software on the machine can access it.  They do so by using the Palladium 
> > software and hardware to encrypt the private data.  The encryption is 
> > done in such a way that it is "sealed" to the particular NCA, and no other 
> > software is allowed to use the Palladium crypto hardware to decrypt it. 
>
> This applies only under the condition that the software in Palladium is 
> perfectly secure. Again I point to the issues with ActiveX, where a wide 
> variety of hoels have been found, I point to the newest MS operating system 
> which has it even been out a month yet? and already has a security patch 
> available, in spite of their "secure by default" process. Again I don't 
> believe this is because MS is inherently bad, it is because writing secure 
> programs is extremely difficult, MS just has the most feature bloat so they 
> have the most problems.

Microsoft's legacy software is all extremely complex.  Palladium is
taking a different approach, aiming at simplicity and transparency.
The Nexus, which is the micro-kernel for the trusted components (NCAs),
will be published for review.  Its tasks are relatively few and well
defined, nothing like the massive Windows OS.  That is what Microsoft has
gained by architecting Palladium as they did, with the new "trusted"
CPU mode, which allows side-by-side operating systems to run.  On the
left hand side (LHS) we find the legacy Windows OS and applications.
On the right hand side (RHS) we find the Nexus acting as the OS, and
the NCAs acting as the applications.

The brilliance of Palladium is that the LHS can't touch the RHS,
because of hardware protection.  At one stroke, the new trusted mode is
insulated from bugs in the Windows OS, device drivers and applications.
It in effect allows the designers to start with a clean piece of paper
and produce a simple micro-kernel (the Nexus) whose only job is to
service the NCAs.  This is a manageable task and, in conjunction with
public review, there is good reason to hope and expect that the Nexus
will be secure.  If so then NCAs will indeed run in a mode where they
are protected from other software components (including other NCAs).


> If the Palladium software is actually secure 
> (unlikely), then there is the issue of how the (foolishly trusted) NCAs are 
> determined to be the same, this is an easy problem to solve if no one ever 
> added features, but a hard one to solve where the program evolves, once MS 
> shows the solution for this, I will point to the same information and show 
> you a security hole. 

Read the documents!  Actually you claim you already read them, but
obviously you are lying or you would know that this question has been
answered.  I wrote a long posting about this last month explaining how
it worked.  The mechanism is called a Manifest and is described in section
9 of http://www.microsoft.com/resources/ngscb/documents/ngscb_tcb.doc.
You can either use a hash of the NCA (which would not allow the NCA to be
updated) or you can use a signing key, where NCAs signed by the same key
would effectively share the same identity.  The Manifest can also limit
which other components are used by the NCA.  It's a very flexible system.

As far as the NCAs being "foolishly trusted", all they are trusted to
do is to run without being molested.  That's not exactly giving them the
keys to the kingdom.  And see above for the reasons why it is reasonable
to believe that they can in fact be trusted to run with this degree
of security.


> > In the proposed usage, an NCA associated with an ecommerce site would seal 
> > the data which is used by the user to authenticate to the remote site. 
>
> After running unattended on your computer, a <sarcasm>brilliant</sarcasm> 
> idea, hasn't anyone learned? 
>
> > The authentication data doesn't actually have to be a certificate with 
> > associated key, but that would be one possibility.  Only NCAs signed by 
> > that ecommerce site's key would be able to unseal and access the user's 
> > authentication credentials.  This prevents rogue software from stealing 
> > them and impersonating the user. 
>
> Not in the slightest, a single compromise of a single ecommerce site 
> (remember they're "trusted") will remove all this pretend security. Let's 
> use a particularly popular example on here right now www.e-go1d.com, they 
> could easily apply to be an ecommerce site, they collect money, they offer a 
> service, clearly they are an ecommerce site. Are you really gullible enough 
> to believe that they won't do everything in their power to exploit the data 
> transfer problem above, as well as any other holes in Palladium? I should 
> hope not. 

In my proposal, each ecommerce site would have its own unique NCA with
its own unique identity.  As anyone who has studied NGSCB (except you)
knows, NCAs are protected from each other as well as from the rest of
the system.  Therefore rogue or compromised sites would not be able to
touch the information that was being held for other sites.  e-go1d.com
would not be able to get at the information associated with e-gold.com.
Your proposed attack does not work.


> > Seriously, have you read any 
> > of the documents linked from http://www.microsoft.com/resources/ngscb/? 
>
> Yes I have, in fact at this point I think it is safe to say that you have 
> not, or you didn't understand the implications of the small amount of 
> information it actually contains. 

Your comments above make it clear that you are not at all acquainted
with the material in those documents.  If you're going to pretend to
be a security expert (remember when you advocated ECB mode for the XML
encryption effort?!!), you could do worse than spending a few hours
studying these documents closely.  It's very likely that NGSCB will
be a central technology for security in the next two to ten years or
even longer.  This is undoubtedly an area where security consulting
could be lucrative.  Sadly, even "experts" of your caliber can probably
be very successful in this area.  But you'll have to do your homework.