Next Generation Secure Computing Base (NGSCB)
A broad definition can be given as:
The Next Generation Secure Computing Base (NGSCB) is a part of the Microsoft Vista operating system (OS) that employs a trusted platform module (TPM), a specialized chip that can be installed on the motherboard of a personal computer (PC) or server for the purpose of hardware authentication. NGSCB technology came under the code name Palladium, which was the word for a mythical talisman that guaranteed the security of Troy. NGSCB relies on hardware technology designed by members of the Trusted Computing Group (TCG), which provides a number of security-related features, including fast random number generation, a secure cryptographic co-processor, and the ability to hold cryptographic keys in a manner that should make them impossible to retrieve, even to the machine's owner.The development-phase version of NGSCB was originally called Palladium which was conceived jointly by Intel, AMD and Microsoft.
Architecture and technical details
It consists ofsoftware components developed by Microsoft and hardware components developed by the Trusted Computing Group.It requires specialized hardware and is not compatible with pc's before 2004.The two hardware components are: the Trusted Platform Module (TPM), which will provide secure storage of cryptographic keys and a secure cryptographic co-processor, and a curtained memory feature in the Central Processing Unit (CPU).
Secure storage and attestation
At the time of manufacture, a cryptographic key is generated and stored within the TPMand the TPM is designed in such a way that it is extremely difficult to retrieve the stored key by reverse engineering or any other method, even to the owner. Applications can pass data encrypted with this key to be decrypted by the TPM, but the TPM will only do so under certain strict conditions.The TPM is also able to produce a cryptographic signature based on its hidden key.
Data within curtained memory can only be accessed by the application to which it belongs, and not by any other application or the Operating System.It is difficult to trick a trusted application into running outside of curtained memory and hence reverse engineering is also difficult.
Digital Rights Management:
a secure form of Digital Rights Management (DRM) may be developed By utilizing the attestation, curtained memory and cryptographic features of the TPM. DRM would be implemented by encrypting DRM-protected files and only making the decryption key available to corporate trusted applications. Encrypted files are such that it would be extremely difficult to decrypt the file at an unauthorized destination, rendering it useless.
Here, a secure method for the owner to identify themselves would be provided, and through this method the owner would be able to force the TPM to make a false attestation or decrypt data for an application that would not otherwise be allowed access to that data.
NGSCB provides each workstation the ability to securely attest that no unauthorized modifications have been made either to its hardware or software.
for a seminars report pdf, visit: