Leviathan™ vs. Palladium vs. TCPA

TEPartners (Leviathan™), Microsoft (Palladium -- see #1 footnote below), and the Trusted Computing Platform Alliance (TPS -- see #2 footnote below) have all recognized that a trusted computing environment can only be established with a proper combination of hardware and software. This white paper summarizes the differences.

The information discussed in this white paper is summarized in the table below. This information is presented to make all readers aware that they can get the ultimate in computer security while expending the least amount of money, effort and time by installing the Leviathan Module and its accompanying Access Control Software to protect their computer system hardware, the software installed on it and the data that is stored in its memories.

1. Palladium Systems: Microsoft, Inc. defines the Palladium system in terms of two components. A hardware component called the "Security Support Component" and a software component called the "nexus." Microsoft defines these two components as follows:

• The Security Support Component (SSC) is a hardware module (also called a chip elsewhere in the Palladium documentation) that can perform certain cryptographic operations and securely store one or more cryptographic keys that are used by Palladium to provide the sealed storage and attestation functions. At a minimum, the SSC provides RSA public-key operations (encryption, decryption, digital signature generation and verification), AES encryption and decryption, and SHA-1 hash computation. The SSC also contains at least one RSA private key and AES symmetric key that are private to the SSC and never exported from the chip.
• A nexus, what Microsoft used to refer to as a "nub" or "trusted operating root," is essentially the kernel of the Palladium-isolated software stack. Palladium services are initialized by booting the Palladium hardware with a mini operating system kernel called the nexus. The nexus provides a limited set of APIs and services for Palladium applications including sealed storage and attestation functions. Think of Palladium applications and a Palladium nexus as residing in the user mode and kernel mode spaces of the parallel Palladium execution environment. (Microsoft states: "Anyone can write a nexus for a Palladium, but the user always has authority over what nexuses are allowed to run on top of the Palladium hardware."

2. Trusted Computing Platform Alliance (TCPA) Subsystems: The TCPA defines the heart of their Trusted Platform Subsystem as a Trusted Platform Module (TPM) that may or may not be a physical module. (However, all present implementations of the TPM, those from AMD, Atmel (which is used by IBM), National Semiconductor and Wavexpress, Inc., have a hardware chip as their cores.) Microsoft defines the differences between the Palladium and the TCPA specification as follows:

"The key difference between the two models is the relationship between the security co-processor - the Trusted Platform Module (TPM) in TCPA and the SSC in Palladium - and the rest of the PC. In the TCPA model, the TPM is a mandatory part of the boot sequence on a TCPA-certified platform. A TCPA TPM is able to measure (make signed statements about) the entire set of software that is running on a PC. In contrast Palladium is designed to sit side by side with the PC's operating system and does not need to be involved with the boot process of the machine. The use of security features provided by the Palladium, including all functions involving the SSC, is always optional and under the user's control."

So far all versions of the TPM and the stated implementation of the SSC are single chip, RISC-based microprocessors with an embedded cryptographic arithmetic unit. All TPMs have, so far, been built to be low cost and to be connected to the PC via the Low Pin Count (LPC) bus. All of these, in order to comply with the TCPA requirement for a Trusted System to have a "secure boot process," have relocated the boot ROM from being connected to the CPU via the microprocessor's bus to being on the other side of the TPM from the LPC bus. Microsoft has defined the SSC as being (initially) connected to the microprocessor via the microprocessor's bus and has removed the requirement of having a "secure boot process" from the functions to be performed by the SSC. (Microsoft has stated that they envision that, eventually, the SSC would be integrated with the microprocessor by being implemented on to the microprocessor's chip. Such a move of the Palladium hardware would then allow the Palladium to perform a "secure boot process" as required by the TCPA specification.)

Both the TPM and the SSC have a hidden secure storage area in order to hold and keep private critical components such as cryptographic keys and User Certificates, a user's private information.

There are some TPM chips available today but only one manufacturer, Atmel, has had any success in making any sales; it's AT97SC3201 IC is a part of the high-end IBM laptop machines. Microsoft has stated that it will be "several years" before Palladium appears on any machine.

It should be noted that both the TPM and the SSC require new motherboard designs and, according to some Microsoft released information, Palladium will require a new register inside the CPU.

3. Leviathan Systems: Leviathan, on the other hand, already combines the ability to perform all functions required by the TCPA specification and by the Palladium system. Leviathan begins it's operations with the ability to perform a "secure boot operation" (at the user's option) and provides hidden secure storage areas for it's security functions. (Leviathan was conceived in 1994 and the first model completed in 1996. The US and foreign Patents and applications for patents were filed in 1998, the year both the TCPA and the Palladium were conceived. The "hidden secure storage area" for use in security operations is an allowed claimed feature of the four Leviathan US patents.)

The Leviathan module, since it resides between the microprocessor and the microprocessor's bus has the ability to run the Palladium nexus as it is envisioned by Microsoft for the initial implementation of the SSC and it has the ability to run whatever nexus Microsoft will define for the next generation Palladium.

Finally, in all of the TCPA and Palladium documents their specifications cover only PCs as the host. With Leviathan the module can be customized to the CPU microprocessor's design and provide all of these great security features for any computer system type regardless of who is the manufacturer. In no case will the Leviathan module require a new motherboard but can be retrofitted into existing systems and onto existing motherboards.