• Chart: NGSCB Terminology Guide

In an effort to enlist hardware vendor support, Microsoft has released more information about its plans to build a secure PC platform, the Next-Generation Secure Computing Base (NGSCB). However, a number of technical and political questions must still be resolved, suggesting that NGSCB will not find its way to market in time for the release of the next Windows client OS, Longhorn, in late 2005. Even as these issues are resolved, uncertain customer demand means that hardware manufacturers may balk at doing the work necessary for NGSCB, including creating a new chip set and modifying CPUs and peripherals.

Hardware Makers Crucial

NGSCB, formerly code-named Palladium, is Microsoft's long-term plan to better secure data on a PC from unauthorized access, tampering, or use.

NGSCB will consist of two main parts: a new OS component, the "nexus," which will encrypt and decrypt secure data and act as a gatekeeper to allow other software, including applications, drivers, and non-secure parts of the OS, to access that data; and a new hardware chip, the Trusted Platform Module (TPM), which will contain the cryptographic keys used by the nexus. (For an overview of some NGSCB components and how their names have changed since Microsoft first proposed the technology, see the sidebar "NGSCB Terminology Guide".)

In addition, NGSCB will require a modified CPU and memory controller to enable hardware-based restricted memory; modified input devices, such as keyboards and mice; and modified video hardware, such as graphics processors. Therefore, Microsoft is depending on hardware manufacturers—particularly chipmakers like Intel and AMD—to get NGSCB off the ground.

In an effort to enlist more hardware manufacturers in this mission, Microsoft released more information about NGSCB at its annual conference for hardware companies—the 2003 Windows Hardware Engineering Conference (WinHEC). In breakout sessions and white papers, Microsoft outlined the hardware modifications that will be necessary for NGSCB to work, revealed some specific TPM services that the nexus will use to seal and unseal data, and explained that NGSCB-aware applications will have to use XML manifests to present information about themselves so the nexus can interact with them, among other things.

Likely Availability: Post-Longhorn

In his WinHEC keynote speech, Chief Software Architect Bill Gates hinted that NGSCB would be delivered in Longhorn, which is expected to hit the market in late 2005. However, a number of thorny technical and political questions must be resolved before NGSCB takes off, and Microsoft has been careful not to commit to any specific release date.

On the technical side, for instance, Microsoft says that the NGSCB architecture will enable applications to trust one another without a third-party trust authority. This is simple for interactions between PCs that have been authenticated to one another and whose users already trust each other. But many of the most potentially useful NGSCB applications—particularly digital rights management (DRM) schemes to protect digital media files and confidential data shared between companies—will require third-party trust authorities and an infrastructure that can provide a hierarchy of trust. Microsoft has not yet addressed how this infrastructure might be built.

Politically, NGSCB could run headlong into another plan for a secure computing platform proposed by the Trusted Computing Platform Alliance (TCPA), which counts Microsoft and many other influential technology companies (such as AMD, Hewlett-Packard, IBM, and Intel) as members. NGSCB is not compatible with current TCPA specifications, and it attempts to accomplish a superset of the TCPA's goals, which will require more work on the part of hardware manufacturers. For example, NGSCB requires modifications to the CPU and memory controller so each application has its own secure memory space, whereas the TCPA's specifications do not.

Given these issues, it's unlikely that NGSCB will be released concurrently with Longhorn, which is expected in late 2005. (See "Windows Roadmap Leads to Longhorn".) Rather, Microsoft is likely to build support for NGSCB into Longhorn, and only later, when the necessary hardware modifications have been completed, would OEMs begin shipping NGSCB-enabled PCs.

Uncertain Demand

Even if Microsoft and its partners resolve these issues, the biggest potential stumbling block for NGSCB is unclear demand. Although some vertical industries—particularly government and finance—might see benefits and provide a solid early adopter market for NGSCB, it's less likely that the average business will be willing to replace its hardware, OS, and applications in the name of security. Consumers could be even less interested, especially if users view NGSCB as a path to stronger digital rights management (DRM) that will complicate sharing of digital media files.

The lack of demonstrated demand could lead to a "chicken-and-egg" scenario in which hardware vendors, including chip makers, peripheral companies, and OEMs, delay making the modifications necessary for NGSCB, further limiting customer interest.

Although Microsoft has taken pains to state that NGSCB is not a DRM system by itself, it could be used to make DRM systems harder to break. Thus, industry support for NGSCB could depend on the success of Microsoft's forthcoming Rights Management Server and whether consumers grow to accept DRM-enabled media downloads.

Resources

For more background on NGSCB, see "'Palladium' Plan for Trustworthy OS Revealed" on page 10 of the Aug. 2002 Update.

A white paper explaining the hardware modifications necessary for NGSCB is at www.microsoft.com/resources/ngscb/documents/NGSCBhardware.doc.

Two white papers explaining NGSCB's technical goals and architectural components are available at www.microsoft.com/resources/ngscb/documents/NGSCB_Security_Model.doc and www.microsoft.com/resources/ngscb/documents/ngscb_tcb.doc.

For more information about Rights Management Server, see "Rights Management Comes to the Enterprise" on page 11 of the Apr. 2003 Update.

The TCPA is at www.trustedcomputing.org.