Title: Protecting Data At Rest
1Protecting Data At Rest
2Theft Expensive Frequent
- 1 in 10 notebooks are stolen and 88 never
recovered - Source Tech Republic survey
- U.S. Veterans Affairs spent more than 14 million
to operate a call center and send notification
letters to 27 million Veterans affected by a
notebook lost by a V.A. employee in May 2006
(GovExec.com) - Notebook theft was attributed to 59 of computer
attacks in government agencies, corporations, and
universities during 2003 - Source Baseline 2004
- Since January 2005, more than 251 million
personal records have been exposed. - Source Privacy Rights Clearinghouse, as of
January 19, 2009
3Data and PC protection soon available with
Intel vPro Technology
Intel vPro technology
Intel Trusted Execution Technology
Intel Active Management Technology
Intel Virtualization Technology
Intel Anti-Theft Technology (Intel AT)
- Intel AT-d (Data protection)1
- Hardware-based full disk encryption
- Intel AT-p (PC protection)2
- Remote/Local PC disable
- PC reactivation
4Theft Management Cycle
Compliance
Intel AT1,2 helps address compliance
throughout the theft management cycle
5Intel Anti-Theft TechnologyPC Protection
Services2
- PC-side Detection Mechanisms
- Login failures (PBA)
- Timer Expiration
- Poison pill
- PC Disable
- Data Access Disable
- Recovery
- Simple Reactivation
6Intel Anti-Theft TechnologyPC Protection Service
- Intel Anti-Theft Technology
- HW/BIOS/SW based
- Local/remote PC Disable
- Local/remote data access disable
- Works with and without network connectivity
- Existing solutions
- BIOS/SW based
- No PC disable
- Remote data deletion
- Rely on network connectivity
7Detection Mechanisms
The system keeps track of an IT-determined number
of login failures in PBA Works even when no
network available
ExcessiveLogin Failures
PC must rendezvous with Theft Management Server
periodically. Local timer keeps track of this
activity and triggers a response upon expiration
(per IT policy),
Local Timer Expiry
User notifies loss/theft to SP PC is flagged in
central server. PC Calls Home regularly and
receives poison pill
RemoteNotification
8Response poison pill
PC becomes inoperable OS will not boot Only
Reactivation Screen is available
PC Disable
Encrypted Data AccessDisable
SW-based encryption keys can be escrowed in
Chipset These keys can be deleted or hidden to
protect data
9Reactivation Process
Pass-phrase was pre-provisioned by end user User
has a timeframe to unlock PC
Reactivation Screen
LocalPass-Phrase
Service Provider/IT can generate Unlock Token for
end user to enter in Reactivation Screen Only
works 1-time
Unlock Token
10(No Transcript)
11Intel AT-p Client Architecture
Pre-Boot Authentication and Recovery Screen
Host (Post-Boot)
in band Access (policies and poison pill)
- Triggers, Actions, and Recovery all controlled by
hardware - SW encryption keys escrowed in hardware
12Intel Anti-Theft Service Usage Model
13Use Case
PC Becomes Inoperable Following Excessive Login
Attempts
1
Jeff forgets his satchel containing his notebook
and wallet while riding in the NY subway
2
A lucky stranger (Pat) picks up the goods
Pat attempts to access the device by guessing the
password
3
After multiple (set by IT policy) failed attempts
to log in, the PC is automatically disabled and
will not even run the OS
4
The data on the PC has automatically been
protected and Pat cannot access anything
5
14Use Case
PC Becomes Inoperable and Data Inaccessible After
Timer Expires
Due to the sensitive nature of the data in his
PC, Jeffs PC needs to to call home every
day (per IT policy)
Busy writing an important paper, Jeff has not
logged in for the last 3 days
As determined by locally stored policy (as set by
IT), the PC enters theft mode and disables
itself and access to encrypted data
15Use Case
User Reports Loss or Theft and IT Sends poison
pill
2. Incident reported to IT
1. Laptop is stolen
3. Theft flag associated with stolen laptop is
set by IT in central database
4. Stolen laptop connects to the Internet, and is
automatically connected to the anti-theft server
via protected TLS channel
5. Laptop determines it is stolen by reading
flag in server upon check-in
6. Poison pill sent from server to laptop to
disable data access and disable PC
7. Laptop rendered inoperable data access is
disabled protecting data on the PC from being
read/accessed
16Use Case
Reactivation Process
1. Laptop is restored to rightful Jeff (owner)
2a Jeff enters strong Pass-phrase to unlock the
PC
2b Jeff calls Service Provider/IT. SP
generates a one time recovery token for Jeff to
unlock the PC
17Intel Anti-Theft TechnologyPC Protection
Services
Hardware Based
PC and Data Protection
Protect your Business
- Can survive BIOS and OS reinstall
- Works with and without network connectivity
- PC disable capabilities scale world wide
- Local/Remote poison pill
- Disable access to encrypted data (deals w/
insider theft) - Simple Reactivation PC/data access when recovered
- IT hosted or by Service Provider
- Helps Address compliance with flexible policies
- Reduce risk to your customers business
Intel AT-p enhances Theft Management Services
with Hardware-based Proactive and Reactive
capabilities
18Theft Management Cycle
Compliance
Intel AT addresses compliance throughout
the theft management cycle
Some capabilities require a Service Provider
hosted service or an ISV solution enabled with
Intel Anti-Theft Technology for full
functionality.