Protecting Data At Rest

1
Protecting Data At Rest

• 1/29/2009

2
Theft Expensive Frequent

• 1 in 10 notebooks are stolen and 88 never
  recovered
• Source Tech Republic survey
• U.S. Veterans Affairs spent more than 14 million
  to operate a call center and send notification
  letters to 27 million Veterans affected by a
  notebook lost by a V.A. employee in May 2006
  (GovExec.com)
• Notebook theft was attributed to 59 of computer
  attacks in government agencies, corporations, and
  universities during 2003
• Source Baseline 2004
• Since January 2005, more than 251 million
  personal records have been exposed.
• Source Privacy Rights Clearinghouse, as of
  January 19, 2009

3
Data and PC protection soon available with
Intel vPro Technology
Intel vPro technology
Intel Trusted Execution Technology
Intel Active Management Technology
Intel Virtualization Technology
Intel Anti-Theft Technology (Intel AT)

• Intel AT-d (Data protection)1
• Hardware-based full disk encryption
• Intel AT-p (PC protection)2
• Remote/Local PC disable
• PC reactivation

4
Theft Management Cycle
Compliance
Intel AT1,2 helps address compliance
throughout the theft management cycle
5
Intel Anti-Theft TechnologyPC Protection
Services2

• PC-side Detection Mechanisms
• Login failures (PBA)
• Timer Expiration
• Poison pill
• PC Disable
• Data Access Disable
• Recovery
• Simple Reactivation

6
Intel Anti-Theft TechnologyPC Protection Service

• Today

• Added Value

• Intel Anti-Theft Technology
• HW/BIOS/SW based
• Local/remote PC Disable
• Local/remote data access disable
• Works with and without network connectivity

• Existing solutions
• BIOS/SW based
• No PC disable
• Remote data deletion
• Rely on network connectivity

7
Detection Mechanisms
The system keeps track of an IT-determined number
of login failures in PBA Works even when no
network available
ExcessiveLogin Failures
PC must rendezvous with Theft Management Server
periodically. Local timer keeps track of this
activity and triggers a response upon expiration
(per IT policy),
Local Timer Expiry
User notifies loss/theft to SP PC is flagged in
central server. PC Calls Home regularly and
receives poison pill
RemoteNotification
8
Response poison pill
PC becomes inoperable OS will not boot Only
Reactivation Screen is available
PC Disable
Encrypted Data AccessDisable
SW-based encryption keys can be escrowed in
Chipset These keys can be deleted or hidden to
protect data
9
Reactivation Process
Pass-phrase was pre-provisioned by end user User
has a timeframe to unlock PC
Reactivation Screen
LocalPass-Phrase
Service Provider/IT can generate Unlock Token for
end user to enter in Reactivation Screen Only
works 1-time
Unlock Token
10
(No Transcript)
11
Intel AT-p Client Architecture
Pre-Boot Authentication and Recovery Screen
Host (Post-Boot)
in band Access (policies and poison pill)

• Triggers, Actions, and Recovery all controlled by
  hardware
• SW encryption keys escrowed in hardware

12
Intel Anti-Theft Service Usage Model
13
Use Case
PC Becomes Inoperable Following Excessive Login
Attempts
1
Jeff forgets his satchel containing his notebook
and wallet while riding in the NY subway
2
A lucky stranger (Pat) picks up the goods
Pat attempts to access the device by guessing the
password
3
After multiple (set by IT policy) failed attempts
to log in, the PC is automatically disabled and
will not even run the OS
4
The data on the PC has automatically been
protected and Pat cannot access anything
5
14
Use Case
PC Becomes Inoperable and Data Inaccessible After
Timer Expires
Due to the sensitive nature of the data in his
PC, Jeffs PC needs to to call home every
day (per IT policy)
Busy writing an important paper, Jeff has not
logged in for the last 3 days
As determined by locally stored policy (as set by
IT), the PC enters theft mode and disables
itself and access to encrypted data
15
Use Case
User Reports Loss or Theft and IT Sends poison
pill
2. Incident reported to IT
1. Laptop is stolen
3. Theft flag associated with stolen laptop is
set by IT in central database
4. Stolen laptop connects to the Internet, and is
automatically connected to the anti-theft server
via protected TLS channel
5. Laptop determines it is stolen by reading
flag in server upon check-in
6. Poison pill sent from server to laptop to
disable data access and disable PC
7. Laptop rendered inoperable data access is
disabled protecting data on the PC from being
read/accessed
16
Use Case
Reactivation Process
1. Laptop is restored to rightful Jeff (owner)
2a Jeff enters strong Pass-phrase to unlock the
PC
2b Jeff calls Service Provider/IT. SP
generates a one time recovery token for Jeff to
unlock the PC
17
Intel Anti-Theft TechnologyPC Protection
Services
Hardware Based
PC and Data Protection
Protect your Business

• Can survive BIOS and OS reinstall
• Works with and without network connectivity
• PC disable capabilities scale world wide

• Local/Remote poison pill
• Disable access to encrypted data (deals w/
  insider theft)
• Simple Reactivation PC/data access when recovered

• IT hosted or by Service Provider
• Helps Address compliance with flexible policies
• Reduce risk to your customers business

Intel AT-p enhances Theft Management Services
with Hardware-based Proactive and Reactive
capabilities
18
Theft Management Cycle
Compliance
Intel AT addresses compliance throughout
the theft management cycle
Some capabilities require a Service Provider
hosted service or an ISV solution enabled with
Intel Anti-Theft Technology for full
functionality.