Академический Документы
Профессиональный Документы
Культура Документы
Intel introduced its new Anti-Theft technology for the mobile computers. In the event of theft, the technology will "basically lock the system, lock the disk, so people cannot be maliciously using and getting the data. According to the company, the technology will be able to disable system from working, disable data access and protect hard disk drive (by encrypting all the data). The technology focuses on asset recovery, theft management and data protection and will arrive in laptops very soon with Intel Core vPro processors at the end of 2011. This hardware-based technology provides compelling tamper-resistance and increased protection to extend your security capabilities and minimize your business risk. Anytime, Anywhere you need
Introduction
Intel IT recently completed a technology evaluation of Intel Anti-Theft Technology (Intel AT), available on laptops PCs with 2010 Intel Core vPro processors. Intel ATs flexible policy engine lets you specify the detection mechanism that asserts theft mode, the thresholds for timer intervals, and the action(s) to take. Because the technology is built into laptop hardware, Intel AT provides local, tamper-resistant, policybased protection that works even if the OS is reimaged, the boot order is changed, a new hard drive is installed, or the laptop is disconnected from the network. When the laptop is recovered, you can reactivate it quickly and easily using your choice of methods Intel AT enhances security solutions as Follows:-
has been re-installed, thanks to a hardware-to-hardware link between the 3G card and the Intel AT system.2 Resume from standby. IT administrators can now tighten the security of a laptop upon resume from standby (S3 sleep) state: If the Windows* login is not completed in a short period of time (as defined by IT), the user must re-enter the encryption login credentials before being allowed access to the PC. This feature closes a traditional vulnerability in data protection of PCs and is available on PCs with the 2nd generation Intel Core i5 vPro and Core i7 vPro processors. Flexible IT-specified responses Intel AT provides flexible options for automated loss/theft responses. Depending on the mechanism, the response can be activated locally and automatically, or remotely by IT. Disable access to encrypted data. Delete essential elements of cryptographic materials that are required to access encrypted data on the hard drive. Disable the laptop (poison pill). Block the boot process through the laptops hardware. This response works even if the boot order is changed, the hard drive is replaced or reformatted, or other boot devices (for example, a secondary hard drive, removable drive, CD, DVD, or USB key) are tried. Location beaconing over a 3Gnetwork. This is possible after the PC has been disabled, thanks to a direct hardware link between the 3G module and Intel AT (no OS dependency.) Customizable lost-and-found message. This message is displayed after the laptop enters theft mode. For example, a lost-and-found message could say, This laptop has been reported missing. Please call 1-555.666.777 to return the system.IT can combine responses to provide different levels of lock down for different users.
1.1] Its not your PC, its your business. Lock it tight.
Laptops powered by the 2010 Intel Core processor family and enabled with Intel Anti-Theft Technology1 are so smart they can disable themselves if they are lost or stolen. Because the technology is built into PC hardware, Intel Anti-Theft Technology1 (Intel AT) provides local, tamper-resistant protection that works even if the OS is reimaged, the boot order is changed, a new hard-drive is installed, or the laptop is disconnected from the network.
4 | INTELS ANTI THEFT TECH.
Detects suspicious behavior, such as excessive login attempts or failure to connect to the theft-monitoring server at regular intervals, and triggers theft mode. You determine the monitoring intervals to fit your companys needs.
Locks down stolen or lost laptops at the hardware level without harming your software. Deletes essential cryptographic material2 from system hardware in order to disable access to encrypted data stored on the hard drive, even if data encryption credentials are compromised.
Displays a customized warning message to aid in laptop recovery. Easily and quickly reactivates your PC, software and data when the laptop is recovere
2].Need of
Data breaches continue to increase in number and cost Businesses have access to many robust security solutions. These include anti-virus applications, intrusion prevention systems (IPSs) and intrusion detection applications, as well as encryption, data loss prevention (DLP) solutions, and authentication applications (identity and access management solutions). Yet, with all the security applications and approaches available today, companies are still vulnerable to data loss and theft. In fact, according to a 2010 Ponemon Institute benchmark study, the average laptop has about a 7 percent chance of being lost or stolen.1 Businesses are struggling not only to protect sensitive data, but also to prove compliance with increased security regulations in both Europe and North America. With less investment, its easier to break through security and commit data breaches which includes:- An increasingly mobile workforce. As users become more mobile, laptopsand their dataare more exposed to loss and theft. For example, health-care workers are often mobile, not just within hospitals and health-care centers, but between campuses. Other vulnerable groups include consultants, financial advisors, sales and marketing users, construction engineers, and other workers who travel between job sites Laptops are often shared in environments such as data centers, schools, and customer service centers. Sharing laptops among many users not only makes sensitive data more vulnerable to loss or theft, but it also puts data at greater risk of unauthorized access.
5 | INTELS ANTI THEFT TECH.
Bulk shipments of laptops. The military, government agencies, and educational organizations are particularly vulnerable to laptop theft during transport. Expensive assets. Customized telecommunications laptops for field technicians, for example, are particularly tempting to thieves. As a result, their sensitive data are at greater risk of exposure.
Security applications installed at the OS or BIOS level. These can be robust solutions, but are at risk of being circumvented or disabled. Security credentials are often stored in software. This makes them vulnerable to attacks aimed at gaining access to applications and data. Data breach costs are still rising Companies face both direct and indirect costs in the aftermath of a data breach: Stiffer fines, more post-incident requirements, and higher post-incident costs. For example, the average organizational cost of a data breach increased to USD 6.75M in 2009.1
Loss of intellectual property. 71 percent of laptop thefts result in a data breach, exposing not only client and consumer data but proprietary data as well Legal costs of investigation, notification, and resolution of the incident. Last years average per-victim cost was USD 204, an increase of USD 2 per customer record compared to similar costs in 2008.1
Credit monitoring. A company may need to provide costly credit monitoring for individuals who could be affected by the data breach. Damage to the brand. Loss of public and investor confidence, business opportunities, and revenue that result from a companys damaged reputation is responsible for USD 144 (70 percent) of the USD 204 average cost of a compromised record
3]. A layered approach to security, including hardware-based Intel Anti Theft Technolgy (Intel AT)
Security is installed at the OS level, integrated in BIOS and firmware, and also designed into hardware. This layered approach helps businesses manage and mitigate risk and improve compliance with new regulations Rapid local or remote policy-based detection and response Security vendors are taking advantage of local and remote tamper-resistant triggers that can detect a suspicious condition: Excessive login attempts (local). Multiple failed login attempts in a pre-boot authentication (PBA) screen. PBA login timer expires (local). If the user does not log into the PBA screen successfully within the IT-specified time frame, the laptop enters theft mode Rendezvous timer expires (local). A local, hardware-based timer expires if the laptop does not check in with the central server within an IT-specified interval of time. This feature is a local trigger implemented in hardware; it works regardless of network connectivity Notification from server (remote)via IP-based network. A flag set in the central server triggers a poison pill, which is sent to the laptop via a wired or wireless LAN the next time the system checks in Notification from server (remote) via 3G-based network. IT administrators can automatically or manually send a poison pill via an encrypted SMS text message over a 3G network.5 This allows IT administrators to remotely and rapidly trigger a lock down even without LAN/WLAN-based connectivity PC tampering (local). A lock down can be triggered when Intel AT detects changes in the firmware of the laptop or removal of the CMOS battery. These flexible responses allow IT to specify the conditions that determine a lock down or trigger the disabling of encryption credentials. Laptops themselves can now
4].Features of ATT:New in Intel Anti-Theft Technology (Intel AT): Protection for decrypted data after resume from S3 sleep state One of the traditional vulnerabilities of encryption on laptops occurs when a laptop resumes from standby (S3) sleep state. Files that were decrypted before the system entered sleep state remain decrypted when the system wakes. The decrypted data can be easily accessed by thieves, and even by unauthorized users who simply lift the lid of the laptop to steal the data. Access is allowed because, upon resume from S3, a traditional laptop bypasses the pre-OS authentication screen for the encryption application. Intel Anti-Theft Technology (Intel AT) closes that window of vulnerability and enforces pre-OS encryption by requiring that the user re-authenticate when the system resumes from S3. The user must enter his or her credentials within a predefined period of time before regaining access to the decrypted files. This feature is available on laptops with 2nd generation Intel Core processors 4.1 Data Access Disable:a) Protect encrypted data from unauthorized access. b) Secure hardware environments through software-based encryption keys placed in escrow instead of on the hard disk. c) Protect PCs with tamper-resistant hardware. 4.2 PC Disable:a) Minimize sensitive data being accessed or stolen. b) Disable the PC locally or remotely. c) Intel Anti-Theft Technology can assist as a theft deterrence tool since the PC becomes inoperable, thereby unattractive to steal. 4.3 Notification via message a) sent over an IP-based wired or wireless LAN. b) The next time the laptop connects to the central server, it can receive an encrypted message (the poison pill) to go into theft mode
4.3 Reactivation:Restore notebooks to full functionality without compromising local security features for data or PC disable access.: Intel AT includes several mechanisms for easy, rapid reactivation of a recovered laptop, including integration with existing software vendors pre-boot login modules Local passphrase entered by the user or by IT in a special pre-OS reactivation screen (via BIOS or a PBA module) One-time reactivation code generated by IT or by the users service provider, and entered in a special pre-OS reactivation screen or PBA 3Gencrypted SMS message sent from IT to the laptop makes it easy to reactivate the laptop; the user does not have to enter anything once confirmed as the rightful owner.
Whichever method is chosen, reactivation returns the laptop to full functionality in a simple and quick manner, without compromising sensitive data or the systems security features.
Fig B:screen shot of database from intel server The results of our evaluation indicate that Intel AT will improve our ability to protect company-owned laptops as well as data and intellectual property. We plan to test the same features over a mobile 3G network in the near future.
Figure 1. Intel Anti-Theft Technology (Intel AT) can help detect theft and disable a laptop if it is lost or stolen. THEFT DETECTION When users report that a laptop has been stolen, Service Desk technicians can send a remote theft alert to the laptop that disables it. Intel AT can also use programmable triggers to detect suspicious behavior and disable a laptop locally. Intel AT works in three ways: User-reported theft. If the laptop owner contacts the Service Desk, a technician an send a poison pill to disable the laptop. The poison pill, served in the form of an encrypted Short Message Service (SMS) text message, can be delivered over a LAN, WLAN, or 3G network. Tamper detection using the local grace timer. In the event of suspicious activity, such as excessive attempts to log on to the network or a longer-than-usual amount of elapsed time before credentials are entered, the laptop disables itself using its programmable grace timer.
12 | INTELS ANTI THEFT TECH.
Tamper detection using the local rendezvous timer. If the laptop does not log on to the network within a period of time set by policy, such as daily, it disables itself using the programmable local rendezvous timer.
Figure 2. Intel Anti-Theft Technology allows Service Desk technicians to set flexible, policy-based responses to laptop theft.
a) Disable access to the data, by deleting components of software-based encryption keys and other cryptographic credentials required to access the encrypted data on the HDD. b) Disable the PC by blocking the boot process, even if the hard drive is replaced or reformatted. c) Disable both the PC and access to the Intel AT data storage area. 6.1. Exclusive login attempts can trigger poison pills for PC disable:a) Disable a PC after exclusive login attempts can be an effective way to prevent loss of encrypted data. For example the engineers notebook and wallet might be stolen from an airport. The thief might try to log in using information from the engineer's wallet, but based on T policy-- after three login attempts, the Intel Anti Theft trigger is tripped, and the system locks down. b) If an encryption software vendor has provided this feature, encryption keys for encrypted data (or software components that are needed to access these keys) can be erased from the hard drive and thereby disabling the PC. In this case even if the thief removes the hard drive and installs it on another device, the security credentials that provides access to encrypted data on the hard drive can be erased or disabled and the data cannot be stolen. Until reactivated by the authorized user or IT, the PC will not boot and the encrypted data cannot be accessed. 6.2.Server login attempts can trigger position pills for PC Disable:In another example, the research scientists notebook might contain highly sensitive data about a new invention. In this case , IT has defined the triggers on the scientists notebook to require the notebook to log in daily. During a family event, the scientist takes time off and does not login for two days. Based on locally stored policy for the login timeframe, the notebook enters Theft Mode , disable itself (and erases the encryption keys for encrypted data on the hard drive, if an encryption software vendor has provided this feature). Even if the notebook is removed from the lab while the user is away, the notebook has secured itself until the scientist returns and reactivates the system.
Figure 1. Intel Anti-Theft Technology (Intel AT) can help detect theft and disable a laptop if it is lost or stolen.
To help recover a disabled notebook, you can display a custom message when it is turned on. For example, you could display, "This notebook has been reported missing. Please call 1-800-555-1234 to return the system and receive a reward."
A password Your password for logging into and restoring a disabled device is created when you configure Intel AT. To restore a disabled notebook with your password, select
b)
User Password in the Intel AT message screen, then enter the password when prompted. A reactivation code A unique reactivation code is required for logging into and restoring a disabled device that is managed by an IT department or service provider. To restore a disabled notebook with a reactivation code, select Code provided by administrator in the Intel AT message screen. then enter the code when prompted.
c)
d)
Detection Mechanism:- When user report that a laptop has been stolen, Service Desk technicians can send a remote theft alert to the laptop that disables it. Intel AT can
9].Intel AT works in three ways:a) User Reported Theft:-If the laptop owner contacts the Service Desk, a technician sends a poison pill to disable the laptop. The poison pill, served in the form of an encrypted Short Message Service (SMS) text message, can be delivered over a LAN, WLAN or 3G network.
b) Tamper detection using the local grace timer:-In the event of suspicious activity, such as excessive attempts to log on to the network or a longer than usual amount of elapsed time before credentials are entered, the laptop disables itself using its programmable grace timer.
c) Tamper detection using the local rendezvous timer:-If the laptop does not log on to the network within a period of time set by policy, such as daily, it disables itself using the programmable local rendezvous timer. d) Intel AT can block the OS from loading,- even if the hard drive is replaced or reformatted. Intel AT can also be used to disable the access to data encryption keys and block access to valuable data on the hard drive, even if the drive is moved to a different system.
10.]System Recovery:10.1 Easy Restoration:- A disabled laptop can display a customizable recovery message with contact information to help return the laptop to its rightful owner. Once the laptop is back in its owners hands, it can be restored without damage to the hardware or data by using one of two techniques as follows: 10.2 Local Passphrase:-Users set a strong passphrase in advance, to be used in a special prelogon screen. 10.3 Recovery Token:- A Service Desk technician generates a single-use alphanumeric key and provides it to the user.
18 | INTELS ANTI THEFT TECH.
The Agent in your computer maintains daily contact with the Absolute Monitoring Center. If you report your computer stolen, Agent contact will increase to every 15 minutes. Increased contact allows us to obtain specific details like the physical location of your computer, any activity that has occurred post-theft, and other important data that will aid us in working with local law enforcement to catch the thief and return your property to you. Regardless of recovery status, you can remotely delete data to remove some or all of the information stored on your computer so that it doesn't fall into the wrong hands. This could include files and applications containing personal photos, internet bookmarks, browser cookies, financial information, and stored passwords. Everything an identity thief would need to steal your identity.
Intel AT provides an added layer of security to computers already protected by Computrace, allowing you to remotely disable a machine and render it virtually useless to unauthorized users. Together, these solutions provide a powerful set of options when responding to loss, theft or suspicious circumstance, and offer an enhanced level of protection even when the hard disk is encrypted, the PC is off, or the operating system is down. Intel AT Automatic Disable Intelligently disable computers that fail to check in to the Absolute Monitoring Center within a pre-defined time period. Secure assets and data even if theft is not immediately recognized Send a poison pill Remotely lock down a compromised notebook and prevent the OS from booting. Use real-time technology to invoke the Intel AT lock almost immediately.1 Disable regardless of physical location, internet connection, or if device is turned on A computer that is locked with Intel AT technology can be easily reactivated once security is reestablished. Unmatched Protection If your computers are Intel AT enabled and youve activated our Computrace Agent, your computers are now protected with the most reliable and tamper-resistant combination of technologies available today. For a complete list of computers that support Intel Anti-Theft Asset Management Manage computers and smartphones (regardless if a device is on or off the company network). Monitor changes in asset information including user identification, physical location, and the installation of software/hardware that may not comply with company regulations. Data & Device Security Remotely delete sensitive data on missing computers and produce an audit log of the deleted files to prove compliance with government and corporate regulations. Use the Device Freeze feature to freeze a computer. Once frozen, display a custom message to the user encouraging them to comply with specific requests for action (return for servicing, validate user identity, etc.).
Geotechnology Use GPS or Wi-Fi technology to track your assets on an internet map. You will be able to see current and historical locations within about 33 feet. Computrace products that include Geofencing allow you to build pre-defined areas (geofences) and apply rules with alerts if a condition occurs for instance if a device remains outside a boundary beyond a set measure of time. If the physical location of a device contravenes the rule you will be alerted so you can investigate and determine if further action is required. Theft Recovery At our customers request, the Absolute Theft Recovery team will forensically mine a stolen computer over the internet using a variety of procedures including key captures, registry and file scanning, geolocation, and other investigative techniques to determine who has the computer and what theyre doing with it. Most importantly, we will use our technology to pinpoint the physical location of the computer and work closely with local law enforcement to recover it.
Deter theft Remove the temptation to steal a notebook which will soon stop functioning. Guard data assets Protect data on the hard drive by preventing the operating system from loading and disabling access to data encryption. Customize detection/reaction Control how and when the notebook detects it has been stolen, and what actions are taken. Restore operation easily Reactivate a locked notebook quickly with no damage to its hardware or data. Personalize a recovery message Display a personalized "Good Samaritan" recovery message on the notebook screen to aid in recovery. Rely on trusted partners Subscribe to a software security service to utilize all
2)
3)
4)
5)
6)
Disadvantage of A T TThe following are some of the disadvantages of Intel AT: a. Costly b. Battery cosuption is more c. Requires internet connection for device tracking d. Arrive in market at end of 2011 e. Help of local police is required
15]Business Challenge
Each year, 2 million laptop PCs are stolen, and 97 percent of these are never recovered.1 This represents a huge risk to enterprises in terms of lost hardware and, more importantly, lost data and intellectual property. Intel IT is responsible for investigating potential impacts on the enterprise of all lost and stolen company-owned PCs. We investigate tools and practices that help avoid these risks, and we are interested in assessing Intel AT toward this end.
15.1]SYSTEM REQUIREMENT
Intel AT is available on laptop PCs with 2012 Intel Core vPro processors
15.2]Technology Evaluation
Working with the product group and our encryption supplier, we tested various features of Intel AT on our WLAN, LAN, and VPN. We also brainstormed additional use cases, such as investigations support, and discussed the potential integration of Intel AT with other enterprise security capabilities.
Our evaluation was based on a theoretical use case in which a user calls the Service Desk and reports the laptop stolen. In response, the Service Desk technician sends a poison pill from the IT management console. The poison pill disables access to the encryption keys by deleting a critical encryption key stored on the chipset. We also tested reactivating a disabled laptop using both a local passphrase and a remote recovery token to restore access to the encryption keys.
14.]Conclusion:Intel ITs collaboration with the Intel AT product team and encryption supplier was important in defining Intel AT. This product has the potential to improve our intellectual property. While hard-drive encryption is a valuable approach to data security, the ability of Intel AT to further make the encryption keys inaccessible extends the value of encryption. With Intel AT, encryption keys can be deleted remotelyand automatically. Without the encryption keys there is no way an unauthorized user can access the data. Even more importantly, unlike software-based anti theft solutions, Intel AT is hardware-based and enables the encryption keys to be restored in the event that the platform is recovered.
15].Reference:1) www.google.com 2) www.intel.com 3) Amezon.com 4) Wikipedia.com 5) Tachikawa, K. NTT DoCoMo, Inc., A perspective on the evolution of anti theft device IEEE Communications Magazine, Oct 2003