Intel is bringing its Trusted Execution Technology from the realm of the desktop to the notebook side of the world for users of Centrino 2 with vPro.
The technology, launched with the new mobile platform July15, is meant to provide a protected execution environment where sensitive data can be processed out of view from other software. When used in conjunction with virtualization technology, the capabilities provide an extra layer of trust rooted at the hardware-level, according to the company.
“What it does is enables that particular environment to ensure that it comes up in a trusted environment every time,” said Andy Tryba, director of marketing of the Digital Office at Intel. “From a technical perspective, it actually does a secure hash algorithm, and compares that to the known has algorithm. That’s particularly important in [the] new streaming architectures that we’re seeing more and more.”
In such architectures, he said, people want to ensure that data either is secure on the client or doesn’t reside on the client at all.
“So if you’re streaming some data from the server onto a client, you want to ensure that that client has a secure envelope … that that data is going into every time,” he said.
Centrino 2 with vPro also has security management features to enable remote fixes, aided by capabilities such as “Agent Presence Checking,” which provides automatic, out-of-band notification to IT in the event an agent is detected as missing or disabled on a machine.
“What Agent Presence does [is] it notifies the console when a specific (anti-virus) software local to the machine has been say turned off by the user…so IT can now not only be aware of the fact that the user has turned it off but now can also go through and remotely turn it back on,” Tryba said.
Though Intel’s decision to push security into the hardware was driven by the desire to protect users from software-based threats, an upcoming presentation from security researcher Kris Kaspersky underscores the possibility that hackers can still get around hardware-based security. Kaspersky is slated to present proof-of-concept code of how to make an attack via JavaScript code or TCP/IP packet storms against Intel-based machines at the Hack-in-the-Box Security Conference in Malaysia in October.
“Some of the bugs that will be shown are exploitable via common instruction sequences and by knowing the mechanics behind certain JIT Java-compilers, attackers can force the compiler to do what they want,” he wrote in the summary of his presentation.
Intel reportedly has said Kaspersky’s claims would have to be investigated. In any case, Tryba said a hardware-based approach provides users with an additional layer of security.
“Even though the software is fantastic and guys such as Symantec and Microsoft are certainly doing a great job of securing their environments, it’s still like having a safe sitting on your park bench, where the keys are indeed in the safe but it’s still in the open on the park bench,” he said. “So if you take that safe and actually imbed it into the hardware itself you can think of it as another layer of security that is significantly more robust than simply just having it residing in software itself.”