WHITE PAPER 4th Generation ® Core™ Processors

Intel® Hardware-based Security for Intelligent Retail Devices Based on 4th Generation Intel® Core™ Processors

Intelligent devices are transforming the world of retail by bringing the convenience, variety, and ease of use of the Internet shopping experience into the store. Traditional and mobile point of sale (POS) devices with Internet connectivity share vast amounts of data and enable retailers to use the power of data analytics to support informed business decisions. Digital signs, interactive kiosks, POS terminals and interactive vending machines based on Intel® architecture have the intelligence to run anonymous viewer analytics through Intel® Audience Impression Metrics Suite (Intel® AIM Suite) and transform consumer experiences with relevant messaging delivered through rich and compelling graphics and video. “Digital Wallet” applications enable shoppers to make transactions on in-store devices using their smartphones. Protecting intelligent retail systems, and the customer and transaction data they generate, against malware, theft, and other attacks has never been a more critical issue for retailers. Intel security capabilities are now available to help retailers meet a broad range of threats.

Introduction Intelligent retail devices are designed to identification and inventory information. aggregate, analyze, and share data so Interactive digital signs carry viewer retailers and their customers can conduct analytics data, targeted advertising transactions and make informed decisions. messages, and applications for content Beyond traditional point of sale (POS) management. Intelligent devices inside the Protecting intelligent retail devices and cash-and-carry registers store, including intelligent signs and kiosks, with Internet connectivity, today’s new share data with the retailer’s inventory systems, and the customer and generation of retail systems now includes database and are used to support mobile transaction data they generate, mobile intelligent POS systems, interactive POS applications. digital signs, interactive kiosks, and The sharing of this high-value retail data against malware, theft, and interactive vending machines. In addition, is spawning a spectrum of sophisticated some devices are equipped with Intel AIM other attacks has never been a threats, ranging from data theft and Suite for anonymous viewer analytics. more critical issue for retailers. identity theft to the display of malicious It is no exaggeration to say that all of digital graffiti intended to harm retail the data shared by intelligent devices in brands on digital signs or interactive retail has great value to retailers and their devices. Attackers are using to customers and is therefore sensitive in gain access to a device’s nature. Devices including POS terminals, and applications, in addition to creating interactive vending machines and ATMs viruses and malware that can disable are used to perform financial transactions, a retail system or provide thieves with retrieve customer information, loyalty access to sensitive data. Intel® Hardware-based Security Technologies for Intelligent Retail Devices

Protecting systems, networks, and data • Intel® Data Protection processor family enables performance itself is a critical challenge for the retail with Intel® AES New Instructions improvements targeted at up to 15 industry. As the industry prepares to (Intel® AES-NI): hardware-accelerated percent with approximately 25 percent address threats with existing software- data and decryption, with lower design power (TDP) compared to based security solutions, Intel provides high levels of processing performance previous generation Intel processors a comprehensive range of security for secure and responsive user (source: Intel). Intel AES New Instructions capabilities built-in to hardware. These experiences. are supported on Intel® Core™ i5 and i7 security capabilities begin at the platform processors only. • Intel® Platform Protection Technology level and include protection of the BIOS, with BIOS Guard: hardware-assisted firmware, and platform hardware itself. authentication and protection against Intel’s platform security Intel takes a comprehensive approach BIOS recovery attacks. technologies are also designed to platform, software, and data security • Intel® Platform Protection Technology to complement comprehensive and readers should understand that with Platform Trust: integrated the platform technologies described in software security solutions from solution for credential storage and key this paper complement other security- McAfee* to protect systems management for Windows* 8. related components of Intel® vPro™ against attacks, viruses, and technology, including Intel® Active • Intel® Platform Protection Technology Management Technology (Intel® AMT)1, with Boot Guard: authenticated code malware, including providing Intel® Virtualization Technology (Intel® module (ACM)-based secure boot that security protection below the VT)2,and Intel® Trusted Execution verifies a known and trusted BIOS is operating system. Technology (Intel® TXT)3. Intel’s platform the platform. security technologies are also designed • Intel® Identity Protection Technology The architecture includes instructions to complement comprehensive software with Near Field (NFC): that offer full hardware support for security solutions from McAfee* designed identity protection for customers using AES. Four instructions support AES to protect systems against attacks, NFC enabled smartphone or smartcard encryption and decryption, and two other viruses, and malware, including providing in “Tap-and-Pay”, “Tap-to-Authenticate’, instructions support AES key expansion. security protection below the operating or “Tap-to-Connect“ use cases with their The instructions accelerate the execution system. For details about these Intel personal systems to securely access of AES algorithms by using hardware security technologies, please refer to the online services and e-commerce. to perform some of the performance resources section at the conclusion of this intensive steps of the AES algorithm. paper. A seventh instruction allows carry-less Intel’s platform security technologies Intel® Data Protection Technology multiplication. provide the foundation for protecting data with Intel® AES New Instructions The performance improvement that can integrity, availability and confidentiality. (Intel® AES-NI) be achieved with Intel AES-NI depends on Retailers can modify their existing Intel AES New Instructions refer to the the specific application and the proportion security solutions to take advantage of set of instructions available with the Intel of application time spent in encryption the hardware features of systems based 4th generation Intel Core processor family. and decryption. At the algorithm level, on Intel Core processors, or they can The instructions enable rapid and secure using Intel AES-NI can provide a significant use software solutions that have been data encryption and decryption based on speedup of AES. For non-parallel modes optimized for use with Intel’s hardware- the Advanced Encryption Standard (AES) of AES operation such as CBC-encrypt, based security capabilities, giving them as defined by FIPS Publication No. 197. Intel AES-NI can provide a 2-3 fold gain in hardware-enhanced security. AES is currently the dominant block cipher performance over a completely software used in various protocols, and the new This paper provides an overview of the approach. For parallelizable modes such instructions are valuable for a wide range hardware-based security technologies as CBC-decrypt and CTR, Intel AES-NI can of applications. Although the instructions enabled by 4th generation Intel Core provide a 10x improvement over software were first introduced in 2010 with Intel® processors that can help address security solutions (source: Intel). Performance microarchitecture formerly code-named threats in retail: improvements apply to typical AES ‘Westmere,’ the 4th generation Intel Core

2 Intel® Hardware-based4th generation Intel®Security Core™ Technologies Processors for Intelligent Retail Devices

implementations, including standard key lengths, standard modes of operation, and even some nonstandard or future variants. Retail use case: disk encryption protects data against theft, without compromising system performance AES instructions also provide important Disk encryption using Intel® AES New Instructions (Intel® AES-NI) can be security benefits. By running in data- applied to all retail devices including POS terminals, kiosks, mobile POS devices, independent time and not using tables, interactive vending machines, ATMs, and interactive digital signage. These they help to eliminate the major timing devices store data related to software, content relating to advertisers, and and cache-based attacks that can threaten user data. Disk encryption is used to protect this valuable data. In some table-based software implementations devices, advertising content continuously plays in the background while it of AES. The instructions also simplify AES acquires new data relating to anonymous viewer demographics. Kiosks in malls, implementation by reducing code size airports, and train stations handle customer logins and process transaction- and reducing the risk of accidentally related data. introducing security flaws. Because Intel AES-NI perform the decryption Information is continuously being fed into the system while the device and encryption completely in hardware continues to display user-friendly advertising and informational content, which without the need for software lookup places heavy processing demands on the system. Moving disk encryption tables, Intel AES-NI can lower the risk of to hardware using Intel AES-NI can reduce the software application-based side-channel attacks. workload while simultaneously providing more security.

Intel® Platform Protection Technologies Intel® Platform Protection Technology To avoid detection, attackers are now likely that BIOS update vulnerabilities with BIOS Guard digging deeper into the platform. will continue to be exploited in the future. Vulnerabilities in System Management For this reason, platform security begins A device’s BIOS is contained in a privileged Mode (SMM) and System Management with the BIOS. space that is invisible to anti-virus Interrupt (SMI) handlers have been software. In addition, malware infecting identified. The complexity of SMM Intel® Platform Protection Technology BIOS remains persistent, and it does not hardware and software makes it very with BIOS Guard, a new feature on go away even after a cold boot.

3 Intel® Hardware-based Security Technologies for Intelligent Retail Devices

4th generation Intel Core processors Intel® Platform Protection Technologies (U-series), ensures that updates to system RETAIL USE CASE: Intel® Platform Trust technology (Intel® BIOS flash and Embedded Controller hardware-assisted PTT) is a platform functionality for (EC) flash are secure. BIOS updates are authentication protects credential storage and key management cryptographically verified by the BIOS against unauthorized used by 8. It supports Guard module, using a protected agent BIOS updates Windows 8 secure and measured boot running in AC-RAM (Authenticated Code BIOS Guard helps to ensure and supports all the Microsoft mandatory RAM), to perform authentication and that connected retail systems commands for updating of flash control hardware. are updated only with correct (TPM) 2.0 v.0.88. It is an integrated For EC updates, BIOS Guard employs early firmware provided by the device solution in the Intel® Management Engine BIOS POST provisioning of a random secret manufacturer. Retail devices are for 4th generation Intel Core processors that is shared between the CPU and the customized with OEM specific for ultra-low TDP (ULT) platforms. information in addition to the EC. The BIOS Guard module uses this value This integrated solution provides a retailer’s proprietary data. to identify itself to the EC, which will secure trust element to meet Windows Unauthorized access to devices reject all protected operations without 8 Connected Standby (CS) requirements allows hackers to attack a this identification. with reduced power consumption in system. Each protected component of a BIOS Guard ultra-low power state S0iX environments. protected BIOS update is cryptographically POS terminals, interactive Functional integration reduces BOM cost signed by the device manufacturer, vending machines, and ATMs are and board real estate requirements. typically serviced by a variety checked, or signed and checked, before Intel Platform Protection Technology of technicians, and OEMs need it is allowed to update a system. BIOS with Boot Guard technology works with to ensure that only authorized Guard helps ensure that malware stays Intel PTT, reducing the complexity of the personnel are allowed to out of the BIOS by blocking all software- Windows 8 boot process and meeting update the device’s BIOS or based attempts to modify protected BIOS all Windows 8 requirements. Boot EC. BIOS Guard will ensure that without the platform manufacturer’s Guard protects against boot block-level only OEM-authorized BIOS and authorization. malware and provides an added level of firmware is updated, regardless hardware-based platform security to As shown in Figure 1, BIOS Guard of who performs the update. addresses SMM vulnerabilities by prevent repurposing of the platform to run strengthening the update trust boundary. unauthorized software. The technology

Figure 1

BIOS Guard runs in OEM signed SMM Based updated package AC-RAM for this function Updated Trust Boundary

All BIOS until View early BIOS SMI handler SMM lockdown BIOS SMM Enable-able only by BIOS Guard BIOS Guard enforced by HW update agent

Flash control BIOS Guard Based hardware Updated Trust Boundary

View early BIOS BIOS Guard module SPI Flash

4 Intel® Hardware-based4th generation Intel®Security Core™ Technologies Processors for Intelligent Retail Devices

is rooted in a protected hardware Intel® Identity Protection with interactive devices. Intel IPT is an infrastructure and is designed to prevent Technology with NFC integrated chipset-based security feature the execution of an unauthorized boot Originally designed for desktop, notebook, that introduces security by isolating the block. An Authenticated Code Module and ™ devices, Intel® Identity data received by NFC from the operating (ACM) is provided by Intel and signed Protection Technology (Intel® IPT) is now system. Intel’s solution adds value by to the hardware. When invoked by the available in intelligent retail devices based introducing an integrated secure element processor on platform reset it executes in on 4th generation Intel Core processors. in the chipset within the retail device. protected AC-RAM space. Intel IPT is suite of four technologies: Boot Guard covers three configurable boot One Time Password, Protected types: Transaction Display, Embedded PKI and Retail use case: identity Near Field (NFC). The protection for retail • Measured Boot measures the Initial Boot identity protection technologies address customers using smart Block (IBB) into the platform protected identity theft by introducing a second cards and smartphones storage device such as Trusted Platform factor of authentication that relies ‘Tap-to-Connect’ with a retail Module (TPM) or Intel PTT. on a tamper resistant area within the device using a smartphone • Verified Boot cryptographically verifies intelligent hardware. is becoming a popular way the platform IBB using the boot policy This paper introduces Intel IPT with NFC for customers to use their key. as an identity protection solution for smartphones to download customers using the “Tap-and-Interact” electronic coupons from digital • Measured +Verified Boot measures and signage in an airport or mall, verifies the IBB. use case to interact with a digital sign, vending machine, and other devices. For obtain movie tickets, get loyalty details about other IPT technologies, information in stores, check-in please refer to the resources section at to transit venues, and perform the conclusion of this paper. non-payment transactions using Retail use case: an a broad range of interactive authenticated code module devices. (ACM) verifies that a known NFC is a short-range wireless and trusted BIOS is booting communication technology with a protocol With current NFC usage models, the platform for peer-to-peer data exchanges between downloading user identity data Boot Guard technology addresses two endpoints. The current usage model from a smartphone is processed the threat of viruses and malware for NFC enables customers to connect to by the OS-based application by ensuring that only authorized a device to interact, exchange data, check- running on the intelligent device. firmware and an authorized in, set up a transaction, scan devices, and Malware may be able to hack the operating system are running on pay for a product by tapping their NFC- system and retrieve the user’s the system. enabled smart card or smartphone against identity. a NFC sensor in a retail device, then In mobile POS (mPOS) devices complete the transaction, with positive Intel® Identity Protection running Windows 8, using Boot identity confirmation protected through Technology (Intel® IPT) with NFC Guard technology reduces BOM cryptographic binding. All this is done changes this paradigm. After a cost by avoiding the need for a through a software application running on user taps to connect using their discrete trusted platform module the OS. smartphone, the information is while providing the same level of transferred to Intel® Management security through measured and Intel IPT includes similar use cases for Engine (Intel® ME) on the retail verified boot. NFC such as “Tap-to-Pay” and “Tap-to- device. Intel IPT introduces Authenticate” capabilities which enable protection of data received by users to securely access online resources NFC by isolation. The OS is not and e-commerce payments simply tapping aware of data used in transaction, their smart card on their NFC-enabled preventing potential malware PC. Intel IPT use case for NFC as “Tap and from gaining access to the Interact” allows secure interaction customer’s identity information.

5 WhiteIntel® Hardware-basedPaper Title Placeholder Security Here Technologies for Intelligent Retail Devices

Conclusion Intel® Identity Protection Technology Intelligent systems require smart security, Hardware-enhanced security, enabled and Intel provides essential security in 4th generation Intel Core processors, Role of NFC in the future of Digital Wallet technologies for platforms, software, and means that powerful security mechanisms Developers, NFC, and the Ultrabook™: data. are built-in to every intelligent device What this Technology Can Do for Your App based on Intel architecture, providing a Intel’s approach to security in intelligent Technology Brief: Intel® Identity Protection foundation of security for intelligent retail retail devices begins at the platform Technology devices and applications. level, with hardware-based security capabilities built-in to 4th generation Intel Resources Intel® Platform Protection Technology Core processors. Integrating security Intel® Data Protection Technology with Intel® Contact your Intel representative for more functionality on the platform, beginning AES New Instructions (Intel® AES-NI) information. with the protection of the BIOS, firmware, and platform hardware itself, creates Intel® Advanced Encryption Standard New Other Intel® Technologies a strong foundation for protecting Instructions (Intel® AES-NI) Enhanced Data Protection with intelligent retail devices against security Intel® AES New Instructions (Intel® AES-NI) Hardware-Assisted Security threats. Hardware-based security works with existing software-based security Accelerate McAfee Endpoint Encryption* with Intel® Active Management Technology Intel® AES New Instructions (Intel® AES-NI) solutions, which can be modified to take Intel® Trusted Execution Technology advantage of the hardware features of Intel® Data Protection Technology with Secure systems based on Intel Core processors. In Key (Digital Random Number Generator [DRNG]) Intel® Virtualization Technology addition software solutions from third- Intel® Anti-Theft Technology party vendors have been optimized for use with Intel’s hardware-based security capabilities. Software McAfee* Embedded Control Provides ‘White Listing’ Capabilities to Enhance Virus and Malware Security

1 Requires activation and a system with a corporate network connection, an Intel® Active Management Technology (Intel® AMT)-enabled chipset, network hardware, and software. For notebooks, Intel AMT may be unavailable or limited over a host OS-based VPN, when connecting wirelessly, on battery power, sleeping, hibernating, or powered off. Results dependent upon hardware, setup, and configuration. For more information, visit www.intel.com/technology/vpro/index.htm. 2 Intel® Virtualization Technology (Intel® VT) requires a computer system with an enabled Intel® processor, BIOS, virtual machine monitor (VMM) and, for some uses, certain platform software enabled for it. Functionality, performance, or other benefits will vary depending on hardware and software configurations and may require a BIOS update. Software applications may not be compatible with all operating systems. Please check with your application vendor. 3 No computer system can provide absolute security under all conditions. Intel® Trusted Execution Technology (Intel® TXT) requires a computer with Intel® Virtualization Technology, an Intel TXT-enabled processor, chipset, BIOS, Authenticated Code Modules, and an Intel TXT-compatible measured launched environment (MLE). Intel TXT also requires the system to contain a TPM v1.s. For more information, visit www.intel.com/content/www/us/en/data-security/security-overview- general-technology.html. INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL® PRODUCTS. NO LICENSE, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, TO ANY INTELLECTUAL PROPERTY RIGHTS IS GRANTED BY THIS DOCUMENT. EXCEPT AS PROVIDED IN INTEL’S TERMS AND CONDITIONS OF SALE FOR SUCH PRODUCTS, INTEL ASSUMES NO LIABILITY WHATSO- EVER, AND INTEL DISCLAIMS ANY EXPRESS OR IMPLIED WARRANTY, RELATING TO SALE AND/OR USE OF INTEL PRODUCTS INCLUDING LIABILITY OR WARRANTIES RELATING TO FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, OR INFRINGEMENT OF ANY PATENT, COPYRIGHT OR OTHER INTELLECTUAL PROPERTY RIGHT. UNLESS OTHERWISE AGREED IN WRIT- ING BY INTEL, THE INTEL PRODUCTS ARE NOT DESIGNED NOR INTENDED FOR ANY APPLICATION IN WHICH THE FAILURE OF THE INTEL PRODUCT COULD CREATE A SITUATION WHERE PERSONAL INJURY OR DEATH MAY OCCUR. Intel may make changes to specifications and product descriptions at any time, without notice. Designers must not rely on the absence or characteristics of any features or instructions marked “reserved” or “undefined.” Intel reserves these for future definition and shall have no responsibility whatsoever for conflicts or incompatibilities arising from future changes to them. The information here is subject to change without notice. Do not finalize a design with this information. The products described in this document may contain design defects or errors known as errata which may cause the product to deviate from published specifications. Current characterized errata are available on request. Contact your local Intel sales office or your distributor to obtain the latest specifications and before placing your product order. Copies of documents which have an order number and are referenced in this document, or other Intel literature, may be obtained by calling 1-800-548-4725, or by visiting Intel’s Web site at www.intel.com. Copyright © 2013 Intel Corporation. Intel, the Intel logo, Intel Core, Intel vPro and Ultrabook are trademarks of Intel Corporation in the U.S. and/or other countries. *Other names and brands may be claimed as the property of others. Printed in USA 0513/BR/ICMCRC/PDF Please Recycle 328987-001US