Enhancing McAfee Endpoint Encryption * Software With Intel AES-NI Hardware- Based Acceleration

SOLUTION BLUEPRINT

IT SECURITY MANAGEMENT

Enhancing McAfee Endpoint

Encryption

*

Software

With Intel® AES-NI

Hardware-Based Acceleration

Industry

IT security management across industries

Business Challenge

End the breach of condential corporate or customer data, which can result in loss

of intellectual property, industry and legal noncompliance penalties, and more

Technology Solution

McAfee Endpoint Encryption Software with Intel® AES New

Instructions (Intel® AES-NI)

BUSINESS AND SOLUTION DETAILS

MEETING MARKETPLACE DEMANDS

Organizations are under increasing pressure to protect sensitive data and minimize the risk of data breaches. Global regulations protecting personally identiable information (PII) are becoming more strin-gent and breaches more costly to organizations that fail to comply. In addition, valuable intellectual prop-erty (IP) that holds competitive advantage is also under risk of loss, theft, or unauthorized access. Encryption is one of the best solutions to protect valuable data on endpoints by making the en-crypted data unreadable by unauthorized parties.

McAfee and Intel optimize full-disk encryption by adding hardware-based acceleration to software-based encryption. This gives organizations the benets of both increased performance and security.

BUSINESS CHALLENGE

If organizations have valuable IP- and/or compliance-related data, it’s a target for theft.

Laptop computers have historically been a major source of sensitive data loss and leakage due to the mobility, large storage capacity, and database access capabilities of PCs. To help protect the vast amounts of digital data on these endpoints, companies deploy managed full-disk encryption to auto-matically secure all data on the laptop from unauthorized access.

Intellectual capital (e.g., patented technology, trade secrets, and proprietary data) makes up a majority of a company’s value, so it makes sense to protect access to it, especially on mobile endpoints. For compliance-related data, when a PC with managed encryption is lost or stolen, it’s generally not considered to be a breach event because the data is unusable, unreadable, or indecipherable to unau-thorized individuals. Without encryption or proof of protection through managed encryption, the biggest security concern is the possibility of a data breach. The breach of condential corporate or customer data can result in loss of intellectual property, industry and legal noncompliance penalties, and more.

SOLUTION OVERVIEW

Intel® AES-NI acceleration speeds all AES encryption operations, making full-disk encryption even faster. Working with McAfee Endpoint Encryption for PCs, which has unique native support for Intel AES-NI, provides key benets:

• Reduced end user logon times • Faster resume from hibernate • Faster initial hard disk encryption • Decreased file save times

Solution Blueprint:

Enhancing McAfee

Endpoint Encryption

Software With Intel®

AES-NI

Hardware-Based Acceleration

McAfee Endpoint Encryption for PCs protects valuable data on laptop and desktop computers with full-disk encryption and strong access control. McAfee ePolicy Orchestrator* provides robust, central-ized management and proof of protection.

From a single console, McAfee ePolicy Orchestrator delivers centralized deployment and management, shared policies, policy administration, password recovery, monitoring, auditing, reporting, and proof of protection. McAfee ePolicy Orchestrator is also the same management infrastructure for a wide range of McAfee data protection, endpoint, and security solutions. This provides customers with ease of management, consistent protection, and lower TCO.

McAfee and Intel optimize full disk encryption by adding hardware-based Intel AES-NI acceleration to McAfee software-based encryption.

SOLUTION ARCHITECTURE

Intel AES-NI is built into the processor. McAfee Endpoint Encryption for PCs automatically detects its presence and uses it if it is available. No configuration is required by the end user or the administrator. Intel AES-NI is a set of new instructions included in the Intel® Core® processor family (codenamed Westmere) or newer. This speeds up execution of the AES encryption/decryption algorithms.

To be clear, Intel AES-NI doesn’t implement the entire AES application. Instead, it accelerates just parts of it. This is important for legal classication purposes because encryption is a controlled technology in many countries. Intel AES-NI adds six new AES instructions, four for encryption and decryption, one for the mix column, and one for generating next-round text. These instructions speed up the AES op-erations in the rounds of transformation and assist in the generation of the round keys.

Intel NI also includes a seventh new instruction: CLMUL. This instruction could speed up the AES-GCM and binary elliptical curve cryptography (ECC) and assists in error correcting codes, general-pur-pose cyclic redundancy checks (CRCs), and data de-duplication. It particularly helps in carryless multiplication, also known as binary polynomial multiplication. This is the mathematical operation of computing the product of two operands without generating or propagating carries. Such

multiplica-TECHNOLOGY

Figure 1. Resume from Hibernate (HDD) Times

Users can feel the speed bene-ts provided by Intel AES-NI during everyday activities like resuming from hibernation (Figure 1).

Encryption with Intel® AES-NI

Standard Encryption

No Encryption

Time 0 10 20 30 40 50 (Seconds)

tions are an essential step in computing multiplications in binary Galois elds. Intel AES-NI includes Intel’s carryless multiplication instruction. Algorithms can use CLMUL to compute the Galois Hash, the underlying computation of the GCM. CLMUL speeds up execution of GCM by computing the carryless multiplication of two 64-bit operands.

Figure 2. Physical Implementation

Figure 2 shows four of the new instructions at work encrypting and decrypting rounds from a 128-bit plain text to 128-bit cipher text and vice versa. During each round, there are two instructions that as-sist in generating the follow-on key. The AESENC instruction encrypts each round and AESENCLAST encrypts the last round. In reverse (decryption), AESDEC decrypts each round and AESDECLAST de-crypts the last round. Another instruction, AESIMC, does the mix column operation for each round and AESKEYGENASSIST generates the next key. The keys can be 128-, 192-, or 256-bit. Remember, all these computations are being done by the hardware, providing a signicant speedup: 4x in CBC en-crypt in serial mode and more than 14x in parallel modes of operation.

Besides the performance benet of Intel AES-NI, its execution of instructions in hardware provides some additional security in helping to prevent software side-channel attacks. Software side channels are vulnerabilities in the software implementation of cryptographic algorithms. They emerge in multi-ple processing environments (multimulti-ple cores, threads, or operating systems). Cache-based, software side-channel attacks exploit the fact that software-based AES has encryption blocks, keys, and

running on the platform could seed the cache, run cryptographic operations, and then time specially-crafted memory accesses to identify changes in the cache. From these changes, the attack could de-termine portions of the cryptographic key value. For example, by measuring the time it takes for a given cryptographic operation, an attacker might be able to determine that the uppermost bit of a key is a “0.” Knowing that, single-bit cuts in half the key space that must be searched to identify the com-plete key value. More effective side-channel attacks reduce the key space signicantly (i.e., they may identify half the bits in the key).

Since Intel AES-NI is hardware based, it has no need for lookup tables and the encryption blocks are executed in hardware within the microprocessor. This enables implementations of AES that use Intel AES-NI to address software side-channel attacks. These instructions also make AES simple to imple-ment, with reduced code size. This helps to reduce the risk of inadvertently introducing security aws such as hard-to-detect side channel leaks. Also, the acceleration provided by Intel AES-NI can allow the system to execute larger key sizes, making data transfers more secure.

Every company needs encryption to protect IP- or compliance-related data. Generally, companies that are externally required to protect compliance data (e.g., nancial, customer or employee data) are a good place to start. Companies with valuable IP like proprietary data and patents also need encryption. Endpoint encryption is most often handled by chief information security ofcer (CISO) and chief infor-mation ofcer (CIO) organizations. These organizations report into senior-level executives who focus on data security and compliance on endpoints within an organization.

McAfee Endpoint Encryption for PCs prevents unauthorized access and renders sensitive data unread-able and useless in the event of device loss or theft. Most companies don’t want to use encryption— but to protect business data, they must. That’s why it’s important to provide organizations with high-performance encryption that’s easy to use and manage.

To learn more about Intel AES-NI, visit www.intel.com.

To learn more about McAfee Endpoint Encryption, visit www.mcafee.com.

MARKET SEGMENT AND VALUE PROPOSITION

Sources:

“Securing the Enterprise with Intel® AES-NI” (Intel Corporation, March 2010).

“McAfee, Inc. Endpoint Encryption Delivers True Common Management for Endpoint Security and Data Protection “ (McAfee Corporation, October7, 2009).

“McAfee Endpoint Encryption” (McAfee Corporation, 2011).

Intel® AES-NI requires a computer system with an AES-NI enabled processor, as well as non-Intel software to execute the instructions in the correct se-quence. AES-NI is available on select Intel® processors. For availability, consult your reseller or system manufacturer. For more information, see http://software.intel.com/en-us/articles/intel-advanced-encryption-standard-instructions-aes-ni/

Intel, Intel Core, and the Intel logo are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries.

*Other names and brands may be claimed as the property of others.

Copyright © 2011 Intel Corporation

INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL PRODUCTS. NO LICENSE, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTH-ERWISE, TO ANY INTELLECTUAL PROPERTY RIGHTS IS GRANTED BY THIS DOCUMENT. EXCEPT AS PROVIDED IN INTEL'S TERMS AND CONDITIONS OF SALE FOR SUCH PRODUCTS, INTEL ASSUMES NO LIABILITY WHATSOEVER AND INTEL DISCLAIMS ANY EXPRESS OR IMPLIED WARRANTY, RELATING TO SALE AND/OR USE OF INTEL PRODUCTS INCLUDING LIABILITY OR WARRANTIES RELATING TO FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABIL-ITY, OR INFRINGEMENT OF ANY PATENT, COPYRIGHT OR OTHER INTELLECTUAL PROPERTY RIGHT.

UNLESS OTHERWISE AGREED IN WRITING BY INTEL, THE INTEL PRODUCTS ARE NOT DESIGNED NOR INTENDED FOR ANY APPLICATION IN WHICH THE FAILURE OF THE INTEL PRODUCT COULD CREATE A SITUATION WHERE PERSONAL INJURY OR DEATH MAY OCCUR.

Intel may make changes to specications and product descriptions at any time, without notice. Designers must not rely on the absence or characteristics of any features or instructions marked "reserved" or "undened". Intel reserves these for future denition and shall have no responsibility whatsoever for conicts or incompatibilities arising from future changes to them. The information here is subject to change without notice. Do not nalize a design with this information.

Software and workloads used in performance tests may have been optimized for performance only on Intel microprocessors. Performance tests, such as SYSmark and MobileMark, are measured using specic computer systems, components, software, operations and functions. Any change to any of those factors may cause the results to vary. You should consult other information and performance tests to assist you in fully evaluating your contemplated pur-chases, including the performance of that product when combined with other products. For more information go to http://www.intel.com/performance.

The products described in this document may contain design defects or errors known as errata which may cause the product to deviate from published specications. Current characterized errata are available on request.

Contact your local Intel sales ofce or your distributor to obtain the latest specications and before placing your product order.

Copies of documents which have an order number and are referenced in this document, or other Intel literature, may be obtained by calling 1-800-548-4725, or go to: http://www.intel.com/design/literature.htm