Intel starts preaching about security
EE Times Print By Craig Matsumoto
(01/21/99, 3:27 p.m. EDT)
SAN JOSE, Calif. Convinced that encryption and network security will be required to realize the dream of connecting PCs worldwide, Intel Corp. will begin incorporating security features into its hardware. The company's first steps, outlined at the RSA'99 conference of RSA Data Security Inc., will be a unique ID number for every Pentium III microprocessor that Intel ships, and the ability to generate purely random numbers in hardware.
Much as the company encouraged the development of sophisticated graphics applications on the PC, it plans to prod the industry to develop ubiquitous security across a PC-based network. That's a relatively recent push within Intel, driven by the realization that its vision of connecting PCs worldwide could never work without ways to secure those networks, said Patrick Gelsinger, vice president of Intel (Santa Clara, Calif.).
Intel will discuss its encryption plans with the press in a briefing today (Jan. 21), but an Intel spokesman contended that the company hasn't fleshed out its specific plan for wielding the RSA technology. "Certainly nothing's solidified," he said.
"Intel is covering its bases," said Albert Pang, electronic commerce analyst with International Data Corp. (Mountain View, Calif.). "They realize this is something they can't overlook." Banks, for example, are "one of the major spenders" in technology, and they could scale back their networking plans if they aren't satisfied with advances in security, he said.
Intel joins the fray armed with a cross-licensing agreement with encryption specialist RSA Data Security (San Mateo, Calif.). RSA's announcement of the agreement with Intel earlier this week led to speculation that Intel would build its own encryption chip or add encryption functions to the PC core logic, but both perceptions were "just wrong," the Intel spokesman said.
On the surface, it appears that Intel would prefer to help define the road map for existing encryption companies rather than consume their markets. Some vendors had been pre-briefed about Intel's security plans and were confident that Intel's interest would help drive the growing market for PC and network security.
"It's not out of compassion" that Intel shares this information, said Shawn Abbott, chief technical officer for Rainbow Technologies Inc. (Irvine, Calif.), a vendor of encryption hardware and hardware-based security. Rather, Intel realizes it can't do all the legwork itself and instead turns to established industry players to become allies, he said. But he conceded that Intel's presence looms large: "Without disclosure six months ago, this would have been a very
"Just like every software company's looking over their shoulder at Microsoft, every silicon company's looking at Intel," said Bob Monsour, vice president of marketing for encryption-chip vendor Hi/fn Inc. (Los Gatos, Calif.).
Still, he didn't see Intel as an immediate threat, partly because Intel can't yet replace networking security everywhere. Even if Intel were to handle all encryption inside the PC, corporations would need other vendors to secure the surrounding network. "We're still at least five years off from having security be truly transparent, end-to-end, from my PC and my LAN to your PC and your LAN," Monsour said.
Pang, for one, agreed that Intel was unlikely to muscle in on the security business, which increasingly consists of middleware and client-server software applications more than raw encryption. "Fundamentally, Intel is a chip vendor, so they're not going to go after the security business," Pang said. "They just want these chips to be as fully featured as possible. Security is one of these areas people have been talking about for a long time."
Also not threatened by Intel's moves so far is the Microsoft Corp. initiative, also outlined at RSA, to add security features to Windows 2000. "We work with Microsoft as we work with everybody," the Intel spokesman said. Intel's hardware enhancements will support Microsoft's Crypto API as well as RSA's security framework and Intel's own Common Data Security Architecture effort, Gelsinger said.
Intel's plan, outlined by Gelsinger in a keynote speech yesterday (Jan. 20), is to add security functions not necessarily encryption to every part of the PC, including the CPU, core logic and motherboard.
That doesn't necessarily mean Intel's chips will handle all encryption and security themselves, the Intel spokesman said. Such a move wouldn't be practical anyway, he said, because varying international encryption controls would prevent such chips from being shipped worldwide. Intel has not yet made any changes to BIOS to add security features there, he said.
Intel will be adding features to the hardware that security applications can exploit, and not all of the features will directly involve cryptography. "The idea is that the cumulative total of these features increases the security of the system," he said.
For starters, Intel will burn a unique, secret identification number into every Pentium III that will ship. (While Gelsinger used the term "serial number," Abbott pointed out that the numbers can't be literally serial, or they wouldn't be secret.) Applications for the number could range from authenticating the PC and user during network communications to registering individual machines for software. "We have some 30-plus applications that have committed to take advantage of this," Gelsinger said.
Because the ID number also could be a privacy threat, Intel plans to allow end users to block transmission of the number, reportedly through a software patch.
For companies that sell into corporate networking environments, the ID number is a long-awaited relief.
"We had dreamed of having a 'serial number' on the motherboard," Abbott said. Previous efforts to tack some kind of unique identification to a PC, through hardware or even through the operating system, had come up empty "Intel is the only one that could make this happen," Abbott said.
Additionally, Intel plans to provide a hardware-based random-number generator in every PC. The flaw in computer-generated pseudorandom numbers is that they fall in deterministic sequence; each "random" number is calculated based on its predecessor, making cycles and subtle patterns inevitable. Truly random numbers can only be gathered through physical phenomena, such as radioactive decay or, in Intel's case, thermal noise.
Chances are, the hardware random-number generator will be used to select a "seed," or starting point, for an application's pseudorandom generator. This is because pseudorandom numbers are good enough in many cases; the problem is simply that an obvious seed is chosen, usually based on the date.
Intel's move could boost the security industry by reducing the additional cost for security, Abbott noted. He recalled Rainbow's short experiment with smart-card-based security: the company showed a prototype system to banks only to be rejected due to the cost of the card reader banks wouldn't even adopt the system if the cards came free, he noted.
Intel officials declined to explain any future security enhancements being planned. It's possible they would take the form of extension-set instructions, in the same way that MMX was installed as a multimedia aid. "I've heard people say they might do something similar with RSA," Monsour said.
Intel: We won't track ID chips PC chip giant says it's walking on glass
over the privacy considerations of new processor ID scheme.
By Robert Lemos, ZDNN
January 21, 1999 5:49 PM PT
Calif. -- Addressing privacy concerns, Intel Corp. stated Thursday it was being extremely careful in implementing its new processor ID number scheme.
The plan was announced Wednesday at the RSA Data Security conference in San Jose, Theand more details were given in a technology briefing here on Thursday. As part of its new initiative to create a connected world of trusted PCs, Intel has incorporated a number security initiatives, including a number generator and marking electronically every processor with a unique serial number. "Our customers, application vendors and OEMs have been asking for [these serial numbers] for years," said Pat Gelsinger, vice president and general manager of Intel's desktop platform division.
Yet, as reported by ZDNN early Wednesday, privacy advocates voiced reservations about the new technology.
"The application is a double-edged sword," said Barry Steinhardt, associate director and privacy expert at the American Civil Liberties Union in an interview. "On the one hand, it offers more security -- for e-commerce and information security. As a pure privacy issue, it allows for tracking individuals on the Net."
Gelsinger addressed privacy concerns in Thursday's briefing.
The Intel exec said the PC chip giant was walking on glass when it came to privacy considerations with its new processor ID scheme. "We won't keep a database of [the numbers] and we won't track them," he said. "We are not keeping those processor numbers in any form at all."
Gelsinger added that the new initiative would not be used to combat illegal overclocking and chip theft -- two possible uses for the technology. Instead, applications vendors and Web sites can use the numbers to link a PC with a user's identity, thereby doubly ensuring the customer is who they say.
Intel also talked about its random number generator -- another security feature, which will be included in the chips for future PCs starting with Intel's next generation Pentium III. The generator will use thermal noise -- random signals affecting all silicon components -- to create truly random numbers.
"We will not use this to create new security technology," said Gelsinger, "but to make today's software more secure."
Random numbers are necessary for strong encryption -- a way of securing data from viewing by unintended audiences. The new feature will be included somewhere on the motherboard, said Gelsinger, not necessarily in the actual processor.
Another security feature slated for the next generation of Intel architecture is the Internet security protocol IPSec, which will be highlighted at the Intel Developers Forum in late February.
The PC chip giant also discussed its bi-annual efforts to shrink its processors. The next-generation of technology is known as 0.18-micron manufacturing. The new process will shrink processors to half the size they would require using today's 0.25-micron technology, and should be used to create processors due out later this year.
Intel plans to first use the technology to make processors for notebook computers.