Presentation is loading. Please wait.

Presentation is loading. Please wait.

Systems Architecture Microsoft BitLocker -> securing data on mobile devices Johannes Marotzke 21.05.2008.

Published byMelvin Douglas Modified over 7 years ago

Similar presentations

Presentation on theme: "Systems Architecture Microsoft BitLocker -> securing data on mobile devices Johannes Marotzke 21.05.2008."— Presentation transcript:

1 Systems Architecture http://sar.informatik.hu-berlin.de Microsoft BitLocker -> securing data on mobile devices Johannes Marotzke 21.05.2008

2 2 May 2006 - 2 Systems Architecture http://sar.informatik.hu-berlin.de Overview  What is BitLocker?  What encryption is being used?  The Diffuser  AES-CBC + Diffuser  What about performance?  Requirement  What is a TPM?  Bitlocker Configurations and risks - TPM, USB, TPM + PIN, TPM + USB  Encryption File System - concept  BitLocker + EFS  References

3 3 May 2006 - 3 Systems Architecture http://sar.informatik.hu-berlin.de What is BitLocker? -Bitlocker Drive Encryption is a data protection Feature integrated in Windows Vista Ultimate and Windows Server (Enterprise) -Features full-volume encryption -Designed for use with compatible Trusted Platform module (TPM) -Provides recovery mechanism -Supports possible configurations: -Bitlocker with TPM -Bitlocker with USB -Bitlocker with TPM and PIN -Bitlocker with TPM and USB Device

4 4 May 2006 - 4 Systems Architecture http://sar.informatik.hu-berlin.de What encryption is being used? -Bitlocker uses the Advanced Encryption Standard (AES) -Which is a widely used symmetric block cipher (works on fixed blocks) -the AES in Cipher-block chaining mode (CBC) – by IBM 1976 -Each block of plaintext is XORed with the previous ciphertext block -BitLocker provides 128 Bit or 256 Bit Key Encryption -Bitlocker features also the Elephant-Diffuser -Instead writing the data in sequential order to the hard- disk, the data is put more randomly on the hard-disk through the diffuser

5 5 May 2006 - 5 Systems Architecture http://sar.informatik.hu-berlin.de The Diffuser -Diffuser? What for? -An attacker could manipulate cipher text to achieve a none random output in the plaintext -Watching cipher text changes during boot, exploiting those sectors through changing them and look at the effects -Creating meaningful plaintext changes through cipher text changing could lead to security holes -The diffuser diffuses the data in a random way to make manipulation attacks harder -AES-CBC + Diffuser gives better poor-mans protection -And if the diffuser algorithm gets broken there is still AES-CBC

6 6 May 2006 - 6 Systems Architecture http://sar.informatik.hu-berlin.de AES-CBC + diffuser -Block size can be anything between 512-8192 (any power of 2) -Plaintext is XORed with a sector key -> Plaintext runs through 2 un-keyed diffuser -> Plaintext is encrypted with AES-CBC -The sector key and the AES-CBC key are independent keys -(256 + 256) lower keys are possible, which means unused bits (128)

7 7 May 2006 - 7 Systems Architecture http://sar.informatik.hu-berlin.de What about performace? -Usually slower performance for encrypted partitions then unencrypted.. -Estimated 20% loss -Microsoft Performance Requirement (Ferguson): -Typical Machine 3 GHz P4 CPU & Hard Disk 50MB/s -> 60 clock cycles available per Byte -Laptops 1GHz & Hard Disk not significantly slower -> 40-30 clock cycles -Decryption must be faster than the disk -BitLocker meets the Requirement of 30 cycles -128 Bit AES-CBC at 20 cycles per byte -Diffuser at 10 cycles per byte -5% loss on test-systems with AES-CBC +Diffuser

8 8 May 2006 - 8 Systems Architecture http://sar.informatik.hu-berlin.de Requirement -Only included in Windows Vista Ultimate and Enterprise -C: must be at least 50 GB NTFS of size -1.5 GB NTFS boot partition -TPM – Chip (1.2v) or USB – Stick -BitLocker can be activated after the system installation -BitLocker Drive Preperation Tool -> MS-Site -Leads through the configuration process -Set recovery key -Secures only system partition -Other partition could be secured through EFS (key in system partition secured through BitLocker)

9 9 May 2006 - 9 Systems Architecture http://sar.informatik.hu-berlin.de What is a TPM? -TPM a microchip designed to provide basic security functions involving keys -Can create keys and encrypt them, so only TPM can decrypt them (called “wrapping” or “binding”) -Each TPM has a master wrapping key -> Storage Root Key (SRK), never exposed to other components -A “wrapped” key can be tied to specific hardware or software conditions (called “sealing”) -By sealing a key TPM creates a snapshot of configurations and file hashes (Platform Configuration Register - PCR) -A key is released only if a snapshot and the system are identical

10 10 May 2006 - 10 Systems Architecture http://sar.informatik.hu-berlin.de BitLocker -Risks depending on possible configurations: -Bitlocker with TPM (min. v1.2) -Easiest to deploy, manage and use -Least user interaction -> least protection -Bitlocker with USB -No TPM, important combing with strong login -BitLocker retrieves key from USB -Bitlocker with TPM and PIN -Best option, no external token -More secure but loss of usability and manageability (also no PIN-backup) -Anti-hammering protection (time till retry) -Bitlocker with TPM and USB Device -USB at boot time and at hibernation

11 11 May 2006 - 11 Systems Architecture http://sar.informatik.hu-berlin.de BitLocker with TPM 1)BIOS initiates the TPM which creates a snapshot from the system - PCR PCR includes Master boot record (MBR), NTFS boot sector & boot block and the boot manager and other critical components 2)if PCR as expected, the TPM decrypts the volume master key(VMK) with the SRK 3)Full volume encryption key (FVEK) is read and decrypted with the VMK FVEK is indirect secured through the VMK 4)Disk sectors are decrypted with FVEK while they are accessed 5)Plaintext data is provided to applications and processed

12 12 May 2006 - 12 Systems Architecture http://sar.informatik.hu-berlin.de BitLocker with TPM - mitigated risks  Key discovery through offline attack - Location of encrypted FVEK know, attacker needs brute force attack - VMK encrypts FVEK, which is inside the TPM  Offline attacks against the operating system - Mitigated by the fact of attacker getting the SRK from the TPM - Or brute-force on the FVEK, also the diffuser mitigates attacks on ciphertext (changes will propagate over a large area)  Plaintext leaks through hibernation file - BitLocker encrypts the hibernation file  Plaintext leaks through system paging file - BitLocker encrypts the paging file  User error - Mitigated because BitLocker encrypts whole volume, so the user can not accidentally fail to encrypt important areas

13 13 May 2006 - 13 Systems Architecture http://sar.informatik.hu-berlin.de BitLocker with TPM - NOT mitigated risks  Computer left in hibernation - BitLocker does not change Key in hibernation, FVEK is available to the system - Through setting the system to prompt for a login after hibernation can mitigate this risk  Computer left in sleep(standby)mode - Same as hibernation, mitigate risk through login  Computer left logged on and desktop unlocked – watch out  Discover local/domain password – !!no further authentication!!  Insider can read encrypted data – known user/pass  Online attacks against the operating system - Unsealed volume is unprotected, inside system can be attacked  Platform attacks – system boots till logon, holds key (DMA)  Required authentication factor left with computer

14 14 May 2006 - 14 Systems Architecture http://sar.informatik.hu-berlin.de BitLocker with USB Device 1)OS starts and prompts for the USB stick containing the key 2)The VMK is decrypted with the key on the USB 3)The encrypted FVEK is read and decrypted with the decrypted VMK 4)Sectors are decrypted with the FVEK while accessed 5)Plaintext data is provided to applications and processed

15 15 May 2006 - 15 Systems Architecture http://sar.informatik.hu-berlin.de BitLocker with USB device - mitigated risks  Computer left in hibernation - BitLocker prompts for USB device after hibernation  Discover local/domain password – no use without USB  Insider can read encrypted data – not without USB  Key discovery through offline attack - Key from the USB encrypts the FVEK, only brute force (diffuser)  Offline attack against the operating system - brute-force on the FVEK, also the diffuser mitigates attacks on ciphertext (changes will propagate over a large area)  Plaintext leaks through hibernation file - encrypted  Plaintext leaks through system paging file - encrypted  User error – BitLocker encrypts all

16 16 May 2006 - 16 Systems Architecture http://sar.informatik.hu-berlin.de BitLocker with USB - NOT mitigated risks  Computer left in sleep(standby)mode - mitigate risk through login after sleep  Computer left logged on and desktop unlocked – watch out  Online attacks against the operating system - After providing USB - Unsealed volume is unprotected, inside system can be attacked  Platform attacks - system boots till logon with USB, system holds key (DMA) - Attacks against key possible  Required authentication factor left with computer - USB device left with the computer

17 17 May 2006 - 17 Systems Architecture http://sar.informatik.hu-berlin.de BitLocker with TPM and PIN 1)BIOS initiates TPM, PCR measurements are taken and the user is prompted for a PIN 2)VMK is decrypted by TPM using the SRK (if PCR ok and PIN ok) 3)FVEK read and decrypted by VMK 4)Sectors are decrypted with the FVEK while accessed 5)Plaintext data is provided to applications and processed

18 18 May 2006 - 18 Systems Architecture http://sar.informatik.hu-berlin.de BitLocker with TPM and PIN - mitigated risks  Computer left in hibernation - BitLocker prompts for PIN after hibernation  Discover local/domain password - PIN is still securing the access, no point in having the login/pass  Insider can read encrypted data - A user with an authorized domain can't access without the pin  Key discovery through offline attack - VMK is encrypted through SRK(inside TPM) and PIN  Offline attacks against the operating system - SRK & PIN are needed to decrypt the FVEK to access system files  Required authentication factor left with computer - PIN is non physical  hibernation file & paging file - encrypted  User error - BitLocker encrypts all

19 19 May 2006 - 19 Systems Architecture http://sar.informatik.hu-berlin.de BitLocker with TPM & PIN - NOT mitigated risks  Computer left in sleep(standby)mode - mitigate risk through login after sleep  Computer left logged on and desktop unlocked - As usual better not happens  Online attacks against the operating system - Active system does not prevent attacks from user  Platform attacks - Without PIN keys stay secure - If PIN at boot time has been given system boot till user logon screen at which point FVEK is inside the system - Attacking the memory might cause leak out of the key

20 20 May 2006 - 20 Systems Architecture http://sar.informatik.hu-berlin.de BitLocker with TPM and USB Device 1)BIOS initiates TPM, PCR measurements are taken 2)the user is prompted for the USB device with the BitLocker key 3)TPM uses SRK to decrypt a key which is combined with the key on the USB to decrypt the VMK 4)FVEK read and decrypted by VMK 5)Sectors are decrypted with the FVEK while accessed 6)Plaintext data is provided to applications and processed

21 21 May 2006 - 21 Systems Architecture http://sar.informatik.hu-berlin.de BitLocker with TPM & USB- mitigated risks  Computer left in hibernation - After hibernation USB is needed  Discover local/domain password - Still need USB  Insider can read encrypted data - Not without USB, only a domain login is not enough  Key discovery through offline attack - Without USB attacker must mount brute force attack  Offline attacks against the operating system - No USB no access, brute force attack to access key  hibernation file and system paging file are encrypted  User error – BitLocker encrypts all

22 22 May 2006 - 22 Systems Architecture http://sar.informatik.hu-berlin.de BitLocker with TPM & USB - NOT mitigated risks  Computer left in sleep(standby)mode - After sleep mode the system still holds the key - Mitigate risk through setting windows to prompt for login  Computer left logged on and desktop unlocked - Same as usual  Online attacks against the operating system - An attacker that causes normal boot can attack the system  Platform attacks - Having the system boot to windows login, the attacker can access memory which might lead to disclosure of the key  Required authentication factor left with computer - If the USB is left with the computer it is accessible

23 23 May 2006 - 23 Systems Architecture http://sar.informatik.hu-berlin.de Configuration Summary

24 24 May 2006 - 24 Systems Architecture http://sar.informatik.hu-berlin.de Encrypting File System (EFS)  ESF is a file system driver with file encryption available in windows 2000 and later (except xp home, vista home & basic)  File encryption based on user access - Which means file encryption is only as strong as the user password  File Encryption Key (FEK) - Only files are encrypted, below file system - An encrypted file is as such recognizable for all applications  ESF security risks - Decrypting files using the local administrator password - Access private key through password reset - Plaintext files are only deleted after encryption and not overwritten  Only on NTFS  EFS weakness results through the OS

25 25 May 2006 - 25 Systems Architecture http://sar.informatik.hu-berlin.de BitLocker EFS combination  EFS is a per-user encryption  BitLocker is a per-computer encryption  EFS is only as good as the system which controls the user access credentials  Combining BitLocker with EFS - BitLocker encrypts the whole volume, the keys and user credentials to access EFS protected files

26 26 May 2006 - 26 Systems Architecture http://sar.informatik.hu-berlin.de BitLocker and EFS – Risk Summary

27 27 May 2006 - 27 Systems Architecture http://sar.informatik.hu-berlin.de References  Data Encryption Toolkit for Mobile PCs: Security Analysis - http://www.microsoft.com/technet/security/guidance/clientsecurity/dataencryption/analysis/4e6ce820-fcac-495a-9f23-73d65d846638.mspx http://www.microsoft.com/technet/security/guidance/clientsecurity/dataencryption/analysis/4e6ce820-fcac-495a-9f23-73d65d846638.mspx  BitLocker Drive Encryption Overview - http://windowshelp.microsoft.com/Windows/en-US/help/6035e2fd-ee50-4b74-9bfb-6c27bb6bf2201033.mspx http://windowshelp.microsoft.com/Windows/en-US/help/6035e2fd-ee50-4b74-9bfb-6c27bb6bf2201033.mspx  SolutionBase: Follow these steps to secure your hard drive with Windows Vista BitLocker - http://articles.techrepublic.com.com/5100-10878_11-6162979.html http://articles.techrepublic.com.com/5100-10878_11-6162979.html  “AES-CBC + Elephant diffuser A Disk Encryption Algorithm for Windows Vista“, Niels Ferguson Microsoft - 2006

Download ppt "Systems Architecture Microsoft BitLocker -> securing data on mobile devices Johannes Marotzke 21.05.2008."

Similar presentations

Confidential 1 Phoenix Security Architecture and DevID July 2005 Karen Zelenko Phoenix Technologies.

Confidential 1 Phoenix Security Architecture and DevID July 2005 Karen Zelenko Phoenix Technologies.
Secure Storage.

Secure Storage.
Working with Disks and Devices

Working with Disks and Devices
Encrypting stored data

Encrypting stored data
Microsoft ® Official Course First Look Clinic Overview of Windows 8 By Ragowo Riantory, S.Kom, MCP.

Microsoft ® Official Course First Look Clinic Overview of Windows 8 By Ragowo Riantory, S.Kom, MCP.
Rambling on the Private Data Security

Rambling on the Private Data Security
Vpn-info.com.

Vpn-info.com.
Secure storage Papers AES-CBC + Elephant diffuser A Disk Encryption Algorithm for Windows Vista Niels Ferguson, Microsoft,

Secure storage Papers AES-CBC + Elephant diffuser A Disk Encryption Algorithm for Windows Vista Niels Ferguson, Microsoft,
Operating Systems Security 1. The Boot Sequence The action of loading an operating system into memory from a powered-off state is known as booting or.

Operating Systems Security 1. The Boot Sequence The action of loading an operating system into memory from a powered-off state is known as booting or.
BitLocker™ Drive Encryption A look under the covers Steve Lamb Technical Security Advisor, Microsoft UK

BitLocker™ Drive Encryption A look under the covers Steve Lamb Technical Security Advisor, Microsoft UK
This presentation will take a look at to prevent your information from being discovered by and investigator.

This presentation will take a look at to prevent your information from being discovered by and investigator.
Securing. Agenda  Hard Drive Encryption  User Account Permissions  Root Level Access  Firewall Protection  Malware Protection.

Securing. Agenda  Hard Drive Encryption  User Account Permissions  Root Level Access  Firewall Protection  Malware Protection.
Hardware Security: Trusted Platform Module Amir Houmansadr CS660: Advanced Information Assurance Spring 2015 Content may be borrowed from other resources.

Hardware Security: Trusted Platform Module Amir Houmansadr CS660: Advanced Information Assurance Spring 2015 Content may be borrowed from other resources.
Section 3.2: Operating Systems Security

Section 3.2: Operating Systems Security
BitLocker: deep details, improvements and benifits

BitLocker: deep details, improvements and benifits
Configuring Windows Vista Security Chapter 3. IE7 Pop-up Blocker Pop-up Blocker prevents annoying and sometimes unsafe pop-ups from web sites Can block.

Configuring Windows Vista Security Chapter 3. IE7 Pop-up Blocker Pop-up Blocker prevents annoying and sometimes unsafe pop-ups from web sites Can block.
Data Encryption Overview South Seas Corporation Jared Owensby.

Data Encryption Overview South Seas Corporation Jared Owensby.
11 INSTALLING WINDOWS XP Chapter 2. Chapter 2: Installing Windows XP2 INSTALLING WINDOWS XP  Prepare a computer for the installation of Microsoft Windows.

11 INSTALLING WINDOWS XP Chapter 2. Chapter 2: Installing Windows XP2 INSTALLING WINDOWS XP  Prepare a computer for the installation of Microsoft Windows.
SEC316: BitLocker™ Drive Encryption

SEC316: BitLocker™ Drive Encryption
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture Three.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture Three.

Similar presentations

Ads by Google