1 / 37

BitLocker Drive Encryption

BitLocker Drive Encryption. Olivia Terrell. BitLocker Drive Encryption. What it is What it does How it works Just how Secure is BitLocker? Advantages/Disadvantages Questions and Treats. What is BitLocker Drive Encryption is. Every year, about 1—2% of laptops are stolen, along with

takara
Télécharger la présentation

BitLocker Drive Encryption

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. BitLocker Drive Encryption Olivia Terrell

  2. BitLocker Drive Encryption • What it is • What it does • How it works • Just how Secure is BitLocker? • Advantages/Disadvantages • Questions and Treats

  3. What is BitLocker Drive Encryption is Every year, about 1—2% of laptops are stolen, along with the valuable information contained within them. BitLocker Drive Encryption is one suggested solution to this growing problem...

  4. What is BitLocker Drive Encryption is • Full Disk encryption (FDE) • Can be used with/without aTrusted Platform Chip (TPC) • Included on Windows Vista, both Ultimate and Enterprise versions and on Windows Server 2008 • Has AES encryption with a 128 key in Cipher Block Chaining (CBC) mode • Uses an Elephant Diffuser for additional security

  5. Full Disk Encryption • Full Disk Encryption (FDE): either hardware or software that encrypts all data on disk or volume—excluding the 512-byte Master Boot Record (MBR, i.e. “Sector 0”) which contains the primary partition table or instructions to execute the Basic Input/Output of the System (BIOS)

  6. 3 Modes of BitLocker • Transparent operation mode: Requires a Trusted Platform Module (TPM) 1.2 hardware chip with built-in encryption key. The key used for the disk encryption is sealed (encrypted) by the TPM chip and will only be released to the OS loader code if the early boot files appear to be unmodified. The pre-OS components of BitLocker achieve this through a Static Root of Trust Measurement (specified by the Trusted Computing Group) • User authentication mode: User provides pre-boot PIN to boot the OS. • USB Key: (No TPM needed) Must use jump drive that contains a startup key to be able to boot the OS. (provided that the BIOS can read a jump drive before running the OS) • TPM  • TPM + PIN • TPM + PIN + USB Key • TPM + USB Key • USB Key

  7. Trusted Platform Chip • The TPM 1.2 chip utilized by BitLocker • Chip is tamper resistant—but communication channel from/to it isn’t. [1]

  8. Trusted Platform Chip • The TPC is a hardware chip on the Motherboard. • Has several Platform Configuration Registers (PCR) whose current value at any given time can only be attained through the same sequence of operations after power-up.

  9. Trusted Platform Chip: PCRs • PCRs keep track of the code that runs • The PCRs are initially 0 and are set using a function called extend. Extend sets a PCR to a hash of its old value and a supplied data string. • There is no other way to set a PCR.

  10. Trusted Platform Chip: Sealing/Unsealing • The seal/unseal functions of the Trusted Platform Module (TPM) then allow access to the cryptographic keys based on the PCR values. • Seal is used to encrypt keys into strings that can only be decrypted by that particular TPM • Can only decrypt if PCR has same value as it did at time of the seal.

  11. TPM’s Cryptographic Keys… • The cryptographic encryption key on the TPM is called an Endorsement Key (EK) and is an RSA key created at the time of manufacture of the chip from the Direct Anonymous Attestation protocol (DAA), consisting of a public and private key. • The public key interacts in the creation of the sector key for each 512 byte sector encryption • The private key resides on the chip and is not revealed

  12. What BitLocker is A Windows Vista security FDE that employs Trusted Computing technologies to either allow operation of the OS, or contact a pre-determined (possibly) third party for further instructions if an error/modification is encountered.

  13. Laptop turned on Processor starts BIOS from ROM 1st part of BIOS (which can’t be modified) extends BIOS PCR with entire BIOS code Rest of BIOS continues BIOS reads MBR of the hard disk Extends boot sector PCR with sector’s data 7) Executes code in the boot sector (the boot sequence takes several iterations) 8) PCRs measure what code is running 9) TPM unseals the BitLocker volume encryption key 10) Boot sector switches to BitLocker encryptions at first convenience 11) All data now read from encrypted volume [2] What BitLocker Does

  14. What BitLocker Does BitLocker encrypts the data on the Operating System (OS) which is practically the entire hard disk in most computers.

  15. How BitLocker Works • BitLocker Encryption is done a sector at a time • Each sector is usually 512 bytes, but could be as much as 8192 bytes in the near future • Each sector is encrypted independently of the other sectors

  16. How BitLocker Works XOR IVs := E(KAES; e(s))

  17. Finding the Sector Key • The sector key derivation is the encryption of both the public endorsement key from the TPM chip along with the encoding function e() found in the AES-CBC layer. • The result is XORed into the plaintext (to make the key the same size as the block)

  18. Why we need an IV? • Encryption of the same plain text with the same key results in the same ciphertext. This is very insecure. • By using an initialization vector (IV) XORed with the plaintext or included in front of the plaintext prior to encryption, we bypass the need for re-keying.

  19. The Initialization Vector for AES-CBC component • IVs := E(KAES; e(s)) • The initialization vector of a sector is the encryption of both the AES key and the encoding function that maps each sector into a unique 16-byte number. • IVs depends on the key and the sector number s—but not on the data

  20. How BitLocker Works • The sector key and AES-CBC components each receive ½ of the 512 byte Endorsement Key, making them 256 bytes. Only 128 bytes are normally used, and the rest is discarded. It's easier to throw away bits you don't need than it is to accommodate for variations in key length. • A sector can be any power of two (from 512—8192 bytes). This is done in the hopes of creating a tweakable block cipher. That is—any alteration to the ciphertext creates randomness in that sectors plaintext. Ideally, if tweakable block cipher can be attained, then the algorithm changes slightly from one sector encryption to the next making it almost impossible to use one sectors ciphertext to decrypt another sector.

  21. In short: If an attacker can detect a non-random change in the plaintext by the alteration of the ciphertext—they can determine the key of that sector and gain access to it.

  22. The Elephant Diffuser: A&B The A and B diffusers are similar, but work in opposite directions. Each is for good diffusion properties in one direction and has poor diffusion properties in the other direction. Thus, two are needed: one diffuser for each direction (i.e., decoding and encoding)

  23. The Elephant Diffuser • The diffusers take the sector as a 32 word bit array • Each word is encoded using the least-signiffcant-byte first convention. • Let n be the number of words in the sector, and (d0, d1, … , dn¡) be the words of the sector array. • Decryption function of A diffuser is: di = di + (d i-2 XOR (d i-5 <<<R(a) mod 4))

  24. A Diffuser: Decryption Decryption function of A diffuser is: di = di + (d i-2 XOR (d i-5 <<<R(a) mod 4)) 1. <<< is the rotate-left operator 2. R(a) = [9,0,13,0] that specifies rotation amount

  25. A Diffuser: Encryption Encryption function of A diffuser is similar, except that we run the forloop from n to 0, instead of 0 to n. As before: di = di + (d i-2 XOR (d i-5 <<<R(a) mod 4)) 1. <<< is the rotate-left operator 2. R(a) = [9,0,13,0] that specifies rotation amount

  26. B Diffuser: Decryption Decryption function of B diffuser is very similar to A, except that d i-2 changes into d i+2, and d i-5 becomes d i+5 (because diffusion in opposite direction) di = di + (d i+2 XOR (d i+5 <<<R(a) mod 4)) 1. <<< is the rotate-left operator 2. R(a) = [9,0,13,0] that specifies rotation amount For Encryption, all that is needed is the reversal of the forloop

  27. AES-CBC does not protect integrity, hence the need for the diffuser. The Elephant was released relatively untested. It was suggested that at the very least, the BitLocker could be no more insecure than the AES encoding. Why do we need the Elephant Diffuser?

  28. Security of BitLocker • Because the key is stored in physical memory, it is vulnerable to cold boot attacks. The DRAM is literally frozen and the key is then read from it • Assumptions for cold boot attack: 1) Physical access to the machine 2) Laptop would likely have to be in sleep mode (rather than hibernate mode or powered off) 3) No implementation of the multi-factor pre-boot authentication “I would posit that the opportunistic laptop thief is somewhat unlikely to carry a separate laptop on which they will have installed tools that allow them to reconstruct cryptographic keys - or for that matter have a can of compressed air handy," argued Microsoft senior product manager for Windows Vista security Russell Humphries.

  29. Security of BitLocker • Or—if we are running BitLocker in Transparent operation mode (i.e., utilizing the TPM) then we could monitor the communications between the CPU and the TPM via the Lower Pin Count bus and either try to guess the encryption key or fool the chip into giving up a part of its internal key.

  30. Advantages/Disadvantages of BitLocker • Advantages: • Better than Encrypted Files System (EFS) • Encrypts ENTIRE hard drive • Only know Full Disk Encryption (FDE) active when it asks for password at boot up. • Only 5% performance cost when reading/writing to encrypted file (excluding virtual memory)

  31. Advantages/Disadvantages of BitLocker • Disadvantages: • Actual access time may increase by 56% to 86% depending on how much the system utilizes virtual memory (because virtual memory also gets encrypted) and because the operating system is CONSTANTLY writing/reading data to hard disk, regardless of actions of the user. • User fallibilities (i.e. user writes password on Post-it note and appends it to computer)

  32. Questions?

  33. Glossary of Terms • Full Disk Encryption (FDE): either hardware or software that encrypts all data on disk or volume—excluding the Master Boot Record (i.e. “Sector 0”) which contains the primary partition entries in its partition table. • Encrypted File System (EFS): A feature of the Windows 2000 and XP that allows encryption of particular files.

  34. Glossary of Terms • White Elephant pictorial reference: any valuable object whose value is less than its cost in maintenance. • Hash function takes a string or message of any length as input and produces a fixed length string as output, sometimes termed a message digest or a digital fingerprint. • initialization vector (IV) is a block of bits that is required to allow a stream or a block cipher to produce a unique stream independent from other streams produced by the same encryption key.

  35. References [1] Klaus Kursawe, Dries Schellekens, and Bart Preneel, Analyzing trusted platform communication, Katholieke Universiteit Leuven Department Electrical Engineering-ESAT/SCD-COSIC, Kasteelpark Arenberg 10, 3001 Heverlee, Belgium Available at: http://www.esat.kuleuven.be/cosic/, Accessed: Tuesday, March 18, 2008, 6:13:07 PM [2] Niels Ferguson, AES+CBC+Elephant diffuser: A Disk Encryption Algorithm for Windows Vista, August 2006, niels@microsoft.com [3] Infineon liefert erste auf Windows Vista abgestimmte Sicherheitslösung bestehend aus Management-Software und TPM für PCs in Unternehmen (picture of TPM chip) http://www.infineon.com/cms/de/corporate/press/news/releases/2007/216326.html [4] Jan Camenisch, Better Privacy for Trusted Computing Platforms (extended abstract), IBM Research, Zurich Research Laboritory, CH-8803 Ruschlikon, Switzerland (pg 1-3)

  36. References [5] Preston Gralla. Big Book of Windows Hacks, pgs 400—407 [6] S. Frankel, R. Glenn, S. Kelly, The AES-CBC Cipher Algorithm and Its Use with IPsec, September 2003, available at: http://www.faqs.org/rfcs/rfc3602.html [7] Marius Oiaga, Technology News Editor, Microsoft Downplays Windows Vista Encryption Cracks, available at: http://news.softpedia.com/news/Microsoft-Downplays-Windows-Vista-Encryption-Cracks-79541.shtml

  37. Additional Resources BitLocker user-end Microsoft products page • http://www.microsoft.com/windows/products/windowsvista/features/details/bitlocker.mspx Some BitLocker history • http://www.windows-vista-hardware.info/bitlocker-vista-enterprise-ultimate.htm Member list of Trusted Computing Group (TCG) • https://www.trustedcomputinggroup.org/about/members/ Basic overview of trusted computing and use of the BitLocker • http://en.wikipedia.org/wiki/Trusted_computing Basic description of the BitLocker • http://en.wikipedia.org/wiki/BitLocker_Drive_Encryption Steps to breaking a FDE system • http://content.techrepublic.com.com/2346-1009_11-189078.html For anyone interested in CBC Stream Cipher in C# • http://madebits.com/articles/aes/index.php

More Related