Expert Reference Series of White Papers. BitLocker: Is It Really Secure? COURSES.

Transcription

1 Expert Reference Series of White Papers BitLocker: Is It Really Secure? COURSES

2 BitLocker: Is It Really Secure? Mark Mizrahi, Global Knowledge Instructor, MCSE, MCT, CEH Introduction: What Is It? BitLocker, whose full name is Windows BitLocker Full Drive Encryption, is a new technology available in Windows Vista Enterprise and Windows Vista Ultimate and also available in Windows Server It is one of the new security features for both Business and Personal Users designed to address the threat of unauthorized access to data as well as illegitimate booting of the operating system. BitLocker addresses a previously long history of vulnerability, such as data theft by inappropriately booting a computer through stolen credentials, using external attack tools such as bootable operating systems on CD-ROM or USB boot devices, or transferring a computer s hard drive and reading it in a foreign system. Another security concern is obtaining unauthorized access into a stolen laptop or mainstream computer, and accessing a recycled or decommissioned computer. BitLocker effectively encrypts the volume that runs the operating system, while Windows Server 2008 can additionally encrypt other volumes. By design, BitLocker encrypts the entire Windows operating system volume on the hard-drive, including the operating system files, user data, hibernation files, page file, and temporary files. Any applications installed on the system volume will benefit from this form of protection. BitLocker verifies the integrity of the early stages of the boot components and boot configuration data so that any alteration of the boot process will prevent the operating system from starting. It is as valuable for servers as it is for laptops and desktops, especially those machines that are off-site at remote or branch offices where these machines are less physically protected. The possibility exists that BitLocker-protected machines might be physically compromised and possibly stolen. The result will be that access of data on the system disk will be protected. These features are extremely important to owners and users of laptops, who benefit from the safety and comfort of knowing that the information cannot be accessed. This is extremely reassuring. What Is Needed Not all versions of Windows Vista have the BitLocker feature. The only Windows Vista versions that come with BitLocker are the higher priced versions of Windows Vista Enterprise and Windows Vista Ultimate. Upgrade paths are in place that will allow owners of other versions of Windows Vista to easily upgrade to either Enterprise or Ultimate. The most secure way to implement BitLocker is to have a computer with a cryptographic hardware microchip called the Trusted Platform Module (TPM) version 1.2 or later, along with a Trusted Computing Group (TCG) compliant BIOS. The TPM is a hardware component pre-installed on newer computers to protect data and ensure that the computer has not been tampered with while the system was offline or shutdown. This component allows the option to lock the normal startup process until the user supplies a personal identification number (PIN). Copyright 2007 Global Knowledge Training LLC. All rights reserved. Page 2

3 It should be noted that the availability of computers with the TPM hardware components preinstalled are hard to find, probably due to the manufacturer s desire to keep costs low. It is a fact that since the majority of sales are versions of Windows Vista that do not support BitLocker, hardware is pre-built without the TPM components and TCG compliant BIOS. Another, although less secure, way to use BitLocker on computers that do not have the TPM hardware is insert a removable USB device, such as a flash drive, that contains a startup key. This implementation does not provide the pre-startup system integrity verification offered by BitLocker working with TPM hardware. Optionally, in a domain environment, BitLocker supports the remote escrow of Keys to the Active Directory Domain Services (AD DS) as well as a Windows Management Instrumentation (WMI) interface with scripting support for remote administration of this feature. BitLocker can also be configured with Group Policy Objects (GPO). Either method does provide multi-factor authentication and insures that the computer will not start or even resume from hibernation until the correct PIN or startup key is used. For BitLocker to function, the hard disk requires at least two (NTFS) formatted volumes. One volume that supports the boot files that boot the operating system, known as the system volume and having a minimum of size of 1.5 GB, and another volume that supports operating system, known as the boot partition. In the event that two volumes are not available, Windows Vista has diskpart command line tool that gives you the ability to shrink the size of an NTFS volume so that the system volume for BitLocker can be created. How It Works BitLocker provides three modes of operation: Transparent Operation Mode, User Authentication Mode, and USB Key Mode. The first two modes require the TPM (version 1.2 or later) and TCG-compliant BIOS. The third mode does not require a TPM chip. Transparent operation mode: This mode exploits the capabilities of the TPM 1.2 hardware to provide transparency of the BitLocker technology to the user then they logon to Windows Vista as normal. The key used for the disk encryption is sealed (encrypted) by the TPM chip and will only be released to the OS loader code if the early boot files appear to be unmodified. The pre-os components of BitLocker achieve this by implementing a Static Root of Trust Measurement, which is a methodology specified by the Trusted Computing Group ( User authentication mode: This mode requires that the user provide some authentication to the pre-boot environment in order to be able to boot the OS. Two authentication modes are supported, a pre-boot PIN entered by the user or a Universal Serial Bus USB ( inserted that contains the required startup key. The USB device does not require a TPM chip. USB Key: The user must insert a USB device that contains a startup key into the computer to be able to boot the protected OS. This mode requires that the BIOS on the protected machine support the reading of USB devices in the pre-os environment. BitLocker encrypts data using the Advanced Encryption Standard (AES) with key lengths of 128 or 256 bits, plus an optional diffuser. The Default encryption setting is AES 128 bit with the Elephant Diffuser. AES algorithm was chosen in-part because of its fast performance. According to Microsoft BitLocker imposes a single Copyright 2007 Global Knowledge Training LLC. All rights reserved. Page 3

4 digit percentage of overhead. All BitLocker encryption is done in the background and all decryption is done as blocks as requested. BitLocker uses the TPM to verify the integrity of early boot components and boot configuration data. This helps ensure that BitLocker makes the encrypted volume accessible only if those components have not been tampered with and the encrypted drive is located in the original computer. BitLocker helps ensure the integrity of the startup process by: Providing a method to check that early boot file integrity has been maintained, and help ensure that there has been no adversarial modification of those files, such as with boot sector viruses or rootkits. Enhancing protection to mitigate offline software-based attacks. Any alternative software that might start the system does not have access to the decryption keys for the Windows operating system volume. TPM-only scenario Locking the system when tampered with. If any monitored files have been tampered with, the systemdoes not start. This alerts the user to the tampering, since the system fails to start as usual. In the event that system lockout occurs, BitLocker offers a simple recovery process. Authentication modes in the boot sequence BitLocker supports four different authentication modes, depending on the computer's hardware capabilities and the desired level of security: BitLocker with a TPM (no additional authentication factors) BitLocker with a TPM and a PIN BitLocker with a TPM and a USB startup key BitLocker without a TPM (USB startup key required) Each time Windows Vista starts up with BitLocker enabled, the boot code performs a sequence of steps based on the volume protections set. These steps can include system integrity checks and other authentication steps (PIN or USB startup key) that must be verified before the protected volume is unlocked. For recovery purposes, BitLocker uses a recovery key (stored on a USB device) or a recovery password (numerical password), as shown in the Bitlocker Architecture section below. You create the recovery key or recovery password during BitLocker initialization. Inserting the recovery key or typing the recovery password enables an authorized user to regain access to the encrypted volume in the event of an attempted security breach or system failure. BitLocker searches for keys in the following sequence: 1. Clear key: System integrity verification has been disabled and the BitLocker volume master key is freely accessible. No authentication is necessary. 2. Recovery key or startup key (if present): If a recovery key or startup key is present, BitLocker will use that key immediately and will not attempt other means of unlocking the volume. 3. Authentication 1. TPM: The TPM successfully validates early boot components to unseal the volume master key. 2. TPM + startup key: The TPM successfully validates early boot components and a USB flash drive containing the correct startup key has been inserted. Copyright 2007 Global Knowledge Training LLC. All rights reserved. Page 4

5 3. TPM + PIN: The TPM successfully validates that early boot components and the user enters the correct PIN. 4. Recovery 1. Recovery password: The user must enter the correct recovery password. 2. Recovery key: If none of the above steps successfully unlocks the drive, the user is prompted to insert the USB flash drive that holds the recovery key, and then restart the computer. In this scenario, BitLocker is enabled on a computer that has a TPM, but no additional authentication factors have been enabled. The hard disk is partitioned with two volumes: The system volume that contains the files that boot the operating system The Windows Vista operating system volume known as the boot volume As shown in Figure 1, BitLocker encrypts the operating system volume with a full volume encryption key. This key is itself encrypted with the volume master key, which, in turn, is encrypted by the TPM. Figure 1. Accessing a BitLocker-enabled volume with TPM protection This scenario can be enabled or disabled by the local administrator using the BitLockers Control Panel Applets Security items in Control Panel in Windows Vista. Turning BitLocker off decrypts the volume and removes all keys. New keys are created once BitLocker is turned back on at a later time. Enhanced Authentication Scenarios These scenarios add additional authentication factors to the basic scenario described previously. As shown in Figure 2, using BitLocker on a computer that has a TPM offers two multifactor authentication options: Figure 2. Accessing a BitLocker-enabled volume with enhanced protection Copyright 2007 Global Knowledge Training LLC. All rights reserved. Page 5

6 The TPM plus a PIN (system integrity check plus something the user knows) The TPM plus a startup key stored on a USB flash drive (system integrity check plus something the user has) The advantage of these scenarios is that not all key material is stored on the local computer. PIN authentication In this scenario, the administrator sets up a numeric PIN during BitLocker initialization. BitLocker hashes the PIN using SHA-256 and the first 160 bits of the hash are used as authorization data sent to the TPM to seal the volume master key. The volume master key is now protected by both the TPM and the PIN. To unseal the volume master key, the user will be required to enter the PIN each time the computer starts up or resumes from hibernation. Startup key-only scenario (no TPM) In this scenario, the administrator enables BitLocker on a computer that does not contain a TPM. The computer user must insert the USB flash drive containing a startup key each time the computer starts or resumes from hibernation. The startup key for a non-tpm computer must be created during BitLocker initialization, either through the BitLocker setup wizard or through scripting. BitLocker generates the startup key, the user inserts a USB flash drive, and the system stores the startup key on that device. Using the BitLocker Control Panel item, the user can create a backup copy of the startup key. The startup key is saved unencrypted, in a.bek file as raw binary data. In the case of a lost startup key, the volume must be recovered by using the recovery key or the recovery password and a new startup key must be generated (this process will revoke the original startup key). All other volumes also using the lost startup key must go through a similar procedure, to ensure that the lost startup key is not used by an unauthorized user. BitLocker Architecture BitLocker helps protect the operating system volume of the hard disk from unauthorized access while the computer is offline. To achieve this, BitLocker uses full-volume encryption and the security enhancements offered by the TPM. On computers that have a TPM, BitLocker also supports multifactor authentication. BitLocker uses the TPM to perform system integrity checks on critical early boot components. The TPM collects and stores measurements from multiple early boot components and boot configuration data to create a system identifier for that computer, much like a fingerprint. If the early boot components are changed or tampered with, such as by changing the BIOS, changing the master boot record (MBR), or moving the hard disk to a different computer, the TPM prevents BitLocker from unlocking the encrypted volume and the computer enters recovery mode. If the TPM verifies system integrity, BitLocker unlocks the protected volume. The operating system then starts and system protection becomes the responsibility of the user and the operating system. Figure 3 shows how the BitLocker-protected volume is encrypted with a full volume encryption key, which in turn is encrypted with a volume master key. Securing the volume master key is an indirect way of protecting data on the volume. The addition of the volume master key allows the system to be re-keyed easily when keys upstream in the trust chain are lost or compromised. This ability to re-key the system saves the expense of decrypting and encrypting the entire volume again. Copyright 2007 Global Knowledge Training LLC. All rights reserved. Page 6

7 Figure 3. Relationship between different encryption keys in BitLocker. Copyright 2007 Global Knowledge Training LLC. All rights reserved. Page 7

8 Once BitLocker authenticates access to the protected operating system volume, a filter driver in the Windows Vista file system stack encrypts and decrypts disk sectors transparently as data is written to and read from the protected volume. When the computer hibernates, the hibernation file is saved encrypted to the protected volume. When the computer resumes from hibernation, the encrypted hibernation file is decrypted. After BitLocker encrypts the protected volume during setup, the impact on day-to-day system performance for encryption and decryption is typically minimal. If you temporarily disable BitLocker (for example, to update the BIOS), the operating system volume remains encrypted, but the volume master key will be encrypted with a "clear key" stored unencrypted on the hard disk. The availability of this unencrypted key disables the data protection offered by BitLocker. When BitLocker is re-enabled, the unencrypted key is removed from the disk, the volume master key is keyed and encrypted again, and BitLocker protection resumes. IT administrators can configure BitLocker locally through the BitLocker setup wizard, or both locally and remotely with the interfaces exposed by the Win32_EncryptableVolume WMI provider of the Windows Vista operating system. Interfaces include management functionality to begin, pause, and resume encryption of the volume and to configure how the volume is protected. Architectural Diagram Figure 4. Overall BitLocker Architecture Copyright 2007 Global Knowledge Training LLC. All rights reserved. Page 8

9 Figure 4 shows the overall BitLocker architecture, including its various subcomponents. It displays the user mode and the kernel mode components of BitLocker, including the TPM, and the way they integrate with the different layers of the operating system. Computer Updates and Upgrades. Disabling BitLocker Protection An administrator may want to temporarily disable BitLocker in certain scenarios, such as: Restarting the computer for maintenance without requiring user input (for example, a PIN or startup key). Updating the BIOS Upgrading critical early boot components without triggering BitLocker recovery. Such as: - Installing a different version of the operating system or another operating system, which might change the master boot record (MBR). - Repartitioning the disk, which might change the partition table. - Performing other system tasks that change the boot components validated by the TPM. Upgrading the motherboard to replace or remove the TPM without triggering BitLocker recovery. Turning off (disabling) or clearing the TPM without triggering BitLocker recovery. Moving a BitLocker-protected disk volume to another computer without triggering BitLocker recovery. These scenarios are collectively referred to as the computer upgrade scenario. BitLocker can be enabled or disabled through the BitLocker item in Control Panel in Windows. The following steps are necessary to upgrade a BitLocker-enabled computer. 1. Temporarily turn off BitLocker by placing it into disabled mode. 2. Upgrade the system or the BIOS. 3. Turn BitLocker back on. Forcing BitLocker into disabled mode will keep the volume encrypted, but the volume master key will be encrypted with a symmetric key stored unencrypted on the hard disk. The availability of this unencrypted key disables the data protection offered by BitLocker, but ensures that subsequent computer startups succeed without further user input. When BitLocker is re-enabled, the unencrypted key is removed from the disk and BitLocker protection is turned back on. Additionally, the volume master key is keyed and encrypted again. Moving the encrypted volume (that is, the physical disk) to another BitLocker-enabled computer does not require any additional steps because the key protecting the volume master key is stored unencrypted on the disk. System Recovery A number of scenarios can trigger a recovery process, for example: Moving the BitLocker-protected drive into a new computer. Installing a new motherboard with a new TPM. Turning off, disabling, or clearing the TPM. Updating the BIOS Upgrading critical early boot components that cause system integrity validation to fail. Copyright 2007 Global Knowledge Training LLC. All rights reserved. Page 9

10 Forgetting the PIN when PIN authentication has been enabled. Losing the USB flash drive containing the startup key when startup key authentication has been enabled. An administrator can also trigger recovery as an access control mechanism (for example, during computer redeployment). An administrator may decide to lock down an encrypted drive and require that users obtain BitLocker recovery information to unlock the drive If BitLocker enters recovery mode, the data in the encrypted volume can be recovered through a process that requires minimal setup. For detailed information, see Windows BitLocker Drive Encryption Step-by-Step Guide ( Recovery setup Using Group Policy, an IT administrator can choose what recovery methods to require, deny, or make optional for users who enable BitLocker. The recovery password can be stored in Active Directory Domain Services (AD DS), and the administrator can make this option mandatory, prohibited, or optional for each user of the computer. Additionally, the recovery data can be stored on a USB flash drive. Recovery scenarios In BitLocker, recovery consists of decrypting a copy of the volume master key using either a recovery key stored on a USB flash drive or a cryptographic key derived from a recovery password. The TPM is not involved in any recovery scenarios, so recovery is still possible if the TPM fails boot component validation, malfunctions, or is removed. Recovery password The recovery password is a 48-digit, randomly-generated number that can be created during BitLocker setup. If the computer enters recovery mode, the user will be prompted to type this password using the function keys (F0 through F9). The recovery password can be managed and copied after BitLocker is enabled. Using the BitLocker control panel, the recovery password can be printed or saved to a file for future use. A domain administrator can configure Group Policy to generate recovery passwords automatically and transparently back them up to AD DS as soon as BitLocker is enabled. The domain administrator can also choose to prevent BitLocker from encrypting a drive unless the computer is connected to the network and AD DS backup of the recovery password is successful. Recovery key The recovery key can be created and saved to a USB flash drive during BitLocker setup. It can also be managed and copied after BitLocker is enabled. If the computer enters recovery mode, the user will be prompted to insert the recovery key into the computer. Summary Microsoft s BitLocker Full Drive Encryption technology debuted in Windows Vista as a way to protect the system volume on notebook computers. The idea was that, while notebook loss or theft was inherently expensive, the real expense often came when the data on the drive was exploited by thieves. With full drive encryption, you can t simply pop out a hard drive and access the data using a different computer. Copyright 2007 Global Knowledge Training LLC. All rights reserved. Page 10

11 As it turns out, BitLocker is just as valuable for servers. BitLocker is included on Windows Server2008 and is identical to the version on Windows Vista, as discussed in this article, with the added feature of drive encryption on other volumes. Bottom line, BitLocker is a truly really safe way to protect your data and applications, hard drive and operation system, whether it s trying to access it in your own computer or in someone else s computer. Enjoy the new technology. Learn More Learn more about how you can improve productivity, enhance efficiency, and sharpen your competitive edge. Check out the following Global Knowledge courses: Microsoft Certified Technology Specialist: Server 2008 Upgrade Boot Camp Migrating to Server 2008 Updating Your Active Directory Technology Skills to Windows Server 2008 (Beta 3) Updating Your Application Platform Technology Skills to Windows Server 2008 (Beta 3) Updating Your Network Infrastructure Technology Skills to Windows Server 2008 (Beta 3) Deploying Microsoft Windows Vista Business Desktops Implementing, Configuring, and Troubleshooting Windows Vista Microsoft Certified IT Professional: Enterprise Support Technician Boot Camp For more information or to register, visit or call COURSES to speak with a sales representative. Our courses and enhanced, hands-on labs offer practical skills and tips that you can immediately put to use. Our expert instructors draw upon their experiences to help you understand key concepts and how to apply them to your specific work situation. Choose from our more than 700 courses, delivered through Classrooms, e-learning, and On-site sessions, to meet your IT and business training needs. About the Author Mark Mizrahi has been a Microsoft Certified System Engineer (MCSE) since NT3.51 with a certification in Security. He is a Microsoft Certified Trainer (MCT) and a Certified Ethical Hacker (CEH), and currently teaches Microsoft curriculum for Global Knowledge. He is President of Standard Computer Services and consults for various Fortune 500 companies. He designs and implements web-based Internet security and video surveillance systems for a diversified customer base. Keeping up with the various Hacking methods is part of his daily intake of information and he loves sharing it with his clients and students. Copyright 2007 Global Knowledge Training LLC. All rights reserved. Page 11