BitLocker Drive Encryption Hardware Enhanced Data Protection Shon Eizenhoefer, Program Manager Microsoft Corporation Agenda Security Background BitLocker Drive Encryption TPM Overview Building a BitLocker Capable System Additional Resources BitLocker Drive Encryption BitLocker And TPM Features BitLocker Drive Encryption gives you improved data protection on your Windows Vista and Windows Server codenamed Longhorn systems Notebooks Often stolen, easily lost in transit Desktops Often stolen, difficult to safely decommission Servers High value targets, often kept in insecure locations All three can contain very sensitive IP and customer data Designed to provide a transparent user experience that requires little to no interaction on a protected system Prevents thieves from using another OS or software hacking tool to break OS file and system protections Prevents offline viewing of user data and OS files Provides enhanced data protection and boot validation through use of a Trusted Platform Module (TPM) v1.2 BitLocker Drive Encryption Encrypts entire volume Uses Trusted Platform Module (TPM) v1.2 to validate pre-os components Customizable protection and authentication methods Pre-OS Protection USB startup key, PIN, and TPM-backed authentication Single Microsoft TPM Driver Improved stability and security TPM Base Services (TBS) Enables third party applications Active Directory Backup Automated key backup to AD server Group Policy support Scriptable Interfaces TPM management BitLocker management Command-line tool
TPM Services Architecture (Simplified) What Is A Trusted Platform Module (TPM)? Feature Map Windows Vista Enterprise Ultimate Windows Vista All SKUs *TCG Software Stack BitLocker Trusted Platform Module (TPM) TPM Admin Tools TPM WMI Provider TPM Base Services TPM Driver Third Party Applications TSS* Smartcard-like module on the motherboard Protects secrets Performs cryptographic functions RSA, SHA-1, RNG Meets encryption export requirements Can create, store and manage keys Provides a unique Endorsement Key (EK) Provides a unique Storage Root Key (SRK) Performs digital signature operations Holds Platform Measurements (hashes) Anchors chain of trust for keys and credentials Protects itself against attacks TPM 1.2 spec: www.trustedcomputinggroup.org Why Use A TPM? BitLocker Drive Encryption Architecture Static Root of Trust Measurement of boot components Trusted Platforms use Roots-of-Trust A TPM is an implementation of a Root-of-Trust A hardware Root-of-Trust has distinct advantages Software can be hacked by Software Difficult to root trust in software that has to validate itself Hardware can be made to be robust against attacks Certified to be tamper resistant Hardware and software combined can protect root secrets better than software alone A TPM can ensure that keys and secrets are only available for use when the environment is appropriate Many specific hardware and software configurations TPM Init PreOS BIOS MBR Static OS BootSector BootBlock BootManager All Boot Blobs unlocked Volume Blob of Target OS unlocked OS Loader Start OS
Disk Layout And Key Storage OS Volume Contains Encrypted OS Encrypted Page File Encrypted Temp Files Encrypted Data Encrypted Hibernation File OS Volume 3 System Where s the Encryption Key? 1. SRK (Storage Root Key) contained in TPM 2. SRK encrypts FVEK (Full Volume Encryption Key) protected by TPM/PIN/USB Storage Device 3. FVEK stored (encrypted by SRK) on hard drive in the OS Volume 2 FVEK System Volume Contains: MBR, Boot manager, Boot Utilities (Unencrypted, small) 1 SRK Information Protection Threats Internal threats are just as prevalent as external threats Accidental Loss due to carelessness System disposal or repurposing without data wipe System physically lost in transit Intentional Data intentionally compromised Insider access to unauthorized data Offline attack on lost/stolen laptop Targeted Thief steals asset based on value of data Theft of branch office server (high value and volume of data) Theft of executive or government laptop Direct attacks with specialized hardware Spectrum of Protection BitLocker offers a spectrum of protection, allowing an organization to customize according to its own needs TPM + USB What it is + what you have HW attacks Stolen USB key Protect USB key USB Only What you have HW attacks Stolen USB key No boot validation Protect USB key TPM + PIN What it is + what you know Many HW attacks Hardware attacks Enter PIN to boot TPM Only What it is Most SW attacks Hardware attacks N/A No user impact o esae lo pe D f BitLocker Recovery Scenarios Lost/Forgotten Authentication Methods Lost USB key, user forgets PIN Upgrade to Core Files Unanticipated change to pre-os files (BIOS upgrade, etc ) Broken Hardware Hard drive moved to a new system Deliberate Attack Modified or missing pre-os files (Hacked BIOS, MBR, etc )
BitLocker Recovery Methods Recommended method for domain-joined machines Automate key backups through BitLocker Setup Configure group policy to store keys in Active Directory Provides centralized storage and management of keys Recommended methods for non domain-joined machines Back up to a USB flash device Back up to a web-based key storage service Windows Ultimate Extras Provides a free key storage service for home users or unmanaged environments Potential OEM or 3rd-party service for key storage Back up to a file Print or record to physical media Building BitLocker Systems Windows Vista Logo Program Performance, quality, and feature metrics that help consumers understand and seek out the best computing experience that Windows Vista has to offer http://www.microsoft.com/whdc/winlogo/hwrequirements.mspx whdc/winlogo/hwrequirements.mspx Trusted Platform Module SYSFUND-0030 TPM Main Specification, Version 1.2 (or later) Memory Mapped I/O, Locality 0 https://www.trustedcomputinggroup.org www.trustedcomputinggroup.org/specs/tpm TPM PC Client Interface Specification, Version 1.2 (or later) https://www.trustedcomputinggroup.org/specs/pcclient BIOS SYSFUND-0031 TCG BIOS Specification Physical Presence Interface Specification Memory Overwrite on Reset Specification Immutable CRTM or Secure Update https://www.trustedcomputinggroup.org/specs/pcclient Platform Threats And Mitigations BIOS Modification THREAT Lost Core Root of Trust for Measurement MITIGATION Secure CRTM Update MITIGATION Provide extra protection with PIN or USB Physical Memory THREAT Key exposure in physical memory MITIGATION Memory Overwrite on Reset MITIGATION Provide extra protection with PIN or USB Dictionary Attack Against PIN THREAT Key exposure MITIGATION Anti-hammering countermeasures End Users THREAT Unsafe practices (PIN nearby, USB in laptop case) MITIGATION User education, corporate security policy Building BitLocker Systems Hard Disk SYSFUND-0032 BitLocker requires at least two partitions System partition ( Active, NTFS, minimum 1.5GB) OS must be installed on separate partition OS and other partition(s) can be of any size for more information USB SYSFUND-0069-0070 System boot from USB 1.x and 2.x USB USB read/write in pre-os environment FAT16, FAT32, or NTFS file system for BitLocker and TPM Admin BIOS and Platform Requirements
Enterprise Customer Needs Call To Action Remote Deployment Considerations Think through large-scale deployment of BitLocker Provide solutions for remote initialization of TPMs Provide a secure BIOS update mechanism Support Encrypted Volumes in Recovery Environment Include WinRE scripting components Ship Systems with an Endorsement Key (EK) EK generation in the field is time consuming Industry security best practice TCG Guidelines Build BitLocker -ready Systems TPM v1.2 Consider the deployment experience, make it easy BIOS Don t ship systems without secure CRTM/BIOS update! Hard Disk Ship your platforms with two or more partitions USB Verify read/write/boot from USB in pre-os environment Consider Enterprise Customer Needs Provide ability to initialize TPM remotely Ship with Endorsement Key (EK) Test Your Platforms! Test with latest Windows Vista releases WDK test suite http://www.microsoft.com/ whdc/driver/wdk/aboutwdk.mspx Work with us to get your reference platforms tested! for more information Additional Resources Web Resources Specs and Whitepapers http://www.microsoft.com/whdc/system/platform/hwsecurity/default.mspx Windows Logo Program Testing http://www.microsoft.com/whdc/getstart/testing.mspx whdc/getstart/testing.mspx TCG http://www.trustedcomputinggroup.org Related Sessions Enterprise and Server Use of Microsoft BitLocker Drive Encryption (CPA027) Windows Vista and Windows Server Longhorn Security Platform Enhancements (CPA127) BitLocker Questions or Ideas Bdeinfo @ microsoft.com BitLocker Blog http://blogs.msdn.com/si_team/default.aspx