BitLocker
Template:Infobox Windows component BitLocker is a full disk encryption feature included with select editions of Windows Vista and later in January 2007. It is designed to protect data by providing encryption for entire volumes. By default it uses the AES encryption algorithm in cipher block chaining (CBC) or XTS mode[1] with a 128-bit or 256-bit key.[2][3] CBC is not used over the whole disk; it is applied to each individual sector.[4]
History
BitLocker originated as a part of Microsoft's Next-Generation Secure Computing Base architecture in 2004 as a feature tentatively codenamed "Cornerstone"[5][6] and was designed to protect information on devices, particularly in the event that a device was lost or stolen; another feature, titled "Code Integrity Rooting," was designed to validate the integrity of Microsoft Windows boot and system files.[5] When used in conjunction with a compatible Trusted Platform Module (TPM), BitLocker can validate the integrity of boot and system files before decrypting a protected volume; an unsuccessful validation will prohibit access to a protected system.[7][8] BitLocker was briefly called Secure Startup prior to Windows Vista being released to manufacturing.[7]
Availability
BitLocker is available on:
- Ultimate and Enterprise editions of Windows Vista and Windows 7
- Pro and Enterprise editions of Windows 8 and 8.1[9][10]
- Pro, Enterprise, and Education editions of Windows 10[11]
- Windows Server 2008[12] and later[13][9]
Initially, the graphical BitLocker interface in Windows Vista could only encrypt the operating system volume; encrypting other volumes could be achieved through an included command-line tool.[14] Starting with Windows Vista with Service Pack 1 and Windows Server 2008, volumes other than the operating system volume could be encrypted using the graphical tool.[15]
The latest version of BitLocker, first included in Windows 7 and Windows Server 2008 R2, adds the ability to encrypt removable drives. On Windows XP or Windows Vista, read-only access to these drives can be achieved through a program called BitLocker To Go Reader, if FAT16, FAT32 or exFAT filesystems are used.[16]
BitLocker is also compatible with the portable instances of Windows 8 Enterprise edition installed through Windows To Go.[17]
Microsoft eDrive is a specification for storage devices to allow compliant storage devices to use its built-in encryption.[18]
Device encryption
Windows Mobile 6.5, Windows RT and core edition of Windows 8.1 include device encryption, a feature-limited version of BitLocker that encrypts the whole system.[19][20][21] Logging in with a Microsoft account with administrative privileges automatically begins the encryption process. The recovery key is stored to either the Microsoft account or Active Directory, allowing it to be retrieved from any computer. While device encryption is offered on all versions of 8.1, unlike BitLocker, device encryption requires that the device meet the InstantGo (formerly Connected Standby) specifications,[21] which requires solid-state drives, non-removable RAM (to protect against cold boot attacks) and a TPM 2.0 chip.[19][22]
Encryption modes
There are three authentication mechanisms that can be used as building blocks to implement BitLocker encryption:[23]
- Transparent operation mode: This mode uses the capabilities of TPM 1.2 hardware to provide for a transparent user experience—the user powers up and logs into Windows as normal. The key used for disk encryption is sealed (encrypted) by the TPM chip and will only be released to the OS loader code if the early boot files appear to be unmodified. The pre-OS components of BitLocker achieve this by implementing a Static Root of Trust Measurement—a methodology specified by the Trusted Computing Group (TCG). This mode is vulnerable to a cold boot attack, as it allows a powered-down machine to be booted by an attacker.
- User authentication mode: This mode requires that the user provide some authentication to the pre-boot environment in the form of a pre-boot PIN or password.
- USB Key Mode: The user must insert a USB device that contains a startup key into the computer to be able to boot the protected OS. Note that this mode requires that the BIOS on the protected machine supports the reading of USB devices in the pre-OS environment. The key may also be provided by a CCID for reading a cryptographic smartcard. Using CCID provides additional benefits beyond just storing the key file on an external USB thumb drive, because the CCID protocol hides the private key using a cryptographic processor embedded in the smartcard; this prevents the key from being stolen by simply being read off the media on which it is stored.
The following combinations of the above authentication mechanisms are supported, all with an optional escrow recovery key:[24]
Operation
BitLocker is a logical volume encryption system. A volume may or may not be an entire hard disk drive, or it can span one or more physical drives. Also, when enabled, TPM and BitLocker can ensure the integrity of the trusted boot path (e.g. BIOS, boot sector, etc.), in order to prevent most offline physical attacks, boot sector malware, etc.
In order for BitLocker to operate, at least two NTFS-formatted volumes are required: one for the operating system (usually C:) and another with a minimum size of 100 MB[30] from which the operating system boots. BitLocker requires the system volume to remain unencrypted[31]—on Windows Vista this volume must be assigned a drive letter, while on Windows 7 that is not required. Unlike previous versions of Windows, Vista's "diskpart" command-line tool includes the ability to shrink the size of an NTFS volume so that the system volume for BitLocker may be created from already allocated space. A tool called the BitLocker Drive Preparation Tool is also available from Microsoft that allows an existing volume on Windows Vista to be shrunk to make room for a new boot volume and for the necessary bootstrapping files to be transferred to it;[32] Windows 7 creates the secondary boot volume by default, even if BitLocker is not used initially.
Once an alternate boot partition has been created, the TPM module needs to be initialized (assuming that this feature is being used), after which the required disk encryption key protection mechanisms such as TPM, PIN or USB key are configured. The volume is then encrypted as a background task, something that may take a considerable amount of time with a large disk as every logical sector is read, encrypted and rewritten back to disk. The keys are only protected after the whole volume has been encrypted, when the volume is considered secure. BitLocker uses a low-level device driver to encrypt and decrypt all file operations, making interaction with the encrypted volume transparent to applications running on the platform.
Encrypting File System (EFS) may be used in conjunction with BitLocker to provide protection once the operating system kernel is running. Protection of the files from processes and users within the operating system can only be performed using encryption software that operates within Windows, such as EFS. BitLocker and EFS, therefore, offer protection against different classes of attacks.[33]
In Active Directory environments, BitLocker supports optional key escrow to Active Directory, although a schema update may be required for this to work (i.e. if the Active Directory Services are hosted on a Windows version previous to Windows Server 2008).
BitLocker and other full disk encryption systems can be attacked by a rogue bootmanager. Once the malicious bootloader captures the secret, it can decrypt the Volume Master Key (VMK), which would then allow access to decrypt or modify any information on an encrypted hard disk. By configuring a TPM to protect the trusted boot pathway, including the BIOS and boot sector, BitLocker can mitigate this threat. (Note that some non-malicious changes to the boot path may cause a Platform Configuration Register check to fail, and thereby generate a false warning.)[34]
To use BitLocker on the primary system device, Compatibility Support Module (CSM) needs to be disabled in the Unified Extensible Firmware Interface.
Security concerns
According to Microsoft sources,[35] BitLocker does not contain an intentionally built-in backdoor; without a backdoor there is no way for law enforcement to have a guaranteed passage to the data on the user's drives that is provided by Microsoft. The lack of any backdoor has been a concern to the UK Home Office,[36] which tried entering into talks with Microsoft to get one introduced, although Microsoft developer Niels Ferguson and other Microsoft spokesmen state that they will not grant the wish to have one added.[37] Microsoft engineers have said that FBI agents also put pressure on them in numerous meetings in order to add a backdoor, although no formal, written request was ever made; Microsoft engineers eventually suggested to the FBI that agents should look for the hard-copy of the key that the BitLocker program suggests its users to make.[38] Although the AES encryption algorithm used in BitLocker is in the public domain, its implementation in BitLocker, as well as other components of the software, are proprietary; however, the code is available for scrutiny by Microsoft partners and enterprises, subject to a non-disclosure agreement.[39][40]
The "Transparent operation mode" and "User authentication mode" of BitLocker use TPM hardware to detect if there are unauthorized changes to the pre-boot environment, including the BIOS and MBR. If any unauthorized changes are detected, BitLocker requests a recovery key on a USB device. This cryptographic secret is used to decrypt the Volume Master Key (VMK) and allow the bootup process to continue.[41]
Nevertheless, in February 2008, a group of security researchers published details of a so-called "cold boot attack" that allows full disk encryption systems such as BitLocker to be compromised by booting the machine off removable media, such as a USB drive, into another operating system, then dumping the contents of pre-boot memory.[42] The attack relies on the fact that DRAM retains information for up to several minutes (or even longer if cooled) after power has been removed. Use of a TPM alone does not offer any protection, as the keys are held in memory while Windows is running. Similar full disk encryption mechanisms of other vendors and other operating systems, including Linux and Mac OS X, are vulnerable to the same attack.[42] The authors recommend that computers be powered down when not in physical control of the owner (rather than be left in a "sleep" state) and that the encryption software be configured to require a password to boot the machine.
Once a BitLocker-protected machine is running, its keys are stored in memory where they may be susceptible to attack by a process that is able to access physical memory, for example, through a 1394 or Thunderbolt DMA channel.[43] Any cryptographic material in memory is at risk from this attack, which therefore is not specific to BitLocker.
Starting with Windows 8 and Windows Server 2012 Microsoft removed the Elephant Diffuser from the BitLocker scheme for no declared reason.[44] Dan Rosendorf's research shows that removing the Elephant Diffuser had an "undeniably negative impact" on the security of BitLocker encryption against a targeted attack.[45] Microsoft later cited performance concerns, and noncompliance with the Federal Information Processing Standards, to justify the diffuser's removal.[46]
On 10 November 2015, Microsoft released a security update to mitigate a security vulnerability in BitLocker that allowed authentication to be bypassed by employing a malicious Kerberos key distribution center, if the attacker had physical access to the machine, the machine was part of domain and had no PIN or USB protection.[47]
See also
- Features new to Windows Vista
- List of Microsoft Windows components
- Vista IO technologies
- Next-Generation Secure Computing Base
- FileVault
References
- ^ "What's new in BitLocker?". Retrieved January 24, 2016.
- ^ "Windows BitLocker Drive Encryption Frequently Asked Questions". TechNet Library. Microsoft. March 22, 2012. Retrieved September 5, 2007.
- ^ Ferguson, Niels (August 2006). "AES-CBC + Elephant Diffuser: A Disk Encryption Algorithm for Windows Vista" (PDF). Microsoft. Retrieved February 22, 2008.
{{cite journal}}
: Cite journal requires|journal=
(help) - ^ Ferguson, Niels (August 2006). "AES-CBC + Elephant diffuser: A Disk Encryption Algorithm for Windows Vista" (PDF). Retrieved October 7, 2016.
- ^ a b Biddle, Peter (2004). "Next-Generation Secure Computing Base". Microsoft. Archived from the original (PPT) on August 27, 2006. Retrieved January 30, 2015.
- ^ Thurrott, Paul (September 9, 2005). "Pre-PDC Exclusive: Windows Vista Product Editions". Supersite for Windows. Penton. Retrieved March 14, 2015.
- ^ a b Microsoft (April 22, 2005). "Secure Startup - Full Volume Encryption: Technical Overview" (DOC). Retrieved March 14, 2015.
- ^ Microsoft (April 21, 2005). "Secure Startup - Full Volume Encryption: Executive Overview" (DOC). Retrieved June 9, 2015.
- ^ a b "What's New in BitLocker for Windows 8 and Windows Server 2012". TechNet Library. Microsoft. February 15, 2012. Retrieved March 2, 2012.
- ^ "Windows BitLocker Drive Encryption Frequently Asked Questions". TechNet Library. Microsoft. March 22, 2012. Retrieved September 5, 2007.
- ^ Cite error: The named reference
Win10editions
was invoked but never defined (see the help page). - ^ "BitLocker Drive Encryption in Windows Vista". TechNet. Microsoft. Archived from the original on November 17, 2016.
- ^ Cite error: The named reference
Server2008R2
was invoked but never defined (see the help page). - ^ "BitLocker Drive Encryption Provider". MSDN Library. Microsoft. February 19, 2008. Retrieved February 22, 2008.
- ^ Hynes, Byron (June 2008). "Advances in BitLocker Drive Encryption". Technet Magazine. Microsoft. Retrieved July 18, 2008.
- ^ "Description of BitLocker To Go Reader". Microsoft. Retrieved September 7, 2013.
- ^ "Windows To Go: Frequently Asked Questions". technet.microsoft.com. Retrieved October 7, 2016.
- ^ Microsoft (September 13, 2011). "Encrypted Hard Drive Device Guide". Retrieved October 7, 2016.
- ^ a b "Device Encryption". Windows Mobile 6.5 Dev Center. Microsoft. April 8, 2010. Retrieved July 6, 2014.
- ^ Cunningham, Andrew (October 17, 2013). "Windows 8.1 includes seamless, automatic disk encryption—if your PC supports it". Ars Technica. Condé Nast. Retrieved July 6, 2014.
- ^ a b "Help protect your files with device encryption". Windows Help portal. Microsoft. Retrieved July 6, 2014.
- ^ Thurrott, Paul (June 4, 2013). "In Blue: Device Encryption". Paul Thurrott's SuperSite for Windows. Penton Media. Retrieved June 10, 2013.
- ^ "BitLocker Drive Encryption". Data Encryption Toolkit for Mobile PCs: Security Analysis. Microsoft. April 4, 2007. Retrieved September 5, 2007.
- ^ "ProtectKeyWithNumericalPassword method of the Win32_EncryptableVolume class". MSDN Library. Microsoft. February 19, 2008. Retrieved July 18, 2008.
- ^ "ProtectKeyWithTPM method of the Win32_EncryptableVolume class". MSDN Library. Microsoft. February 19, 2008. Retrieved July 18, 2008.
- ^ "ProtectKeyWithTPMAndPIN method of the Win32_EncryptableVolume class". MSDN Library. Microsoft. February 19, 2008. Retrieved July 18, 2008.
- ^ "ProtectKeyWithTPMAndPINAndStartupKey method of the Win32_EncryptableVolume class". MSDN Library. Microsoft. February 19, 2008. Retrieved July 18, 2008.
- ^ "ProtectKeyWithTPMAndStartupKey method of the Win32_EncryptableVolume class". MSDN Library. Microsoft. February 19, 2008. Retrieved July 18, 2008.
- ^ "ProtectKeyWithExternalKey method of the Win32_EncryptableVolume class". MSDN Library. Microsoft. February 19, 2008. Retrieved July 18, 2008.
- ^ "BitLocker Drive Encryption in Windows 7: Frequently Asked Questions". TechNet Library. Microsoft. March 22, 2012. Retrieved April 7, 2012.
- ^ "Windows BitLocker Drive Encryption Step-by-Step Guide".
- ^ "Description of the BitLocker Drive Preparation Tool". Microsoft. September 7, 2007. Archived from the original on February 19, 2008. Retrieved February 22, 2008.
- ^ Ou, George (June 8, 2007). "Prevent data theft with Windows Vista's Encrypted File System (EFS) and BitLocker". TechRepublic. CBS Interactive. Retrieved September 7, 2013.
- ^ "BitLocker Drive Encryption in Windows 7: Frequently Asked Questions". TechNet Library. Microsoft. March 22, 2012. Retrieved March 16, 2013.
- ^ "Back-door nonsense". System Integrity Team Blog. Microsoft. March 2, 2006. Archived from the original on February 9, 2010.
{{cite web}}
: Unknown parameter|deadurl=
ignored (|url-status=
suggested) (help) - ^ Stone-Lee, Ollie (February 16, 2006). "UK holds Microsoft security talks". BBC. Retrieved June 12, 2009.
- ^ Evers, Joris (March 3, 2006). "Microsoft: Vista won't get a backdoor". CNET. CBS Interactive. Retrieved May 1, 2008.
- ^ Franceschi-Bicchierai, Lorenzo. "Did the FBI Lean On Microsoft for Access to Its Encryption Software?". Mashable. Retrieved October 7, 2016.
- ^ Thurrott, Paul (June 10, 2015). "No Back Doors: Microsoft Opens Windows Source Code to EU Governments - Petri". Petri. Retrieved October 7, 2016.
- ^ Microsoft. "Shared Source Initiative". www.microsoft.com. Retrieved October 7, 2016.
- ^ Byron, Hynes. "Keys to Protecting Data with BitLocker Drive Encryption". TechNet Magazine. Microsoft. Retrieved August 21, 2007.
- ^ a b Halderman, J. Alex; Schoen, Seth D.; Heninger, Nadia; Clarkson, William; Paul, William; Calandrino, Joseph A.; Feldman, Ariel J.; Appelbaum, Jacob; Felten, Edward W (February 21, 2008). "Lest We Remember: Cold Boot Attacks on Encryption Keys" (PDF). Princeton University. Retrieved February 22, 2008.
{{cite journal}}
: Cite journal requires|journal=
(help) - ^ "Blocking the SBP-2 driver and Thunderbolt controllers to reduce 1394 DMA and Thunderbolt DMA threats to BitLocker". Microsoft. March 4, 2011. Retrieved March 15, 2011.
- ^ "BitLocker Overview". technet.microsoft.com. Retrieved October 7, 2016.
- ^ Rosendorf, Dan (May 23, 2013). "Bitlocker: A little about the internals and what changed in Windows 8" (PDF). Archived from the original (PDF) on May 22, 2016. Retrieved 7 October 2016.
{{cite web}}
: Unknown parameter|deadurl=
ignored (|url-status=
suggested) (help) - ^ Lee, Micah (June 4, 2015). "Microsoft Gives Details About Its Controversial Disk Encryption". The Intercept. Retrieved October 7, 2016.
- ^ "Microsoft Security Bulletin MS15-122 - Important". Security TechCenter. Microsoft. November 10, 2015. Retrieved November 12, 2015.