BitLocker, Brossard’s Pre-boot Authentication Research, and the BSI

Attending DEFCON presentations that target a product you use or helped build can be exciting in a bad way.  And believe me – knowing the fix has already been shipped reduces that excitement… in a very good way.  This is what made Jonathan Brossard’s DEFCON 16 presentation Bypassing pre-boot authentication passwords  less exciting for me:…

1

Redirect to new post title

Protecting BitLocker from Cold Attacks (and other threats)

0

Protecting BitLocker from Cold Attacks (and other threats)

Hi. My name is Douglas MacIver and I specialize in security assurance at Microsoft as a member of the BitLocker Test Team.  My responsibilities on the team are to perform BitLocker penetration testing and risk analysis. As you may have seen in the press, last week researchers at Princeton University published a paper and video…

1

Detecting BitLocker

Although the most appropriate way to detect BitLocker is to use the interfaces in BitLocker’s WMI provider, specifically the “GetEncryptionMethod”, But sometimes, you might wish to detect a BitLocker volume when the WMI provider is not available – such as when running a disk tool from another OS. I stress that the “GetEncryptionMethod” should always…

0

Multi-boot Security

As people start analyzing BitLocker, a question that keeps getting raised is “Can I break into BitLocker by installing another copy of Vista?” This blog entry intends to show how BitLocker allows and supports multi-boot without compromising security. There is a saying that “if it walks like a duck and talks like a duck it…

0

BitLocker cryptographic algorithm published

While working on the BitLocker data encryption we realized that no existing algorithm satisfied all the requirements that we had. We resolved this by combining AES-CBC with a specialized diffuser that improves the security against manipulation attacks. The paper describing all of this in detail finally made it through all the procedural hoops, and is…

1

BitLocker recovery password details

Recently the BitLocker Penetration team was asked some questions about the security of the recovery password. Even if you use BitLocker every day, you may never have seen the recovery password entry screen – it is displayed by the Boot Manager in the situation where the key it needs to unlock your BitLocker protected volume…

2

AES test vectors

I’ve been working to optimize our AES implementation. BitLocker encrypts and decrypts more data than all other features in Windows Vista combined, so we have the most to gain from a fast implementation.   I won’t bore you with the details of optimizing AES in assembler. Let’s just say that the Pentium 4 has various…

0

Finding a Secure PIN

BitLocker Drive Encryption offers users a number of different modes to protect the key used in encrypting/decrypting data. One of these modes requires a PIN be entered at boot time, which is used as authorization data to the TPM, and allows the key to be unsealed. As a penetration tester on BitLocker, I’ve been examining…

0

What got me out of bed today?

Recently I read yet another report (http://www.komotv.com/stories/42263.htm) of stolen laptops resulting in a bigger loss then the monetary cost of the hardware.  When we interact with different companies and provide personal information, such as credit cards, bank accounts, social security numbers, or even our mothers’ maiden names, we are entrusting the company to handle that…

4