Detecting BitLocker

Although the most appropriate way to detect BitLocker is to use the interfaces in BitLocker’s WMI provider, specifically the “GetEncryptionMethod”, But sometimes, you might wish to detect a BitLocker volume when the WMI provider is not available – such as when running a disk tool from another OS. I stress that the “GetEncryptionMethod” should always…

0

Multi-boot Security

As people start analyzing BitLocker, a question that keeps getting raised is “Can I break into BitLocker by installing another copy of Vista?” This blog entry intends to show how BitLocker allows and supports multi-boot without compromising security. There is a saying that “if it walks like a duck and talks like a duck it…

0

BitLocker cryptographic algorithm published

While working on the BitLocker data encryption we realized that no existing algorithm satisfied all the requirements that we had. We resolved this by combining AES-CBC with a specialized diffuser that improves the security against manipulation attacks. The paper describing all of this in detail finally made it through all the procedural hoops, and is…

1

BitLocker recovery password details

Recently the BitLocker Penetration team was asked some questions about the security of the recovery password. Even if you use BitLocker every day, you may never have seen the recovery password entry screen – it is displayed by the Boot Manager in the situation where the key it needs to unlock your BitLocker protected volume…

2

AES test vectors

I’ve been working to optimize our AES implementation. BitLocker encrypts and decrypts more data than all other features in Windows Vista combined, so we have the most to gain from a fast implementation.   I won’t bore you with the details of optimizing AES in assembler. Let’s just say that the Pentium 4 has various…

0

Finding a Secure PIN

BitLocker Drive Encryption offers users a number of different modes to protect the key used in encrypting/decrypting data. One of these modes requires a PIN be entered at boot time, which is used as authorization data to the TPM, and allows the key to be unsealed. As a penetration tester on BitLocker, I’ve been examining…

0

What got me out of bed today?

Recently I read yet another report (http://www.komotv.com/stories/42263.htm) of stolen laptops resulting in a bigger loss then the monetary cost of the hardware.  When we interact with different companies and provide personal information, such as credit cards, bank accounts, social security numbers, or even our mothers’ maiden names, we are entrusting the company to handle that…

4

Back-door nonsense

Two weeks ago BBC News published an article speculating about a possible “back door” in BitLocker (http://news.bbc.co.uk/1/hi/uk_politics/4713018.stm). The suggestion is that we are working with governments to create a back door so that they can always access BitLocker-encrypted data.   Over my dead body.   Well, maybe not literally—I’m not ready to be a martyr…

2

Welcome to the System Integrity Team blog.

I finally managed to organize a team blog so that we can put out some technical information without going through the marketing machine.   You might not have heard about the System Integrity group. We used to be called NGSCB, which was always a temporary name but it took more than 2 years before we…

1