BitLocker Drive Encryption is a
full disk encryptionDisk encryption uses disk encryption software or hardware to encrypt every bit of data that goes on a disk or disk volume. Disk encryption prevents unauthorized access to data storage. The term "full disk encryption" is often used to signify that everything on a disk is encrypted, including the...
feature included with the Ultimate and Enterprise editions of
MicrosoftMicrosoft Corporation is an American public multinational corporation headquartered in Redmond, Washington, USA that develops, manufactures, licenses, and supports a wide range of products and services predominantly related to computing through its various product divisions...
's
Windows VistaWindows Vista is an operating system released in several variations developed by Microsoft for use on personal computers, including home and business desktops, laptops, tablet PCs, and media center PCs...
and Windows 7 desktop
operating systemAn operating system is a set of programs that manage computer hardware resources and provide common services for application software. The operating system is the most important type of system software in a computer system...
s, as well as the Windows Server 2008 and
Windows Server 2008 R2Windows Server 2008 R2 is a server operating system produced by Microsoft. It was released to manufacturing on July 22, 2009 and launched on October 22, 2009. According to the Windows Server Team blog, the retail availability was September 14, 2009. It is built on Windows NT 6.1, the same core...
server platforms. It is designed to protect data by providing
encryptionIn cryptography, encryption is the process of transforming information using an algorithm to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. The result of the process is encrypted information...
for entire
volumeIn the context of computer operating systems, volume is the term used to describe a single accessible storage area with a single file system, typically resident on a single partition of a hard disk. Similarly, it refers to the logical interface used by an operating system to access data stored on...
s. By default it uses the
AESAdvanced Encryption Standard is a specification for the encryption of electronic data. It has been adopted by the U.S. government and is now used worldwide. It supersedes DES...
encryption algorithm in CBC mode with a 128 bit key, combined with the
Elephant diffuser for additional disk encryption specific security not provided by AES.
BitLocker is available only in the Enterprise and Ultimate editions of Windows Vista and Windows 7. Users of other versions of Windows that don't include BitLocker could use a third-party encryption program to satisfy the need for full drive encryption (see
Comparison of disk encryption software-Background information:-Operating systems:-Features:* Hidden containers: Whether hidden containers can be created for deniable encryption...
). In the RTM release of Windows Vista, only the operating system volume could be encrypted using the GUI and encrypting other volumes required using
WMIWindows Management Instrumentation is a set of extensions to the Windows Driver Model that provides an operating system interface through which instrumented components provide information and notification...
-based scripts included in Windows Vista in the
%Windir%\System32 folder. An example of how to use the WMI interface is in the script
manage-bde.wsf, that can be used to set up and manage BitLocker from the command line. With Windows Vista Service Pack 1 and Windows Server 2008, volumes other than the
operating systemAn operating system is a set of programs that manage computer hardware resources and provide common services for application software. The operating system is the most important type of system software in a computer system...
volume can be BitLocker-protected using the graphical Control Panel applet as well.
The latest version of BitLocker, included in Windows 7 and Windows Server 2008 R2, adds the ability to encrypt removable drives.
Overview
There are three authentication mechanisms that can be used as building blocks to implement BitLocker encryption:
- Transparent operation mode: This mode utilizes the capabilities of Trusted Platform Module
In computing, Trusted Platform Module is both the name of a published specification detailing a secure cryptoprocessor that can store cryptographic keys that protect information, as well as the general name of implementations of that specification, often called the "TPM chip" or "TPM Security...
(TPM) 1.2 hardware to provide for a transparent user experience—the user powers up and logs onto Windows as normal. The key used for the disk encryption is sealed (encrypted) by the TPM chip and will only be released to the OS loader code if the early boot files appear to be unmodified. The pre-OS components of BitLocker achieve this by implementing a Static Root of Trust Measurement—a methodology specified by the Trusted Computing GroupThe Trusted Computing Group , successor to the Trusted Computing Platform Alliance , is an initiative started by AMD, Hewlett-Packard, IBM, Intel, and Microsoft to implement Trusted Computing...
. This mode is vulnerable to a cold boot attackIn cryptography, a cold boot attack is a type of side channel attack in which an attacker with physical access to a computer is able to retrieve encryption keys from a running operating system after using a cold reboot to restart the machine from a completely "off" state...
, as it allows a powered-down machine to be bootedIn computing, booting is a process that begins when a user turns on a computer system and prepares the computer to perform its normal operations. On modern computers, this typically involves loading and starting an operating system. The boot sequence is the initial set of operations that the...
by an attacker.
- User authentication mode: This mode requires that the user provide some authentication to the pre-boot environment in the form of a pre-boot PIN
A personal identification number is a secret numeric password shared between a user and a system that can be used to authenticate the user to the system. Typically, the user is required to provide a non-confidential user identifier or token and a confidential PIN to gain access to the system...
. This mode is vulnerable to a bootkit attack.
- USB Key Mode: The user must insert a USB device that contains a startup key into the computer to be able to boot the protected OS. Note that this mode requires that the BIOS on the protected machine supports the reading of USB devices in the pre-OS environment. This mode is also vulnerable to a bootkit attack.
- Recovery password: A numerical key protector for recovery purposes.
- Recovery key: An external key for recovery purposes.
- Certificate: Adds a certificate-based public key protector for recovery purposes.
- Password: Adds a password key protector for a data volume.
The following permutations of the above authentication mechanisms are supported, all with an optional
escrowAn escrow is:* an arrangement made under contractual provisions between transacting parties, whereby an independent trusted third party receives and disburses money and/or documents for the transacting parties, with the timing of such disbursement by the third party dependent on the fulfillment of...
recovery key:
- TPM only
- TPM + PIN
- TPM + PIN + USB Key
- TPM + USB Key
- USB Key
Operation
Contrary to the official name, BitLocker Drive Encryption is a logical
volumeIn the context of computer operating systems, volume is the term used to describe a single accessible storage area with a single file system, typically resident on a single partition of a hard disk. Similarly, it refers to the logical interface used by an operating system to access data stored on...
encryption system. A volume may or may not be an entire drive, and can span one or more physical drives. Also, when enabled TPM and BitLocker can ensure the integrity of the trusted boot path (e.g. BIOS, boot sector, etc.), in order to prevent most offline physical attacks, boot sector malware, etc.
In order for BitLocker to operate, the hard disk requires at least two
NTFSNTFS is the standard file system of Windows NT, including its later versions Windows 2000, Windows XP, Windows Server 2003, Windows Server 2008, Windows Vista, and Windows 7....
-formatted
volumesIn the context of computer operating systems, volume is the term used to describe a single accessible storage area with a single file system, typically resident on a single partition of a hard disk. Similarly, it refers to the logical interface used by an operating system to access data stored on...
: one for the
operating systemAn operating system is a set of programs that manage computer hardware resources and provide common services for application software. The operating system is the most important type of system software in a computer system...
(usually C:) and another with a minimum size of 100 MB from which the operating system
bootsIn computing, booting is a process that begins when a user turns on a computer system and prepares the computer to perform its normal operations. On modern computers, this typically involves loading and starting an operating system. The boot sequence is the initial set of operations that the...
. BitLocker requires the boot volume to remain unencrypted—on Windows Vista this volume must be assigned a drive letter, while on Windows 7 it does not. Unlike previous versions of Windows, Vista's "diskpart" command-line tool includes the ability to shrink the size of an NTFS volume so that the system volume for BitLocker can be created from already-allocated space. A tool called the "BitLocker Drive Preparation Tool" is also available from Microsoft that allows an existing volume on Windows Vista to be shrunk to make room for a new boot volume, and for the necessary bootstrapping files to be transferred to it; Windows 7 creates the secondary boot volume by default, even if BitLocker is not used initially.
Once an alternate boot partition has been created, the TPM module needs to be initialized (assuming that this feature is being used), after which the required disk encryption key protection mechanisms such as TPM, PIN or USB key are configured. The volume is then encrypted as a background task, something that can take a considerable amount of time with a large disk as every logical sector is read, encrypted and rewritten back to disk. Only once the whole volume has been encrypted are the keys protected, and the volume considered secure. BitLocker uses a low-level device driver to encrypt and decrypt all file operations, making interaction with the encrypted volume transparent to applications running on the platform.
The Microsoft
Encrypting File SystemThe Encrypting File System on Microsoft Windows is a feature introduced in version 3.0 of NTFS that provides filesystem-level encryption...
(EFS) may be used in conjunction with BitLocker to provide protection once the operating system kernel is running. Protection of the files from processes/users within the operating system can only be performed using encryption software that operates within Windows, such as EFS. BitLocker and EFS therefore offer protection against different classes of attacks.
In
Active DirectoryActive Directory is a directory service created by Microsoft for Windows domain networks. It is included in most Windows Server operating systems. Server computers on which Active Directory is running are called domain controllers....
environments, BitLocker supports optional
key escrowKey escrow is an arrangement in which the keys needed to decrypt encrypted data are held in escrow so that, under certain circumstances, an authorized third party may gain access to those keys...
to
Active DirectoryActive Directory is a directory service created by Microsoft for Windows domain networks. It is included in most Windows Server operating systems. Server computers on which Active Directory is running are called domain controllers....
, although a schema update may be required for this to work (i.e. if the Active Directory Directory Services are hosted on a Windows version previous to Windows Server 2008).
Other systems like BitLocker can have their recovery key/password entry process
spoofedIn the context of network security, a spoofing attack is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gaining an illegitimate advantage.- Spoofing and TCP/IP :...
by another bootmanager or OS install. Once the spoofed software captured the secret, it could be used to decrypt the Volume Master Key (VMK), which would then allow access to decrypt or modify any information on the user's BitLocker-encrypted hard disk. By configuring a
TPMIn computing, Trusted Platform Module is both the name of a published specification detailing a secure cryptoprocessor that can store cryptographic keys that protect information, as well as the general name of implementations of that specification, often called the "TPM chip" or "TPM Security...
to protect the trusted
bootIn computing, booting is a process that begins when a user turns on a computer system and prepares the computer to perform its normal operations. On modern computers, this typically involves loading and starting an operating system. The boot sequence is the initial set of operations that the...
pathway, including the
BIOSIn IBM PC compatible computers, the basic input/output system , also known as the System BIOS or ROM BIOS , is a de facto standard defining a firmware interface....
and
boot sectorA boot sector or boot block is a region of a hard disk, floppy disk, optical disc, or other data storage device that contains machine code to be loaded into random-access memory by a computer system's built-in firmware...
, this threat can be removed.
Security concerns
According to Microsoft sources, BitLocker does not contain an intentionally built-in backdoor; there is no way for law enforcement to have a guaranteed passage to the data on the user's drives that is provided by Microsoft. The lack of any backdoor has been a concern to the UK Home Office, which tried entering into talks with Microsoft to get one introduced, though Microsoft developer
Niels FergusonNiels T. Ferguson is a Dutch cryptographer and consultant who currently works for Microsoft. He has worked with others, including Bruce Schneier, designing cryptographic algorithms, testing algorithms and protocols, and writing papers and books...
and other Microsoft spokesmen state that they have not granted the wish to have one added. Although the AES encryption algorithm used in BitLocker is in the
public domainWorks are in the public domain if the intellectual property rights have expired, if the intellectual property rights are forfeited, or if they are not covered by intellectual property rights at all...
, its actual implementation in BitLocker, as well as other components of the software, are
closed sourceProprietary software is computer software licensed under exclusive legal right of the copyright holder. The licensee is given the right to use the software under certain conditions, while restricted from other uses, such as modification, further distribution, or reverse engineering.Complementary...
; however, the code is available for scrutiny by Microsoft partners and enterprises, subject to a
non-disclosure agreementA non-disclosure agreement , also known as a confidentiality agreement , confidential disclosure agreement , proprietary information agreement , or secrecy agreement, is a legal contract between at least two parties that outlines confidential material, knowledge, or information that the parties...
.
The "Transparent operation mode" and "User authentication mode" of BitLocker use the TPM hardware to detect if there are unauthorized changes to the pre-boot environment, including the
BIOSIn IBM PC compatible computers, the basic input/output system , also known as the System BIOS or ROM BIOS , is a de facto standard defining a firmware interface....
and
MBRA master boot record is a type of boot sector popularized by the IBM Personal Computer. It consists of a sequence of 512 bytes located at the first sector of a data storage device such as a hard disk...
. If any unauthorized changes are detected, BitLocker requests a recovery
keyIn cryptography, a key is a piece of information that determines the functional output of a cryptographic algorithm or cipher. Without a key, the algorithm would produce no useful result. In encryption, a key specifies the particular transformation of plaintext into ciphertext, or vice versa...
on a USB device, or a recovery password entered by hand. Either of these cryptographic secrets are used to decrypt the Volume Master Key (VMK) and allow the
bootupIn computing, booting is a process that begins when a user turns on a computer system and prepares the computer to perform its normal operations. On modern computers, this typically involves loading and starting an operating system. The boot sequence is the initial set of operations that the...
process to continue.
Nevertheless, in February 2008, a group of security researchers published details of a so called "
cold boot attackIn cryptography, a cold boot attack is a type of side channel attack in which an attacker with physical access to a computer is able to retrieve encryption keys from a running operating system after using a cold reboot to restart the machine from a completely "off" state...
" that allows a BitLocker-protected machine to be compromised by booting the machine off removable media, such as a
USBUSB is an industry standard developed in the mid-1990s that defines the cables, connectors and protocols used in a bus for connection, communication and power supply between computers and electronic devices....
drive, into another operating system, then dumping the contents of pre-boot memory. The attack relies on the fact that
DRAMDram or DRAM may refer to:As a unit of measure:* Dram , an imperial unit of mass and volume* Armenian dram, a monetary unit* Dirham, a unit of currency in several Arab nationsOther uses:...
retains informationData remanence is the residual representation of data that remains even after attempts have been made to remove or erase the data. This residue may result from data being left intact by a nominal file deletion operation, by reformatting of storage media that does not remove data previously written...
for up to several minutes (or even longer if cooled) after power has been removed. Use of a TPM module alone does not offer any protection, as the keys are held in memory while Windows is running, although
two-factor authenticationTwo-factor authentication is an approach to authentication which requires the presentation of two different kinds of evidence that someone is who they say they are. It is a part of the broader family of multi-factor authentication, which is a defense in depth approach to security...
, i.e. using TPM together with a PIN, offers better protection for machines that are not powered on when physical access to them is obtained. Similar full disk encryption mechanisms of other vendors and other operating systems, including
LinuxLinux is a Unix-like computer operating system assembled under the model of free and open source software development and distribution. The defining component of any Linux system is the Linux kernel, an operating system kernel first released October 5, 1991 by Linus Torvalds...
and
Mac OS XMac OS X is a series of Unix-based operating systems and graphical user interfaces developed, marketed, and sold by Apple Inc. Since 2002, has been included with all new Macintosh computer systems...
, are vulnerable to the same attack. The authors recommend that computers be powered down when not in physical control of the owner (rather than be left in a
"sleep"Power management is a feature of some electrical appliances, especially copiers, computers and computer peripherals such as monitors and printers, that turns off the power or switches the system to a low-power state when inactive. In computing this is known as PC power management and is built...
state) and that a password also be required to boot the machine.
Once a BitLocker-protected machine is running, its keys are stored in memory where they may be susceptible to attack by a process that is able to access physical memory, for example through a
1394The IEEE 1394 interface is a serial bus interface standard for high-speed communications and isochronous real-time data transfer, frequently used by personal computers, as well as in digital audio, digital video, automotive, and aeronautics applications. The interface is also known by the brand...
DMADirect memory access is a feature of modern computers that allows certain hardware subsystems within the computer to access system memory independently of the central processing unit ....
channel. Any cryptographic material in memory is at risk from this attack, which is therefore not specific to BitLocker.
See also
- Disk encryption
Disk encryption is a special case of data at rest protection when the storage media is a sector-addressable device . This article presents cryptographic aspects of the problem...
- Full disk encryption
Disk encryption uses disk encryption software or hardware to encrypt every bit of data that goes on a disk or disk volume. Disk encryption prevents unauthorized access to data storage. The term "full disk encryption" is often used to signify that everything on a disk is encrypted, including the...
- Comparison of disk encryption software
-Background information:-Operating systems:-Features:* Hidden containers: Whether hidden containers can be created for deniable encryption...
- Disk encryption software
To protect confidentiality of the data stored on a computer disk a computer security technique called disk encryption is used. This article discusses software that is used to implement the technique...
- Features new to Windows Vista
Windows Vista has many new features compared with previous Microsoft Windows versions, covering most aspects of the operating system.This article discusses the changes most likely to be of interest to non-technical users...
- List of Microsoft Windows components
- Vista IO technologies
Windows Vista introduced a number of new I/O functions to the Microsoft Windows line of operating systems. They are intended to shorten the time taken to boot the system, improve the responsiveness of the system, and improve the reliability of data storage....
- NGSCB
The Next-Generation Secure Computing Base , formerly known as Palladium, is a software architecture designed by Microsoft which is expected to implement parts of the controversial "Trusted Computing" concept on future versions of the Microsoft Windows operating system. NGSCB is part of...
- FileVault
FileVault is a system which encrypts files on a Macintosh computer. It can be found in the Mac OS X v10.4 "Tiger" operating system and later....
External links