Windows Connected recently had an opportunity to ask the Windows Vista Bitlocker team a number of questions submitted by our community, here are the results.
Windows Connected - Who are you and what team do you work on?
Russell Humphries - My name is Russell Humphries and I am the Senior Product Manager for BitLocker™ Drive Encryption (BitLocker)
Windows Connected - Tell us a little bit about yourself.
Russell Humphries - I have been in the IT industry for nearly 20 years and have spent the last 10 years focusing on the creation and provision of usable security solutions. I have been at Microsoft for 2 years and was hired to be the Lead Project Manager for the product now known as BitLocker.
Windows Connected - Can you give us a quick overview of BitLocker and how it works.
Russell Humphries - BitLocker™ Drive Encryption is an exciting new feature in Windows Vista™ that provides enhanced data protection for your computer.
BitLocker is Microsoft’s response to one of our top customer requests: address the very real threats of data theft or exposure from lost, stolen or inappropriately decommissioned PC hardware and tightly integrate the solution into Windows.
BitLocker prevents a thief who boots another OS or runs a software hacking tool from breaking Windows Vista file and system protections or performing offline viewing of the files stored on the protected drive. It is a hardware-enhanced full disk encryption feature that addresses the clear need for enhanced data protection.
The feature optionally uses a Trusted Platform Module (TPM) 1.2 to protect user data and to ensure that a PC running Windows Vista has not been tampered with while the system was offline. BitLocker provides both mobile and office enterprise information workers with enhanced data protection should their systems be lost or stolen and secure data deletion when it comes time to decommission those assets.
Windows Connected - What form of encryption is or can be used? Is it configurable?
Russell Humphries -BitLocker leverages AES as its encryption algorithm with configurable key lengths of 128 or 256 bits. These options are configurable using Group Policy.
Windows Connected - Is a brute force attack possible and if so how long would it take to crack?
Russell Humphries -Brute force attacks against the volume encryption keys are currently computationally unfeasible just as with any other AES 128-bit or 256-bit protected data.
BitLocker also has an optional PIN or USB ‘multi-factor authentication’ feature that can be used in conjunction with a TPM for added layers of security.
Windows Connected - What other types of attacks is Bitlocker susceptible too? i.e. what are it's weaknesses
Russell Humphries -That depends on the configuration of BitLocker that the user implements.
Using the PIN or USB multi-factor authentication options along with the TPM provides higher security, though it also requires that users not leave a PIN written down or the USB key left with the computer. Configurations that don’t take advantage of these external key authentication options may be susceptible to hardware based attacks, though that would be dependent on the hardware configuration of the computer.
Also, when using BitLocker with Windows Vista, the security of the OS still relies on users choosing strong passwords for logon, so weak passwords are still a concern.
Windows Connected - What performance impact if any will Bitlocker add to a Windows Vista machine?
Russell Humphries -It is too early to be talking about performance impact on the Windows Vista OS; however we expect that BitLocker will have negligible affect on day to day PC performance.
Windows Connected - Will we be able to encrypt more than just the OS volume at Windows Vista RTM?
Russell Humphries -When released BitLocker will provide encryption for the entire operating system volume, including Windows system files and the hibernation file, which helps protect data from being revealed from a lost or stolen PC asset. A user can optionally use the Encrypting File System (EFS) feature within Windows Vista to protect other volumes. The root secrets of EFS are stored by default on the O/S volume, so therefore if BitLocker is enabled for the OS volume all data protected by EFS will be additionally protected by BitLocker. Security in depth.
Windows Connected - What is the most secure way to configure Bitlocker?
Russell Humphries - The most secure way to configure BitLocker is to use a TPM 1.2 with a Trusted Computing Group-compliant BIOS implementation plus a startup key. A startup key provides for an additional factor of authentication by requiring either an additional physical key (USB flash drive with a machine-readable key written to it) or entry of PIN set by the user. Strong user login/password protocols are also a requirement.
Windows Connected - What are the different ways I will be able to store a recovery key?
Russell Humphries - The recovery password can be saved to a folder, saved to a/several USB key/s or just sent to printer. A domain administrator can additionally configure group policy to automatically generate recovery passwords and transparently escrow them to Active Directory.
Windows Connected - How can I as a corporate admin administer recover the keys?
Russell Humphries - Administrators can handle recovery keys in whatever manner is most appropriate for their infrastructure. In enterprise environments the most efficient way to handle key material is to utilize BitLocker’s ability to escrow the keys in Active Directory. This can be enabled via Group Policy or WMI. Recovery keys can be accessed whenever they are needed by domain administrators using scripts or simple LDAP commands. Another option is to store recovery keys on USB media. The USB devices can be kept separate from the machine, and an extra layer of physical access control can be implemented by the enterprise administrator to help protect those keys.
Windows Connected - If I lose my recovery key would my data be unrecoverable?
Russell Humphries - Yes. When in recovery mode the user would need the recovery password/key to unlock the encrypted volume. Hence, it is highly recommended to either escrow the recovery password to Active Directory or other safe location. However this is a valuable feature when it comes to the end-of-life of the PC asset. We will be providing scripts that place the machine into a recovery state so that only the recovery key holder can access the disks contents. This is very valuable when PCs are being sold or redeployed.
Windows Connected - How will supporting an encrypted machine be different? If a drive is having an issue booting, etc.
Russell Humphries - Depending on the scenario there will be little difference than when administering an unencrypted drive. The only tangible difference is that, depending on the type of failure, a user might have to enter recovery mode to unlock the drive and make the contents accessible again.
Windows Connected - Today to enable Bitlocker you need to create two separate partition during setup, will it be possible in the future to enable Bitlocker on a system that already has Windows Vista installed without rebuilding the system?
Russell Humphries - We listen to our customers and, naturally, we will always strive to make the installation and activation of a feature as easy and painless as possible; however I cannot make any speculation as to the direction of future BitLocker implementations.
Windows Connected - Is Microsoft pursuing Common Criteria, FIPS, or any other security certification for Bitlocker?
Russell Humphries - Microsoft is currently working on FIPS 140-2 certification of BitLocker Drive Encryption. We are of course also investigating BitLocker with regards to Common Criteria evaluations.
Windows Connected - Currently you need a TPM chip of 1.2 to enable disk encryption with TPM, is there any possibility of supporting the older TPM chips? If not, Why?
Russell Humphries - BitLocker is written to support the 1.2 revision of the TPM chip and it is unlikely that it will be back-ported to the older TPM chip implementation. The 1.2 specification provides a higher level of security and standardization.
Windows Connected - Today you support a pre-boot pin, will future builds of Windows Vista support any two factor pre-boot authentication like Smartcard or Biometrics?
Russell Humphries - Actually the current implementation supports both pre-boot PIN and USB Startup Key as part of the BitLocker multi-factor authentication model. A user can enhance the security level offered by the TPM by either selecting to enter a pre-boot PIN as part of the boot authentication process or provide a USB device that has a startup key stored on it (created when the feature is activated).
The BitLocker engineering team is investigating ways to add support for numerous multi-factor authentication scenarios – like any MS product development we will continue to develop and innovate in response to our customers needs.
Windows Connected - What types of changes would cause the integrity check on my system to fail and cause the disk to not decrypt? Specifically, can I install Credential Providers, Password Filters, Credential Managers, and Services without worry?
Russell Humphries - Yes - you can install all of those things without triggering a failure in the integrity check. That is because those, and similar, modules are being loaded after the BitLocker integrity checks are completed and the volume encryption key has been released to the O/S from the early boot environment.
Unauthorized changing of the BIOS, MBR, boot sector, boot manager or other early boot components would cause a failure in the integrity checks and keep the TPM-protected key from being released. This is by design; as unauthorized modification of any of those components could and should be perceived as an attack. Of course the BitLocker feature provides methods for authenticated system administrators to update these components if required. I should point out that the disk is not decrypted per-se but rather the encryption and decryption occurs on-the-fly.
Windows Connected - Can you explain exactly why we must use the function keys (F1 through F10) to enter the 48 character recovery key instead of just using the regular number keys or numeric keypad?
Russell Humphries - Only F1-F10 keys are universally available pre-boot across all OEMs and languages. However where available the numeric keys 0-9 are now also usable.
Windows Connected - Why does Microsoft think that this is an important technology?
Russell Humphries - Data theft or – perhaps worse – unwanted exposure from lost or stolen PC devices is a growing concern among security experts and corporate executives. Loss of this information can be damaging to the reputation and long term survival of an organization—resulting in lost revenue, weakened competitive advantage and reduction in customer confidence.
Recent government regulations have emerged that focus on data protection and the requirement for privacy. This legislation has a strong impact on organizational storage policies, especially for PC devices that have a relatively short lifespan and are often either portable or easily lost or stolen.
BitLocker provides stronger protection for Windows Vista based systems, even when the system is in unauthorized hands. This feature in Windows Vista protects an entire volume from offline data viewing and other attacks and prevents information on lost or stolen computers from being revealed. It also helps protect against attacks by anyone who boots another operating system or runs a software hacking tool.
Windows Connected - Who is the target audience for BitLocker?
Russell Humphries - The target audience for BitLocker is, in short, any organization that has data of value stored on PC assets where the loss or revelation of that data would have a negative impact on the organization, its customers, shareholders or personnel.
BitLocker Drive Encryption is designed to provide the data protection these organizations need whilst also providing for a transparent user experience and that is simple to deploy and manage.
Windows Connected - What sets BitLocker apart from other drive encryption products available today?
Russell Humphries - BitLocker leverages the 1.2 specification TPM chip and the Trusted Computing Group (TCG) specification for the Static Root of Trust Measurement (SRTM) to provide a high level of tamper detection to early boot code. This combined with integrated disk encryption provides for the most resilient data-at-rest O/S solution ever offered for a Windows™ environment.
Additionally, BitLocker has been tightly integrated into Windows Vista and provides a seamless, secure and easily manageable data protection solution for the enterprise. For example, BitLocker optionally leverages an enterprise’s existing Active Directory infrastructure to remotely escrow recovery keys.
Windows Connected would like to thank the Bitlocker team for taking the time to answer these questions for our community.
Posted
Mar 03 2006, 12:23 PM
by
Josh Phillips
Did you enjoy this article? If yes, then subscribe to our
