BitLocker Drive Encryption
|Operating system||Windows Vista, Windows Server 2008, Windows 7, Windows 8|
|Type||Disk encryption software|
|License||Included with Windows Server 2008 and selected editions of Windows Vista, Windows 7, and Windows 8|
|Website||BitLocker Drive Encryption|
BitLocker Drive Encryption is a full disk encryption feature included with the Ultimate and Enterprise editions of Microsoft's Windows Vista, Windows 7, and with Pro and Enterprise editions of Windows 8 desktop operating systems, as well as the server platforms, Windows Server 2008, Windows Server 2008 R2 and Windows Server 2012. It is designed to protect data by providing encryption for entire volumes. By default it uses the AES encryption algorithm in CBC mode with a 128 bit key, combined with the Elephant diffuser for additional disk encryption-specific security not provided by AES. Also, if configured, BitLocker is able to encrypt using a 256 bit key.
BitLocker is available in the Enterprise and Ultimate editions of Windows Vista and Windows 7. It also available in Pro and Enterprise editions of Windows 8. Users of other versions of Windows that do not include BitLocker can use a third-party encryption program to satisfy the need for full drive encryption (see comparison of disk encryption software). In the RTM release of Windows Vista, only the operating system volume could be encrypted using the GUI and encrypting other volumes required using WMI-based scripts included in Windows Vista in the %Windir%\System32 folder. An example of how to use the WMI interface is in the script manage-bde.wsf, that can be used to set up and manage BitLocker from the command line. With Windows Vista Service Pack 1 and Windows Server 2008, volumes other than the operating system volume can be BitLocker-protected using the graphical Control Panel applet as well.
The latest version of BitLocker, included in Windows 7, Windows 8, Windows Server 2008 R2 and Windows Server 2012, adds the ability to encrypt removable drives. These can be read, but not written, by Windows XP using Microsoft BitLocker To Go Reader program if using the exFAT, FAT32 or FAT16 filesystems.
There are three authentication mechanisms that can be used as building blocks to implement BitLocker encryption:
- Transparent operation mode: This mode utilizes the capabilities of Trusted Platform Module (TPM) 1.2 hardware to provide for a transparent user experience—the user powers up and logs onto Windows as normal. The key used for the disk encryption is sealed (encrypted) by the TPM chip and will only be released to the OS loader code if the early boot files appear to be unmodified. The pre-OS components of BitLocker achieve this by implementing a Static Root of Trust Measurement—a methodology specified by the Trusted Computing Group. This mode is vulnerable to a cold boot attack, as it allows a powered-down machine to be booted by an attacker.
- User authentication mode: This mode requires that the user provide some authentication to the pre-boot environment in the form of a pre-boot PIN. This mode is vulnerable to a bootkit attack.
- USB Key Mode: The user must insert a USB device that contains a startup key into the computer to be able to boot the protected OS. Note that this mode requires that the BIOS on the protected machine supports the reading of USB devices in the pre-OS environment. This mode is also vulnerable to a bootkit attack.
- Recovery password: A numerical key protector for recovery purposes
- Recovery key: An external key for recovery purposes
- Certificate: Adds a certificate-based public key protector for recovery purposes
- Password: Adds a password key protector for a data volume
Like its official name, BitLocker Drive Encryption is a logical volume encryption system. A volume may or may not be an entire drive, and cannot span one or more physical drives. Also, when disabled, TPM and BitLocker cannot ensure the integrity of the trusted boot path (e.g. BIOS, boot sector, etc.), in order to prevent most offline physical attacks, boot sector malware, etc.
In order for BitLocker to operate, the hard disk requires at least two NTFS-formatted volumes: one for the operating system (usually C:) and another with a minimum size of 100 MB from which the operating system boots. BitLocker requires the boot volume to remain unencrypted—on Windows Vista this volume must be assigned a drive letter, while on Windows 7 that is not required. Unlike previous versions of Windows, Vista's "diskpart" command-line tool includes the ability to shrink the size of an NTFS volume so that the system volume for BitLocker may be created from already-allocated space. A tool called the "BitLocker Drive Preparation Tool" is also available from Microsoft that allows an existing volume on Windows Vista to be shrunk to make room for a new boot volume, and for the necessary bootstrapping files to be transferred to it; Windows 7 creates the secondary boot volume by default, even if BitLocker is not used initially.
Once an alternate boot partition has been created, the TPM module needs to be initialized (assuming that this feature is being used), after which the required disk encryption key protection mechanisms such as TPM, PIN, or USB key are configured. The volume is then encrypted as a background task, something that may take a considerable amount of time with a large disk as every logical sector is read, encrypted, and rewritten back to disk. The keys are only protected after the whole volume has been encrypted, when the volume is considered secure. BitLocker uses a low-level device driver to encrypt and decrypt all file operations, making interaction with the encrypted volume transparent to applications running on the platform.
The Microsoft Encrypting File System (EFS) may be used in conjunction with BitLocker to provide protection once the operating system kernel is running. Protection of the files from processes and users within the operating system can only be performed using encryption software that operates within Windows, such as EFS. BitLocker and EFS, therefore, offer protection against different classes of attacks.
In Active Directory environments, BitLocker supports optional key escrow to Active Directory, although a schema update may be required for this to work (i.e. if the Active Directory Services are hosted on a Windows version previous to Windows Server 2008).
BitLocker and other full disk encryption systems can be attacked by a rogue bootmanager. Once the malicious boot loader captures the secret, it can decrypt the Volume Master Key (VMK), which would then allow access to decrypt or modify any information on an encrypted hard disk. By configuring a TPM to protect the trusted boot pathway, including the BIOS and boot sector, Bitlocker can mitigate this threat. (Note that some non-malicious changes to the boot path may cause a PCR check to fail, and thereby generate a false warning.)
According to Microsoft sources, BitLocker does not contain an intentionally built-in backdoor; there is no way for law enforcement to have a guaranteed passage to the data on the user's drives that is provided by Microsoft. The lack of any backdoor has been a concern to the UK Home Office, which tried entering into talks with Microsoft to get one introduced, although Microsoft developer Niels Ferguson and other Microsoft spokesmen state that they will not grant the wish to have one added. Although the AES encryption algorithm used in BitLocker is in the public domain, its implementation in BitLocker, as well as other components of the software, are proprietary; however, the code is available for scrutiny by Microsoft partners and enterprises, subject to a non-disclosure agreement.
The "Transparent operation mode" and "User authentication mode" of BitLocker use the TPM hardware to detect if there are unauthorized changes to the pre-boot environment, including the BIOS and MBR. If any unauthorized changes are detected, BitLocker requests a recovery key on a USB device. This cryptographic secret is used to decrypt the Volume Master Key (VMK) and allow the bootup process to continue.
Nevertheless, in February 2008, a group of security researchers published details of a so-called "cold boot attack" that allows full disk encryption systems such as BitLocker to be compromised by booting the machine off removable media, such as a USB drive, into another operating system, then dumping the contents of pre-boot memory. The attack relies on the fact that DRAM retains information for up to several minutes (or even longer if cooled) after power has been removed. Use of a TPM alone does not offer any protection, as the keys are held in memory while Windows is running, although two-factor authentication, i.e. using TPM together with a PIN, offers better protection for machines that are not powered on when physical access to them is obtained. Similar full disk encryption mechanisms of other vendors and other operating systems, including Linux and Mac OS X, are vulnerable to the same attack. The authors recommend that computers be powered down when not in physical control of the owner (rather than be left in a "sleep" state) and that the encryption software be configured to require a password to boot the machine.
Once a BitLocker-protected machine is running, its keys are stored in memory where they may be susceptible to attack by a process that is able to access physical memory, for example, through a 1394 DMA channel. Any cryptographic material in memory is at risk from this attack, which therefore, is not specific to BitLocker.
- "What's new in BitLocker on Windows 8". February 15, 2012. Retrieved 2012-03-02.
- "Windows BitLocker Drive Encryption Frequently Asked Questions". Microsoft. Retrieved 2007-09-05.
- Niels Fergusson (August 2006). AES-CBC + Elephant Diffuser: A Disk Encryption Algorithm for Windows Vista (PDF). Microsoft. Retrieved 2008-02-22.
- "BitLocker Drive Encryption Provider". Microsoft. February 19, 2008. Retrieved 2008-02-22.
- Byron Hynes (June 2008). "Advances in BitLocker Drive Encryption". Technet Magazine (Microsoft). Retrieved 2008-07-18.
- Description of BitLocker To Go Reader
- "Security Analysis". Data Encryption Toolkit for Mobile PCs. Microsoft. Retrieved 2007-09-05.
- "ProtectKeyWithNumericalPassword Method of the Win32_EncryptableVolume Class". Microsoft. February 19, 2008. Retrieved 2008-07-18.
- "ProtectKeyWithTPM Method of the Win32_EncryptableVolume Class". Microsoft. February 19, 2008. Retrieved 2008-07-18.
- "ProtectKeyWithTPMAndPIN Method of the Win32_EncryptableVolume Class". Microsoft. February 19, 2008. Retrieved 2008-07-18.
- "ProtectKeyWithTPMAndPINAndStartupKey Method of the Win32_EncryptableVolume Class". Microsoft. February 19, 2008. Retrieved 2008-07-18.
- "ProtectKeyWithTPMAndStartupKey Method of the Win32_EncryptableVolume Class". Microsoft. February 19, 2008. Retrieved 2008-07-18.
- "ProtectKeyWithExternalKey Method of the Win32_EncryptableVolume Class". Microsoft. February 19, 2008. Retrieved 2008-07-18.
- "BitLocker Drive Encryption in Windows 7: Frequently Asked Questions". Technet.microsoft.com. Retrieved 2012-04-07.
- "Description of the BitLocker Drive Preparation Tool". Microsoft. September 7, 2007. Retrieved 2008-02-22.
- George Ou (February 28, 2007). "Prevent data theft with Windows Vista's Encrypted File System (EFS) and BitLocker". TechRepublic. Retrieved 2008-06-16.
- "BitLocker Drive Encryption in Windows 7: Frequently Asked Questions". Technet.microsoft.com. Retrieved 2013-03-16.
- "Back-door nonsense". System Integrity Team Blog. Microsoft. Retrieved 2006-06-19.
- "Microsoft: Vista won't get a backdoor". CNet. March 3, 2006. Retrieved 2008-05-01.
- "UK holds Microsoft security talks". BBC. February 16, 2006. Retrieved 2009-06-12.
- Joris Evers (March 3, 2006). "Microsoft: Vista won't get a backdoor". CNET. Retrieved 2009-06-12.
- Niels Ferguson (March 2, 2006). "Back-door nonsense". Microsoft System Integrity Team Blog. Retrieved 2009-10-31.
- "Keys to Protecting Data with BitLocker Drive Encryption". TechNet Magazine. Microsoft. Retrieved 2007-08-21.
- J. Alex Halderman, Seth D. Schoen, Nadia Heninger, William Clarkson, William Paul, Joseph A. Calandrino, Ariel J. Feldman, Jacob Appelbaum, and Edward W. Felten (February 21, 2008). Lest We Remember: Cold Boot Attacks on Encryption Keys. Princeton University. Retrieved 2008-02-22.
- "Blocking the SBP-2 Driver to Reduce 1394 DMA Threats to BitLocker". Microsoft. March 4, 2011. Retrieved 2011-03-15.
- BitLocker Drive Encryption Technical Overview
- Download BitLocker Drive Preparation Tool
- Windows Hardware Developer Central BitLocker Hub Page
- System Integrity Team Blog
- AD Bitlocker Password Audit for Windows
- Read BitLocker encrypted partition under Linux or MacOSX
- Attacking the BitLocker Boot Process
- Read a BitLocker-encrypted partition on Linux: Dislocker