System Integrity Team Blog

Attending DEFCON presentations that target a product you use or helped build can be exciting in a bad way. And believe me – knowing the fix has already been shipped reduces that excitement… in a very good way. This is what made Jonathan Brossard’s DEFCON...

Protecting BitLocker from Cold Attacks (and other threats)

Hi. My name is Douglas MacIver and I specialize in security assurance at Microsoft as a member of the BitLocker Test Team. My responsibilities on the team are to perform BitLocker penetration testing and risk analysis. As you may have seen in the press...

Although the most appropriate way to detect BitLocker is to use the interfaces in BitLocker’s WMI provider , specifically the "GetEncryptionMethod", But sometimes, you might wish to detect a BitLocker volume when the WMI provider is not available – such...

As people start analyzing BitLocker, a question that keeps getting raised is "Can I break into BitLocker by installing another copy of Vista?" This blog entry intends to show how BitLocker allows and supports multi-boot without compromising security. There is a saying that "if it walks like a duck and talks like a duck it is a duck." If I put to operating systems on a computer, at what point are they the same operating system? And at what point are they different? If it walks like a duck (boots) and talks like a duck (accesses unique encrypted data) then for all intents and purposes from an attacker’s perspective, it is a duck. ...

While working on the BitLocker data encryption we realized that no existing algorithm satisfied all the requirements that we had. We resolved this by combining AES-CBC with a specialized diffuser that improves the security against manipulation attacks...

Recently the BitLocker Penetration team was asked some questions about the security of the recovery password. Even if you use BitLocker every day, you may never have seen the recovery password entry screen – it is displayed by the Boot Manager in the...

I’ve been working to optimize our AES implementation. BitLocker encrypts and decrypts more data than all other features in Windows Vista combined, so we have the most to gain from a fast implementation. I won’t bore you with the details of optimizing...

BitLocker Drive Encryption offers users a number of different modes to protect the key used in encrypting/decrypting data. One of these modes requires a PIN be entered at boot time, which is used as authorization data to the TPM, and allows the key to...

Recently I read yet another report ( http://www.komotv.com/stories/42263.htm ) of stolen laptops resulting in a bigger loss then the monetary cost of the hardware. When we interact with different companies and provide personal information, such as credit...

Two weeks ago BBC News published an article speculating about a possible “back door” in BitLocker ( http://news.bbc.co.uk/1/hi/uk_politics/4713018.stm ). The suggestion is that we are working with governments to create a back door so that they can always...

I finally managed to organize a team blog so that we can put out some technical information without going through the marketing machine. You might not have heard about the System Integrity group. We used to be called NGSCB, which was always a...