Recently I read yet another report (http://www.komotv.com/stories/42263.htm) of stolen laptops resulting in a bigger loss then the monetary cost of the hardware. When we interact with different companies and provide personal information, such as credit cards, bank accounts, social security numbers, or even our mothers’ maiden names, we are entrusting the company to handle that information securely. In the world of electronic commerce and convenience, a game of “Russian Roulette” is being played with the trigger being pulled each time a computer is lost. The cost is a thief being interested in the sensitive information that is left as easy pickings on the hard disk. I want to put an end to that game.
When I joined System Integrity (then NGSCB) 2½ years ago, I had the opportunity to become part of the solution to this issue, in what has become BitLocker Drive Encryption (BDE). The great thing about being on this project is not just making it part of the Windows product, but also the excellent engineers I work with, and interact with while solving very interesting problems.
Let me give you an example. Consider the fact that the whole operating system is encrypted. The kernel, the HAL, the registry, the hibernation file, the paging file, and all the boot drivers (including the BDE driver) are encrypted. The NTFS MFT (Master File Table) is encrypted, so none of these files can be found. A key is required to decrypt the disk. Where do we get this key from? And how do we decrypt the kernel? How do we ensure that the boot code has not been tampered with?
Working with the boot architecture engineers, “bootmgr,” “winload.exe” and “winresume.exe” contain some of the code that exists in the BDE driver so that the operating system files can be found and decrypted. With this merged technology the hibernation file can be decrypted as it is loaded into memory.
Working with OEM’s, and the TCG, new hardware is appearing containing the latest TPM generation. OEM’s are adding security features and support functions into their BIOSes to allow any operating system (not just Windows) to utilize the TPM during boot. Using this technology a key can be encrypted by hardware and only decrypted if certain conditions are met. If multiple operating systems exist on the computer, each one can maintain their own set of conditions separate from each other.
Managing keys in a multi-boot environment has its own set of challenges. I (and others) have lost sleep working through different scenarios on how someone may try to break the security of BDE and making sure we have all of our bases covered. We have every reason to make sure we got it right, as it’ll be really embarrassing if we miss something that we should have caught. We have Penetration testers to help keep us on our toes and make sure we write code with an eye to the most experienced hackers.
So what got me out of bed? I enjoy technology, I enjoy challenges, and I enjoy being part of the solution that BitLocker Drive Encryption is providing.
- Jamie Hunter (Senior Developer)