A Real-world Windows Vista BitLocker Tip

re: A Real-world Windows Vista BitLocker Tip

paperino — Sat, 24 Mar 2007 22:04:21 GMT

Pretty interesting Michael.

Question: is the anti-hammer mechanism part of the TPM or can be implemented with USB drives as well?

Features and Tutorials

Connected to Vista Bookmarks — Sat, 24 Mar 2007 23:22:55 GMT

BitLocker Drive Encryption A Real-world Windows Vista BitLocker Tip BitLocker Drive Encryption BitLocker

re: A Real-world Windows Vista BitLocker Tip

Scott Wendt — Sat, 24 Mar 2007 23:44:09 GMT

Now all we need to do is get the TPM built into more consumer products. Its nice that bitlocker works on machines that don't have a TPM but I'd like to use bitlocker on my laptop without having to carry a usb key or remembering a long number.

Connected to Vista Bookmark Updates

Connected to Vista Bookmarks — Sun, 25 Mar 2007 01:05:41 GMT

Following is a consolidation of the bookmark updates made over the past several days. Vista Security

re: A Real-world Windows Vista BitLocker Tip

Corrine — Sun, 25 Mar 2007 01:10:03 GMT

Nice tip. Thanks. Added "bookmark" in "Windows Vista Bookmarks" and the mirror at "Connected to Vista Bookmarks"

Pingbacks: http://securitygarden.blogspot.com/2007/03/windows-vista-bitlocker-tip.html

and

http://windowsconnected.com/blogs/corrine/archive/2007/03/24/connected-to-vista-bookmark-updates.aspx

re: A Real-world Windows Vista BitLocker Tip

michael_HOWARD — Sun, 25 Mar 2007 18:06:35 GMT

paperino, the anyi-hammering stuff in TPM specific, and is a requirement of the Trusted Computing Group (TCG)

re: A Real-world Windows Vista BitLocker Tip

Steve Lamb — Mon, 26 Mar 2007 13:06:44 GMT

Spookily enough I was wrestling with the same scenario at the weekend though I hadn't tried hibernate and am glad to hear that it invokes the BitLocker PIN prompt though as you say if someone knows your creds then you're dead regardless of BitLocker protection

re: A Real-world Windows Vista BitLocker Tip

Toma Bussarov — Mon, 26 Mar 2007 15:19:26 GMT

Good tip, Michael!

It is only valid if you have enabled the TPM to ask for PIN at each boot. Of course, this adds an extra security, but if if you rely on OS security TPM won't be noticed at all. Could you look at the security threats in this scenario, perhaps in future article.

Just one thing to add: most atackers will try to reboot after certain number of unsuccessful attempts to login.

re: A Real-world Windows Vista BitLocker Tip

Alexander Trofimov. — Mon, 26 Mar 2007 16:06:36 GMT

Such a sweet scenario =) Thanks.

re: A Real-world Windows Vista BitLocker Tip

Mike Smith-Lonergan — Wed, 28 Mar 2007 01:26:50 GMT

Don't you mean "Like a good Microsoft SENIOR citizen..."? :)

Yes, Standby/Sleep/Hybrid Sleep creates certain vulnerabilities against which BitLocker cannot mitigate. While the "TPM is not enough; you must use TPM + PIN" response is the most cohesive response when BitLocker is considered the primary/only mitigation, there are other options as well. Some of these can be considered fair substitutes, other are complementary or overlapping for the kinds of threats most organizations are concerned about:

- enable the Smart Card protection of EFS (only in Vista)

- enable EFS with the (soon-to-be-released) EFS Assistant

- drive-level encryption

- disable all Power States altogether [but only if you want to re-enact the scene from Frankenstein where the citizenry come knockin, pitchforks and torches in hand]

There are many ways to skin a cat, and while I know Michael was trying to provide a helpful tip inside the "closed universe" of BitLocker, I always like to help remind everyone to think *outside* the box as well.

Check out the forthcoming Data Encryption Toolkit for a comprehensive look at all these data encryption technologies (http://www.microsoft.com/DET).

Vista Security Features

Connected to Vista Bookmarks — Mon, 02 Apr 2007 19:26:32 GMT

BitLocker Drive Encryption A Real-world Windows Vista BitLocker Tip BitLocker Drive Encryption BitLocker

Portals

Inherent Quality by Ron Richard — Tue, 03 Apr 2007 04:12:47 GMT

Field of dreams… The software and IT industry is a field of dreams. More than ever all can come to the field to offer ideas and contribute to its evolution. One means of doing so is through portals. A ...

re: A Real-world Windows Vista BitLocker Tip

Alun Jones — Wed, 11 Apr 2007 02:08:05 GMT

The key hole here is not that someone might guess your user name and password, to unlock the computer. That, as you say, pretty much assumes that you are already owned.

The problem is more that you are now up and running with a complete OS, not a small secure piece of code whose sole purpose is to decrypt the key that will let the boot drive work. This is also my concern with Microsoft frequently implying that the system is secured by simply using TPM as protection for the keys, without external keying material such as a USB key and a memorised PIN.

All those holes on the outside of the computer, where the rain comes in, are now ports of attack.

Does your system have a flaw exploitable through the network? Then you can exploit the system. [If it's a sufficiently valuable target, and not time-sensitive, simply wait for the next exploit to come along.]

Does your system have USB, PC-Card, or other DMA technology? Then you can plug in an exotic device whose job is to scan or modify memory. [Okay, so that's more in the realm of high-value targets, who ought to know to hibernate every time.]

I do think BitLocker should support a PIN+USB scenario even in the absence of TPM's protective anti-hammering technology - it would at least limit brain-dead "I stole the laptop bag, with the USB key in it" attacks, and require that those attacks use a level of sophistication that raises the cost to the attacker.