BitLocker™ Drive BitLocker™ Drive Encryption Hardware Encryption Hardware Enhanced Data ProtectionEnhanced Data Protection

Shon Eizenhoefer, Program ManagerShon Eizenhoefer, Program ManagerMicrosoft CorporationMicrosoft Corporation

AgendaAgenda

Security BackgroundSecurity Background

BitLocker™ Drive EncryptionBitLocker™ Drive Encryption

TPM OverviewTPM Overview

Building a BitLocker™ Capable SystemBuilding a BitLocker™ Capable System

Additional ResourcesAdditional Resources

BitLocker™ Drive EncryptionBitLocker™ Drive Encryption

BitLocker™ Drive Encryption gives you improved data BitLocker™ Drive Encryption gives you improved data protection on your Windows Vista and Windows Server protection on your Windows Vista and Windows Server codenamed “Longhorn” systemscodenamed “Longhorn” systems

Notebooks – Often stolen, easily lost in transitNotebooks – Often stolen, easily lost in transit

Desktops – Often stolen, difficult to safely decommissionDesktops – Often stolen, difficult to safely decommission

Servers – High value targets, often kept in insecure locationsServers – High value targets, often kept in insecure locations

All three can contain very sensitive IP and customer dataAll three can contain very sensitive IP and customer data

Designed to provide a transparent user experience that Designed to provide a transparent user experience that requires little to no interaction on a protected systemrequires little to no interaction on a protected system

Prevents thieves from using another OS or software Prevents thieves from using another OS or software hacking tool to break OS file and system protectionshacking tool to break OS file and system protections

Prevents offline viewing of user data and OS filesPrevents offline viewing of user data and OS files

Provides enhanced data protection and boot validation Provides enhanced data protection and boot validation through use of a Trusted Platform Module (TPM) v1.2through use of a Trusted Platform Module (TPM) v1.2

BitLocker™ And TPM FeaturesBitLocker™ And TPM Features

BitLocker™ Drive BitLocker™ Drive EncryptionEncryption

Encrypts entire volumeEncrypts entire volumeUses Trusted Platform Uses Trusted Platform Module (TPM) v1.2 to Module (TPM) v1.2 to validate pre-OS validate pre-OS componentscomponentsCustomizable protection Customizable protection and authentication methodsand authentication methods

Pre-OS ProtectionPre-OS ProtectionUSB startup key, PIN, and USB startup key, PIN, and TPM-backed authenticationTPM-backed authentication

Single Microsoft Single Microsoft TPM DriverTPM Driver

Improved stability Improved stability and securityand security

TPM Base Services (TBS) TPM Base Services (TBS) Enables third party Enables third party applicationsapplications

Active Directory BackupActive Directory BackupAutomated key backupAutomated key backupto AD serverto AD server

Group Policy supportGroup Policy support

Scriptable InterfacesScriptable InterfacesTPM managementTPM management

BitLocker™ managementBitLocker™ management

Command-line toolCommand-line tool

Feature Map

TPM Services ArchitectureTPM Services Architecture(Simplified)(Simplified)

BitLocker™

TPM AdminTools

TPM WMI Provider

TPM Base Services

TPM Driver

Third PartyApplications

TSS*

Trusted Platform Trusted Platform Module (TPM)Module (TPM)

*TCG Software Stack*TCG Software Stack

Windows VistaEnterprise

Ultimate

Windows VistaAll SKUs

What Is A Trusted Platform What Is A Trusted Platform Module (TPM)?Module (TPM)?Smartcard-like module on the motherboardSmartcard-like module on the motherboard

Protects secrets Protects secrets

Performs cryptographic functionsPerforms cryptographic functionsRSA, SHA-1, RNGRSA, SHA-1, RNG

Meets encryption export requirementsMeets encryption export requirements

Can create, store and manage keysCan create, store and manage keysProvides a unique Endorsement Key (EK)Provides a unique Endorsement Key (EK)

Provides a unique Storage Root Key (SRK)Provides a unique Storage Root Key (SRK)

Performs digital signature operationsPerforms digital signature operations

Holds Platform Measurements (hashes)Holds Platform Measurements (hashes)

Anchors chain of trust for keys Anchors chain of trust for keys and credentialsand credentials

Protects itself against attacksProtects itself against attacks

TPM 1.2 spec: TPM 1.2 spec: www.trustedcomputinggroup.orgwww.trustedcomputinggroup.org

Why Use A TPM?Why Use A TPM?

Trusted Platforms use Roots-of-TrustTrusted Platforms use Roots-of-TrustA TPM is an implementation of a Root-of-TrustA TPM is an implementation of a Root-of-Trust

A hardware Root-of-Trust has distinct advantagesA hardware Root-of-Trust has distinct advantagesSoftware can be hacked by SoftwareSoftware can be hacked by Software

Difficult to root trust in software that has to validate itselfDifficult to root trust in software that has to validate itself

Hardware can be made to be robust against attacksHardware can be made to be robust against attacksCertified to be tamper resistantCertified to be tamper resistant

Hardware and software combined can protect root secretsHardware and software combined can protect root secretsbetter than software alonebetter than software alone

A TPM can ensure that keys and secrets are only available A TPM can ensure that keys and secrets are only available for use when the environment is appropriatefor use when the environment is appropriate

Many specific hardware and software configurationsMany specific hardware and software configurations

BitLocker™ Drive Encryption ArchitectureBitLocker™ Drive Encryption ArchitectureStatic Root of Trust Measurement of boot componentsStatic Root of Trust Measurement of boot components

Volume Blob of Target OS unlocked

All Boot Blobs unlocked

Static OS

BootSector

BootManagerStart OS

OS Loader

BootBlock

PreOS

BIOS

MBR

TPM Init

Disk Layout And Key StorageDisk Layout And Key Storage

OS VolumeOS Volume Contains Contains

Encrypted OSEncrypted OS

Encrypted Page FileEncrypted Page File

Encrypted Temp FilesEncrypted Temp Files

Encrypted DataEncrypted Data

Encrypted Hibernation FileEncrypted Hibernation File

Where’s the Encryption Key?Where’s the Encryption Key?

1.1. SRKSRK (Storage Root Key) (Storage Root Key)contained in TPM contained in TPM

2.2. SRKSRK encrypts encrypts FVEKFVEK (Full Volume (Full Volume Encryption Key) protected by Encryption Key) protected by TPM/PIN/USB Storage DeviceTPM/PIN/USB Storage Device

3.3. FVEKFVEK stored (encrypted by stored (encrypted by SRKSRK) ) on hard drive in the on hard drive in the OS VolumeOS Volume

System

OS Volume

System VolumeSystem Volume Contains: Contains:MBR, Boot manager, Boot UtilitiesMBR, Boot manager, Boot Utilities(Unencrypted, small)(Unencrypted, small)

3

2 FVEKFVEK 1 SRKSRK

Internal threats are just as prevalent as external threats Internal threats are just as prevalent as external threats

IntentionalIntentionalAccidental Accidental TargetedTargeted

Data Data intentionally intentionally

compromisedcompromised

Thief steals Thief steals asset based on asset based on value of datavalue of data

Loss due toLoss due tocarelessnesscarelessness

System disposal or System disposal or repurposing without repurposing without data wipedata wipe

System physically lost System physically lost in transitin transit

Insider Insider access to access to unauthorized unauthorized datadata

Offline attack Offline attack on lost/stolen on lost/stolen laptoplaptop

Theft of branch office Theft of branch office server (high value and server (high value and volume of data)volume of data)

Theft of executive or Theft of executive or government laptopgovernment laptop

Direct attacks with Direct attacks with specialized hardwarespecialized hardware

Information Protection ThreatsInformation Protection Threats

BitLocker™ offers a spectrum of protection, allowing an organization to customize according to its own needs

Spectrum of ProtectionSpectrum of Protection

TPM Only“What it is”

Protects Against:Most SW attacksVulnerable To:

Hardware attacks

User Must:N/A

No user impact

TPM + PIN“What it is + what

you know”Protects Against:Many HW attacks

Vulnerable To:Hardware attacks

User Must:Enter PIN to boot

USB Only“What you have”

Protects Against:HW attacks

Vulnerable To:Stolen USB key

No boot validationUser Must:

Protect USB key

TPM + USB“What it is + what

you have”Protects Against:

HW attacksVulnerable To:Stolen USB key

User Must:Protect USB key

Ease o

f Dep

loym

ent / M

ainten

ance

BitLocker™ Recovery ScenariosBitLocker™ Recovery Scenarios

Lost/Forgotten Authentication MethodsLost/Forgotten Authentication MethodsLost USB key, user forgets PINLost USB key, user forgets PIN

Upgrade to Core FilesUpgrade to Core FilesUnanticipated change to pre-OS filesUnanticipated change to pre-OS files(BIOS upgrade, etc…)(BIOS upgrade, etc…)

Broken HardwareBroken HardwareHard drive moved to a new systemHard drive moved to a new system

Deliberate AttackDeliberate AttackModified or missing pre-OS filesModified or missing pre-OS files(Hacked BIOS, MBR, etc…)(Hacked BIOS, MBR, etc…)

BitLocker™ Recovery MethodsBitLocker™ Recovery Methods

Recommended method forRecommended method fordomain-joined machinesdomain-joined machines

Automate key backups through BitLocker™ SetupAutomate key backups through BitLocker™ SetupConfigure group policy to store keys in Active DirectoryConfigure group policy to store keys in Active DirectoryProvides centralized storage and management of keysProvides centralized storage and management of keys

Recommended methods for nonRecommended methods for nondomain-joined machinesdomain-joined machines

Back up to a USB flash deviceBack up to a USB flash deviceBack up to a web-based key storage serviceBack up to a web-based key storage service

““Windows Ultimate Extras” – Provides a free key storage Windows Ultimate Extras” – Provides a free key storage service for home users or unmanaged environmentsservice for home users or unmanaged environmentsPotential OEM or 3rd-party service for key storagePotential OEM or 3rd-party service for key storage

Back up to a fileBack up to a filePrint or record to physical mediaPrint or record to physical media

Platform Threats And MitigationsPlatform Threats And Mitigations

BIOS ModificationBIOS ModificationTHREAT – Lost Core Root of Trust for MeasurementTHREAT – Lost Core Root of Trust for Measurement

MITIGATION – Secure CRTM UpdateMITIGATION – Secure CRTM Update

MITIGATION – Provide extra protection with PIN or USBMITIGATION – Provide extra protection with PIN or USB

Physical MemoryPhysical MemoryTHREAT – Key exposure in physical memoryTHREAT – Key exposure in physical memory

MITIGATION – Memory Overwrite on ResetMITIGATION – Memory Overwrite on Reset

MITIGATION – Provide extra protection with PIN or USBMITIGATION – Provide extra protection with PIN or USB

Dictionary Attack Against PINDictionary Attack Against PINTHREAT – Key exposureTHREAT – Key exposure

MITIGATION – Anti-hammering countermeasuresMITIGATION – Anti-hammering countermeasures

End UsersEnd UsersTHREAT – Unsafe practices (PIN nearby, USB in laptop case)THREAT – Unsafe practices (PIN nearby, USB in laptop case)

MITIGATION – User education, corporate security policyMITIGATION – User education, corporate security policy

Building BitLocker™ SystemsBuilding BitLocker™ Systems

Windows Vista Logo ProgramWindows Vista Logo ProgramPerformance, quality, and feature metrics that help consumers understandPerformance, quality, and feature metrics that help consumers understandand seek out the best computing experience that Windows Vista has to offerand seek out the best computing experience that Windows Vista has to offer

http://www.microsoft.com/http://www.microsoft.com/whdc/winlogo/hwrequirements.mspxwhdc/winlogo/hwrequirements.mspx

Trusted Platform Module – Trusted Platform Module – SYSFUND-0030SYSFUND-0030TPM Main Specification, Version 1.2 (or later) TPM Main Specification, Version 1.2 (or later)

Memory Mapped I/O, Locality 0Memory Mapped I/O, Locality 0

https://https://www.trustedcomputinggroup.orgwww.trustedcomputinggroup.org/specs/TPM/specs/TPM

TPM PC Client Interface Specification, Version 1.2 (or later)TPM PC Client Interface Specification, Version 1.2 (or later)

https://https://www.trustedcomputinggroup.org/specs/PCClientwww.trustedcomputinggroup.org/specs/PCClient

BIOS – BIOS – SYSFUND-0031SYSFUND-0031TCG BIOS SpecificationTCG BIOS Specification

Physical Presence Interface SpecificationPhysical Presence Interface Specification

Memory Overwrite on Reset SpecificationMemory Overwrite on Reset Specification

Immutable CRTM or Secure UpdateImmutable CRTM or Secure Update

https://https://www.trustedcomputinggroup.org/specs/PCClientwww.trustedcomputinggroup.org/specs/PCClient

Building BitLocker™ SystemsBuilding BitLocker™ Systems

Hard Disk – Hard Disk – SYSFUND-0032 SYSFUND-0032 BitLocker™ requires at least two partitionsBitLocker™ requires at least two partitions

System partition (“Active”, NTFS, minimum 1.5GB) System partition (“Active”, NTFS, minimum 1.5GB) OS must be installed on separate partitionOS must be installed on separate partition

OS and other partition(s) can be of any sizeOS and other partition(s) can be of any size

e-mail for more informatione-mail for more information

USB – USB – SYSFUND-0069-0070SYSFUND-0069-0070System boot from USB 1.x and 2.x USBSystem boot from USB 1.x and 2.x USB

USB read/write in pre-OS environmentUSB read/write in pre-OS environmentFAT16, FAT32, or NTFS file system FAT16, FAT32, or NTFS file system

e-mail for BitLocker™e-mail for BitLocker™and TPM Admin BIOS and Platform Requirementsand TPM Admin BIOS and Platform Requirements

bdeinfo @ microsoft.combdeinfo @ microsoft.com

bdeinfo @ microsoft.combdeinfo @ microsoft.com

Enterprise Customer NeedsEnterprise Customer Needs

Remote Deployment ConsiderationsRemote Deployment ConsiderationsThink through large-scale deployment of BitLocker™ Think through large-scale deployment of BitLocker™

Provide solutions for remote initialization of TPMsProvide solutions for remote initialization of TPMs

Provide a secure BIOS update mechanismProvide a secure BIOS update mechanism

Support Encrypted Volumes in Recovery EnvironmentSupport Encrypted Volumes in Recovery EnvironmentInclude WinRE scripting componentsInclude WinRE scripting components

Ship Systems with an Endorsement Key (EK)Ship Systems with an Endorsement Key (EK)EK generation in the field is time consumingEK generation in the field is time consuming

Industry security best practiceIndustry security best practice

TCG GuidelinesTCG Guidelines

Call To ActionCall To Action

Build BitLocker™-ready SystemsBuild BitLocker™-ready SystemsTPM v1.2 – Consider the deployment experience, make it easyTPM v1.2 – Consider the deployment experience, make it easy

BIOS – Don’t ship systems without secure CRTM/BIOS update!BIOS – Don’t ship systems without secure CRTM/BIOS update!

Hard Disk – Ship your platforms with two or more partitionsHard Disk – Ship your platforms with two or more partitions

USB – Verify read/write/boot from USB in pre-OS environmentUSB – Verify read/write/boot from USB in pre-OS environment

Consider Enterprise Customer NeedsConsider Enterprise Customer NeedsProvide ability to initialize TPM remotelyProvide ability to initialize TPM remotely

Ship with Endorsement Key (EK)Ship with Endorsement Key (EK)

Test Your Platforms!Test Your Platforms!Test with latest Windows Vista releasesTest with latest Windows Vista releases

WDK test suite WDK test suite http://www.microsoft.com/http://www.microsoft.com/whdc/driver/WDK/aboutWDK.mspxwhdc/driver/WDK/aboutWDK.mspx

Work with us to get your reference platforms tested! Work with us to get your reference platforms tested! e-mail for more informatione-mail for more informationbdeinfo @ microsoft.combdeinfo @ microsoft.com

Additional ResourcesAdditional Resources

Web ResourcesWeb ResourcesSpecs and WhitepapersSpecs and Whitepapers

http://www.microsoft.com/whdc/system/platform/hwsecurity/default.mspxhttp://www.microsoft.com/whdc/system/platform/hwsecurity/default.mspx

Windows Logo Program TestingWindows Logo Program Testinghttp://www.microsoft.com/http://www.microsoft.com/whdc/GetStart/testing.mspxwhdc/GetStart/testing.mspx

TCGTCGhttp://www.trustedcomputinggroup.orghttp://www.trustedcomputinggroup.org

Related SessionsRelated SessionsEnterprise and Server Use of Microsoft BitLocker™Enterprise and Server Use of Microsoft BitLocker™Drive Encryption (CPA027)Drive Encryption (CPA027)

Windows Vista and Windows Server Longhorn Security Platform Windows Vista and Windows Server Longhorn Security Platform Enhancements (CPA127)Enhancements (CPA127)

BitLocker™ Questions or IdeasBitLocker™ Questions or Ideas

BitLocker™ BlogBitLocker™ Bloghttp://http://blogs.msdn.com/si_team/default.aspxblogs.msdn.com/si_team/default.aspx

Bdeinfo @ microsoft.comBdeinfo @ microsoft.com