Ir al contenido

BitLocker Drive Encryption

De Wikipedia, la enciclopedia libre
Esta es una versión antigua de esta página, editada a las 16:43 29 nov 2009 por Daniloko84 (discusión · contribs.). La dirección URL es un enlace permanente a esta versión, que puede ser diferente de la versión actual.
(difs.) ← Revisión anterior | Ver revisión actual (difs.) | Revisión siguiente → (difs.)
Este artículo o sección se está traduciendo del idioma inglés a partir del artículo BitLocker Drive Encryption. Por esta razón, puede haber lagunas de contenidos, errores sintácticos o escritos sin traducir. Puedes colaborar con Wikipedia continuando con la traducción desde el artículo original.
Este artículo o sección está siendo editada activamente en un período de tiempo corto por un wikipedista. Puede tener lagunas de contenido o deficiencias de formato.
Si esta página no ha sido editada durante varias horas, elimina este mensaje o reemplázalo por {{en desarrollo}}. La finalidad de este mensaje es reducir los conflictos de edición. Si el trabajo de edición se concentra en una sección coloca allí la plantilla para permitir a otros editar la página.
Uso de esta plantilla: {{En uso|t={{sust:CURRENTTIMESTAMP}}}} o {{sust:En uso}}
BitLocker Drive Encryption
Información general
Tipo de programa disk encryption software
Desarrollador Microsoft
Archivos legibles
BitLocker Disk Encryption volume
Enlaces
[editar datos en Wikidata]

BitLocker Drive Encryption is a full disk encryption feature included with the Ultimate and Enterprise editions of Microsoft's Windows Vista and Windows 7 desktop operating systems, as well as the Windows Server 2008 and Windows Server 2008 R2 server platforms. It is designed to protect data by providing encryption for entire volumes. By default it uses the AES encryption algorithm in CBC mode with a 128 bit key, combined with the Elephant diffuser for additional disk encryption specific security not provided by AES.[1][2]

BitLocker is available only in the Enterprise and Ultimate editions of Windows Vista and Windows 7.[1]​ Users of other versions of Windows Vista could use a 3rd party encryption program to satisfy the need for full drive encryption. In the RTM release of Windows Vista, only the operating system volume could be encrypted using the GUI and encrypting other volumes required using WMI-based scripts included in Windows Vista in the %Windir%\System32 folder. [3]​ An example of how to use the WMI interface is in the script manage-bde.wsf, that can be used to set up and manage BitLocker from the command line. With Windows Vista Service Pack 1 and Windows Server 2008, volumes other than the operating system volume can be BitLocker-protected using the graphical Control Panel applet as well. [4]

The latest version of Bitlocker, included in Windows 7 and Windows Server 2008 R2, adds the ability to encrypt removable drives.

Overview

There are three authentication mechanisms that can be used as building blocks to implement Bitlocker encryption:[5]

  • Transparent operation mode: This mode exploits the capabilities of Trusted Platform Module (TPM) 1.2 hardware to provide for a transparent user experience—the user powers up and logs onto Windows as normal. The key used for the disk encryption is sealed (encrypted) by the TPM chip and will only be released to the OS loader code if the early boot files appear to be unmodified. The pre-OS components of BitLocker achieve this by implementing a Static Root of Trust Measurement—a methodology specified by the Trusted Computing Group. This mode is vulnerable to a cold boot attack, as it allows a powered-down machine to be booted by an attacker.
  • User authentication mode: This mode requires that the user provide some authentication to the pre-boot environment in the form of a pre-boot PIN. This mode is vulnerable to a bootkit attack.
  • USB Key Mode: The user must insert a USB device that contains a startup key into the computer to be able to boot the protected OS. Note that this mode requires that the BIOS on the protected machine supports the reading of USB devices in the pre-OS environment. This mode is also vulnerable to a bootkit attack.

The following permutations of the above authentication mechanisms are supported, all with an optional escrow key[6]​ in Active Directory:

  • TPM only[7]
  • TPM + PIN[8]
  • TPM + PIN + USB Key[9]
  • TPM + USB Key[10]
  • USB Key[11]

Operation

Contrary to the official name, BitLocker Drive Encryption is a logical volume encryption system. A volume may or may not be an entire drive, and can span one or more physical drives. Also, when enabled TPM/Bitlocker can ensure the integrity of the trusted boot path (e.g. BIOS, boot sector, etc.), in order to prevent most offline physical attacks, boot sector malware, etc.

In order for BitLocker to operate, the hard disk requires at least two NTFS-formatted volumes: one for the operating system (usually C:) and another with a minimum size of 100MB where the operating system boots from. BitLocker requires the boot volume to remain unencrypted, so the boot should not be used to store confidential information. Unlike previous versions of Windows, Vista's "diskpart" command-line tool includes the ability to shrink the size of an NTFS volume so that the system volume for BitLocker can be created. A tool called the "Bitlocker Drive Preparation Tool" is also available from Microsoft that allows an existing volume to be shrunk to make room for a new boot volume, and for the necessary bootstrapping files to be transferred to it.[12]​ Since BitLocker requires at least two NTFS formatted partitions, some users may prefer to encrypt the entire hard disk, without the need for partitioning, which can be done using 3rd party encryption software.

Once an alternate boot partition has been created, the TPM module needs to be initialized (assuming that this feature is being used), after which the required disk encryption key protection mechanisms such as TPM, PIN or USB key are configured. The volume is then encrypted as a background task, something that can take a considerable amount of time with a large disk. Only once the whole volume has been encrypted are the keys protected, and the volume considered secure.

Encrypting File System may be used in conjunction with BitLocker to provide protection once the operating system kernel has been loaded. Since BitLocker decrypts on-disk files before the Windows operating system has loaded (and thus outside of the operating system context), all file operations from the perspective of the operating system will proceed as if there is no encryption on the files being accessed by the operating system. Protection of the files from processes/users within the operating system can only be performed using encryption software that operates within Windows, such as Encrypting File System. BitLocker and Encrypting File System therefore offer protection against different classes of attacks.[13]

In Active Directory environments, BitLocker supports optional key escrow to Active Directory, although a schema update may be required for this to work (i.e. if the Active Directory Directory Services are hosted on a Windows version previous to Windows Server 2008).

Other systems like BitLocker can have their recovery key/password entry process spoofed by another bootmanager or OS install. Once the spoofed software captured the secret, it could be used to decrypt the VMK, which would then allow access to decrypt or modify any information on the user's BitLocker-encrypted hard disk. By configuring a TPM to protect the trusted boot pathway, including the BIOS and boot sector, this threat can be removed.

Security concerns

According to Microsoft sources,[14][15]​ BitLocker does not contain an intentionally built-in backdoor; there is no way for law enforcement to have a guaranteed passage to the data on the user's drives that is provided by Microsoft. The lack of any backdoor has been a concern to the UK Home Office,[16]​ which tried entering into talks with Microsoft to get one introduced, though was unsuccessful in having one added.[17][18]​ Although the AES encryption algorithm used in Bitlocker is in the public domain, its actual implementation in BitLocker, as well as other components of the software, are closed source. The code is available for scrutiny by selected Microsoft partners and enterprises, subject to a non-disclosure agreement.

The "Transparent operation mode" and "User authentication mode" of BitLocker use the TPM hardware to detect if there are unauthorized changes to the pre-boot environment, including the BIOS and MBR.[19]​ If any unauthorized changes are detected, BitLocker requests a recovery key on a USB device, or a recovery password entered by hand. Either of these cryptographic secrets are used to decrypt the Volume Master Key (VMK) and allow the bootup process to continue.[19]

Nevertheless, in February 2008, a group of security researchers published details of a so called "cold boot attack" that allows a Bitlocker-protected machine to be compromised by booting the machine off removable media, such as a USB drive, into another operating system, then dumping the contents of pre-boot memory.[20]​ The attack relies on the fact that DRAM retains information for up to several minutes (or even longer if cooled) after power has been removed. Use of a TPM module alone does not offer any protection, as the keys are held in memory while Windows is running, although two-factor authentication, i.e. using TPM together with a PIN, offers better protection for machines that are not powered on when physical access to them is obtained. Similar full disk encryption mechanisms of other vendors and other operating systems, including Linux and Mac OS X, are vulnerable to the same attack.[20]​ The authors recommend that computers be powered down when not in physical control of the owner (rather than be left in a "sleep" state) and that a password also be required to boot the machine.

BitLocker can also operate in a "USB Key"-only mode. The security risk in this case is that the key is left with the computer, or that a malicious program (either pre-boot or post-boot Windows malware) could read the startup key off of the USB Key and store it. It could be used later to decrypt and access the BitLocker-secured hard disk. If the USB key is removed before boot up completes, then malware that runs after boot up can (by definition) not access it, and theft of the computer no longer implies theft of the USB key.

Lastly, all software-based encryption systems are vulnerable to various side channel attacks such as acoustic cryptanalysis and hardware keyloggers.

See also

References

  1. a b «Windows BitLocker Drive Encryption Frequently Asked Questions». Microsoft. Consultado el 5 de septiembre de 2007.  Error en la cita: Etiqueta <ref> no válida; el nombre «FAQ» está definido varias veces con contenidos diferentes
  2. Niels Fergusson (August 2006). AES-CBC + Elephant Diffuser: A Disk Encryption Algorithm for Windows Vista (PDF). Microsoft. Consultado el 22 de febrero de 2008. 
  3. «Bitlocker Drive Encryption Provider». Microsoft. 19 de febrero de 2008. Consultado el 22 de febrero de 2008. 
  4. Byron Hynes (June de 2008). «Advances in BitLocker Drive Encryption». Technet Magazine (Microsoft). Consultado el 18 de julio de 2008. 
  5. «Security Analysis». Data Encryption Toolkit for Mobile PCs. Microsoft. Consultado el 5 de septiembre de 2007. 
  6. «ProtectKeyWithNumericalPassword Method of the Win32_EncryptableVolume Class». Microsoft. 19 de febrero de 2008. Consultado el 18 de julio de 2008. 
  7. «ProtectKeyWithTPM Method of the Win32_EncryptableVolume Class». Microsoft. 19 de febrero de 2008. Consultado el 18 de julio de 2008. 
  8. «ProtectKeyWithTPMAndPIN Method of the Win32_EncryptableVolume Class». Microsoft. 19 de febrero de 2008. Consultado el 18 de julio de 2008. 
  9. «ProtectKeyWithTPMAndPINAndStartupKey Method of the Win32_EncryptableVolume Class». Microsoft. 19 de febrero de 2008. Consultado el 18 de julio de 2008. 
  10. «ProtectKeyWithTPMAndStartupKey Method of the Win32_EncryptableVolume Class». Microsoft. 19 de febrero de 2008. Consultado el 18 de julio de 2008. 
  11. «ProtectKeyWithExternalKey Method of the Win32_EncryptableVolume Class». Microsoft. 19 de febrero de 2008. Consultado el 18 de julio de 2008. 
  12. «Description of the BitLocker Drive Preparation Tool». Microsoft. 7 de septiembre de 2007. Consultado el 22 de febrero de 2008. 
  13. George Ou (February 28 2007). «Prevent data theft with Windows Vista's Encrypted File System (EFS) and BitLocker». TechRepublic. Consultado el 16 de junio de 2008. 
  14. «Back-door nonsense». System Integrity Team Blog. Microsoft. Consultado el 19 de junio de 2006. 
  15. «Microsoft: Vista won't get a backdoor». CNet. 3 de marzo de 2006. Consultado el 1 de mayo de 2008. 
  16. «UK holds Microsoft security talks». BBC. 16 de febrero de 2006. Consultado el 12 de junio de 2009. 
  17. Joris Evers (3 de marzo de 2006). «Microsoft: Vista won't get a backdoor». CNET. Consultado el 12 de junio de 2009. 
  18. Niels Ferguson (2 de marzo de 2006). «Back-door nonsense». Microsoft System Integrity Team Blog. Consultado el 31 de octubre de 2009. 
  19. a b «Keys to Protecting Data with BitLocker Drive Encryption». TechNet Magazine. Microsoft. Consultado el 21 de agosto de 2007. 
  20. a b J. Alex Halderman, Seth D. Schoen, Nadia Heninger, William Clarkson, William Paul, Joseph A. Calandrino, Ariel J. Feldman, Jacob Appelbaum, and Edward W. Felten (21 de febrero de 2008). Lest We Remember: Cold Boot Attacks on Encryption Keys. Princeton University. Consultado el 22 de febrero de 2008. 
Obtenido de «https://es.wikipedia.org/w/index.php?title=BitLocker_Drive_Encryption&oldid=31840883»