Authentication or Access Control

BitLocker Drive Encryption-the Overview

A few years ago, Microsoft began a project called the Next Generation Secure Computing Base, and BitLocker is a direct result of that effort. In designing BitLocker, the System Integrity team in Windows wanted to come up with a solution that included laptop computers (note-books,) desktops, and servers, and provide a way to prevent thieves from using other operating systems or software hacking tools to break or bypass the protection provided by the Windows OS and the file system. That kind of prevention requires encryption.

BitLocker is also designed to provide a transparent user experience. In other words, unlike EFS or RMS, the user doesn't have to do anything complicated to configure and use the protection given by encryption, and the user (and you, the IT guru, and your colleagues in Legal Affairs) can be confident that everything is encrypted.

When Microsoft first started to talk about BitLocker (then called "secure startup"), it seemed like an interesting but impractical technology because it required a Trusted Platform Module (TPM) chip built-in to the computer. Thankfully, the Vista implementation of Bit-Locker, however, lets you encrypt any system so long as it's got a TPM chip, or else by using a compatible USB flash drive, USB port, and BIOS. (BIOS and USB compatibility is part of the testing done before a manufacturer can put a Vista logo on a computer.)

This allows BitLocker to be used on many existing computers. However, some incompatibilities will still be found. It's a good idea to test system, BIOS, and USB flash drive combinations before committing to a large roll-out.

Clearly, laptop computers are where you need to begin, because they are sometimes stolen and often lost. Desktops, too, are sometimes targeted for theft, or sometimes placed in less-than-secure environments (such as shared lobbies or offices without locked doors). BitLocker will also be included in Windows Server code-named "Longhorn" (and will actually offer additional supported features). Although I hope you don't misplace your server very often, servers are very high-value targets for theft. All of these types of computers contain sensitive data, such as IP and PII.

BitLocker Components

BitLocker contains four main components: a single Microsoft TPM driver, an API called TPM Base Services (TBS), BitLocker Drive Encryption, and a WMI provider.

Like most hardware, a TPM chip needs a driver to expose its functionality to the operating system and, ultimately, to applications. By including the Microsoft TPM driver within Windows Vista, we gain increased stability and can more easily leverage the TPM's security features. To use a TPM with BitLocker, you must allow Vista to use the Microsoft driver. The Microsoft driver works with TPM chips that are at version 1.2 or newer. (For more information, see the section later in this chapter on the TPM.)

TPM Base Services (TBS) is an application programming interface (API) that allows applications to access the services provided by a TPM. In this aspect, even though it is part of the Windows operating system, BitLocker is an "application" that uses TBS. The advantage of this architecture is that other applications could also make use of the TPM. After Vista is in the marketplace for a while, I believe we will see other security applications that call on TBS. TBS also allows the TPM to be managed within Windows Vista from the TPM Management Console, instead of forcing users to navigate through endless BIOS screens.

BitLocker Drive Encryption, itself, is the OS component that encrypts and decrypts data on the volume, and uses the TPM to validate the pre-OS boot components. BitLocker has a number of options that can change its default behavior, many of which are exposed through Group Policy settings.

BitLocker is also totally scriptable and manageable. In addition to Group Policy options, BitLocker and TBS both include Windows Management Interface (WMI) providers. WMI is the Windows implementation of Web-Based Enterprise Management (WBEM), so any WBEM console can also be used with BitLocker. More usefully, though, this WMI interface allows BitLocker to be scripted, and Vista includes a scripted utility called manage-bde.wsf, which allows you to configure and control BitLocker from the command line or a batch file, either locally or remotely.

It is also worth noting here, even though we talk about it in more detail later in the chapter, BitLocker integrates with Active Directory Domain Services to store TPM and BitLocker information that can be used for recovery.

What Is a TPM?

A Trusted Platform Module (TPM) is a microchip that provides some basic security-related functions, mostly ones that involve encryption keys. To be considered secure, the TPM is installed permanently on the motherboard of a computer. The TPM uses a hardware bus to talk to the rest of the system.

A classic problem with any software-based security solution is that if an attacker can insert malicious code before the security software, then the security software can be circumvented. It is also difficult to be confident that any software reporting on its own state can be trusted. Think of rootkits, for example. They make the OS lie. Once you can fake out the OS, what can you trust?

So, a TPM helps address this problem because it can build a chain of trust that starts with hardware. Since this trust begins in hardware, there isn't any practical way to insert malicious code "before" the TPM. The TPM actually validates components of the platform (the computer) and the early boot process very reliably, and BitLocker can rely on this validation.

In many ways, a TPM is similar to a smart card. Although a TPM doesn't store certificates, it can create keys for cryptography and also keep private key permanently within the TPM. If a key created in a TPM is never exposed to any other component, software, process, or person, then, since the private key is never released outside the TPM, it's pretty darn hard to compromise. Because the TPM uses its own internal firmware and logic circuits for processing instructions, it does not rely on the operating system and is not exposed to external software vulnerabilities.

The TPM can also encrypt data provided by the OS, such as symmetric keys used to encrypt large blocks of data. When this type of data is encrypted by the TPM, it can only be decrypted again by the same TPM. This process, often called "wrapping" or "binding" a key, can help protect the key from disclosure. (Sometimes the data being wrapped is called a "blob of data," but "blob" can have a lot of meanings.)

Each TPM has a master "wrapping" key, called the Storage Root Key (SRK), which is stored (and kept) within the TPM itself. A TPM must also have an Endorsement Key (EK), which is permanent once set for that TPM. Other keys are derived from or signed by the EK.

Every time the computer starts, certain measurements are made and stored in the TPM's platform control registers (PCRs). PCRs are discussed in more detail later in this chapter. Accordingly, computers that incorporate a TPM can also create a key that has not only been wrapped, but also tied to specific platform measurements in the PCRS. This type of key can only be unwrapped when those platform measurements have the same values that they had when the key was created. This process is called "sealing" the key to the TPM. Decrypting it is called "unsealing." The TPM can also seal and unseal data generated outside of the TPM. With a sealed key and software like BitLocker, you can lock data until specific hardware or software conditions are met. This process is the basis for the pre-OS boot component validation performed by BitLocker.

There is some bad news, though. To use a TPM, BitLocker requires a TPM that meets the version 1.2 standard, set by the Trusted Computing Group (TCG). If your computer is older than 2006, it is very unlikely to have a version 1.2 TPM (most computers existing today don't have a TPM at all). In addition to having a compatible TPM, your computer must also have compatible BIOS. Most computer manufacturers are releasing Vista-compatible BIOS updates for computers that have version 1.2 TPM chips.

For more information about the TPM specifications, you can visit https://www.trustedcomputinggroup.org/specs/TPM. TPM chip manufacturers work with the computer manufacturers, and generally ensure that the TPM meets encryption export requirements, and they may seek certification from various authorities. One example of a TPM chip in common use is the line by Infineon, featured at http://www.infineon.com (http://www.infineon.com/cgi-bin/ifx/portal/ep/channelView.do?channelId=-84648&channelPage=%2Fep%2Fchannel%2FproductOverview.jsp&pageTypeId=17099).

Don't despair: computers that lack a compatible TPM can still use the encryption features of BitLocker, provided their BIOS supports access to a USB flash memory device during the early boot process. There are a lot more of these computers around.