Cybercrime Security Forum - Europe 2018 Session

1. BitLocker Deep Dive
Sami Laiho, MVP

2. Why we need encryption

3. Why we need encryption?
• Data wise because over 800000 devices get lost or stolen on the
biggest airports in US and Europe yearly
• Security wise because all Windows versions can be cracked with a
single command
• Secure decommissioning
• The format utility (since Windows Vista) deletes the volume metadata and
overwrites those sectors to securely delete any BitLocker keys and by doing so
makes the volume instantly unreadable

4. Demo – Crack Windows
• Sami Laiho

5. BitLocker Basics

6. “Master keys”
• Every sector is protected with full-volume encryption key (FVEK)
• Never used by the System or the User
• FVEK in turn is encrypted with the volume master key (VMK)
• We don’t want to need to change the FVEK as every sector would need to be
re-encrypted
• Used by the system as it’s easier to replace if compromised
• The VMK is protected with another protector or several

7. Protectors for master keys
• Password protection (no TPM)
• The VMK is password protected
• Available for the OS drive since Windows 8 and used especially with Windows
To Go
• USB-key protection (no TPM)
• The protector key is saved on a USB key

8. Protectors for master keys
• TPM-protection
• The decryption key is stored on a TPM chip or firmware vault
• “On computers equipped with a compatible TPM, each time the computer
starts, each of the early startup components—such as the BIOS, the master
boot record (MBR), the boot sector, and the boot manager code—examines
the code about to be run, calculates a hash value, and stores the value in
specific registers in the TPM, called platform configuration registers (PCRs).
Once a value is stored in a PCR, the value cannot be replaced or erased unless
the system is restarted. BitLocker uses the TPM and the values stored in PCRs
to protect the VMK.”
• Brief:”If anything in the boot environment changes the disk cannot be
read”

9. Protectors for master keys
• TPM +PIN
• The TPM is secured with a PIN code
• Harder to break into but harder to administer
• Two-factor authentication
• Mental proof of ownership
• TPM + USB
• Part of the decryption key is stored on the USB key and part on the TPM
• TPM part is secured against changes in the boot environment
• Two-factor authentication
• Physical proof of ownership

10. ”What’s the difference between
physical and mental proof of
ownership?”

12. Protectors for master keys
• TPM +PIN + USB
• Combines the two previously mentioned
• Network Unlock
• Decryption key stored on a network server
• When on the same network works like a TPM protected machine
• When outside of the network asks for a PIN-code
• Requires Windows 8 and UEFI

13. Recovery keys
• A recovery key is saved as well and secured by an authenticator
• Certificate or numerical password
• Usually saved to either Active Directory or MBAM
• The whole key or only the ”secret” to open the key

14. Gamechanger!
• Windows 7 vs Windows 8.1
• In Windows 7 it was recommended to use a two-factor authentication like
PIN-code to build a secure BitLocker implementation
• With Windows 8.1 and certified devices we can build a secure BitLocker
without a two-factor authentication for the first time! → One less password
for your users and easier centralized management for you!
• TPM-only is the recommendation for most companies!

15. Penetration scenarios

16. Guessing the passwords
• TPM-lockout for PIN-code entry
• Recovery password is 48 digits long

17. DMA-attacks
• Direct Memory Access
• FireWire
• Thunderbolt
• ExpressCard
• PCMCIA
• PCI
• PCI-X
• PCI Express
• Allows the memory to be read
• http://www.lostpassword.com/
• http://www.windowsscope.com/

18. DMA-attacks
• Direct Memory Access
• FireWire
• Thunderbolt
• ExpressCard
• PCMCIA
• PCI
• PCI-X
• PCI Express
• Allows the memory to be read by another computer thus compromising
the in-memory key
• http://www.lostpassword.com/
• http://www.windowsscope.com/

19. ”Hardware’s fault, not Microsoft’s”
”Same for every OS”

20. DMA-attack countermeasures
• Block it with a policy: http://support.microsoft.com/kb/2516445
• Windows 8.1 blocks new devices with DMA from being installed
before the computer is unlocked!
• By Logo requirements
• Instant Go devices shouldn’t have DMA-ports
• Microsoft is driving for ThunderBolt devices to be turned on only after logging
on

21. Blocking DMA-capable devices
• Sami Laiho

22. Cold boot attacks
• Probably the best known case is called the Princeton attack
• Memory preserves its state even after losing power but quickly
becomes unreadable
• Can be slowed down with cooling/freezing

23. Cold boot countermeasures
• You can’t load another Kernel with SafeBoot on

24. Removing the frozen memory
• You could technically remove the frozen memory and take it to
another computer that has a memory reader and read the key from
the memory

25. Memory removal countermeasures
• Hard to remove if it’s on-chip
• Denser memory gets the harder it gets to read it
• Again… There are some that require the Pre-Boot authenticator that
prevents this but in reality…

26. Hacking a computer
Sami Laiho

28. More info:
• Countermeasures: Protecting BitLocker-encrypted Devices from
Attacks
• http://www.microsoft.com/en-us/download/details.aspx?id=41671
• Protect BitLocker from Pre-Boot Attacks
• http://technet.microsoft.com/en-us/library/dn632180.aspx

29. Different security levels for
different environments

30. What are we really against?

31. Different environments - Different needs
• High security environments could use BitLocker with a pre-boot/two-
factor authenticator to achieve a more secure or compliant solution
• Or a combination

32. Policies to strengthen the
protection

33. Make it even more secure?
• Force screensaver and prompt for password
• No Username on Logon or Lockout screen
• Force Hibernate
• Lock TPM if too many logon failures to Windows

34. Policies to strengthen BitLocker
Sami Laiho

35. Recap
• For me BitLocker implementation starts when choosing my hardware
• No ThunderBolt, FireWire or PCI-Express → USB 3 rules!
• UEFI with SecureBoot
• TPM
• Even better if dense memory, on board
• Force strong passwords or phrases
• No administrative rights for end-users
• 95% are good with TPM only → Aim for it!

36. BitLocker key backup and
recovery

37. Basics of BitLocker recovery
• Save your recovery keys to AD
• http://technet.microsoft.com/en-us/library/jj592683.aspx
• If you are using BitLocker To Go for USB sticks, go for Data Recovery
Agent (DRA)
• http://technet.microsoft.com/en-us/library/dd875560(v=ws.10).aspx

38. Penetration challenge!

39. How would you break into my devices?
• Let’s play I forgot these at the airport and you found them. This is
what we know:
• Computer models: Surface 2 RT and a Zenbook Prime UX31A
• OS: Windows 8.1
• The computers are on and locked - no user id visible on logon/lockout screen
• Passwords for users are more than 16 characters and complex
• BitLocker with TPM authentication only
• UAC enabled, no admin rights for the logged on user
• AppLocker enabled
• Firewall on with IPSec authentication for inbound connections
• How would you crack it? Bulletproof???