SEC325 BitLocker™ Drive Encryption Deployment Laura Benofsky Lead Program Manager Windows Security-System Integrity

Agenda Business Impact BitLocker™ Overview BitLocker™ Requirements BitLocker™ Deployment Process BitLocker™ Administration & Recovery Best Practices Q&A

A large multi-national company, who wishes to remain anonymous, loses an average of one corporate laptop per business day in the taxicabs of just one US city… 4

Legal & Regulatory Compliance Information Loss Is Costly Information loss – whether via theft or accidental leakage – is costly on several levels Financial The U.S. Dept of Justice estimates that intellectual property theft cost enterprises $250 billion in 2004 Loss of revenue, market capitalization, and competitive advantage Legal & Regulatory Compliance Increasing regulation: SOX, HIPAA, GLBA Bringing a company into compliance can be complex and expensive Non-compliance can lead to significant legal fees, fines and/or settlements Image & Credibility Leaked executive e-mails can be embarrassing Unintended forwarding of sensitive information can adversely impact the company’s image and/or credibility 5

BitLocker™ Drive Encryption Overview

BitLocker™ Design Goals BitLocker™ Drive Encryption gives you improved data protection on your Windows Vista and Windows Server codenamed “Longhorn” systems Notebooks – Often stolen, easily lost in transit Desktops – Often stolen, difficult to safely decommission Servers – High value targets, often kept in insecure locations All three can contain very sensitive IP and customer data Designed to provide a transparent user experience that requires little to no interaction on a protected system Prevents thieves from using another OS or software hacking tool to break OS file and system protections Prevents offline viewing of user data and OS files Provides enhanced data protection and boot validation through use of a Trusted Platform Module (TPM) v1.2

BitLocker™ and TPM Features BitLocker™ Drive Encryption Encrypts entire volume Uses Trusted Platform Module (TPM) v1.2 to validate pre-OS components Customizable protection and authentication methods Pre-OS Protection USB startup key, PIN, and TPM-backed authentication Single Microsoft TPM Driver Improved stability and security TPM Base Services (TBS) Enables third party applications Active Directory Backup Automated key backup to AD server Group Policy support Scriptable Interfaces TPM management BitLocker™ management Command-line tool Secure Decommissioning Wipe keys and repurpose

What Is A Trusted Platform Module (TPM)? Smartcard-like module on the motherboard that: Performs cryptographic functions RSA, SHA-1, RNG Meets encryption export requirements Can create, store and manage keys Provides a unique Endorsement Key (EK) Provides a unique Storage Root Key (SRK) Performs digital signature operations Holds Platform Measurements (hashes) Anchors chain of trust for keys and credentials Protects itself against attacks TPM 1.2 spec: www.trustedcomputinggroup.org

Why Use A TPM? Trusted Platforms use Roots-of-Trust A TPM is an implementation of a Root-of-Trust A hardware Root-of-Trust has distinct advantages Software can be hacked by Software Difficult to root trust in software that has to validate itself Hardware can be made to be robust against attacks Certified to be tamper resistant Hardware and software combined can protect root secrets better than software alone A TPM can ensure that keys and secrets are only available for use when the environment is appropriate Security can be tied to specific hardware and software configurations

Disk Layout & Key Storage Windows Partition Contains Encrypted OS Encrypted Page File Encrypted Temp Files Encrypted Data Encrypted Hibernation File Where’s the Encryption Key? SRK (Storage Root Key) contained in TPM SRK encrypts VEK (Volume Encryption Key) protected by TPM/PIN/Dongle VEK stored (encrypted by SRK) on hard drive in Boot Partition SRK VEK 2 1 Windows Boot 3 Boot Partition Contains: MBR, Loader, Boot Utilities (Unencrypted, small) 11

BitLocker™ Architecture Static Root of Trust Measurement of early boot components 12

BitLockerTM in Windows Vista

BitLocker™ Requirements and Deployment 14

Hardware Requirements Trusted Platform Module (TPM) v1.2. TCG-compliant (Trusted Computing Group) v1.2 BIOS. The system BIOS must support both reading and writing small files on a USB flash drive in the pre-operating system environment. Computer must have at least two volumes to operate: Operating System Volume Must be NTFS Contains Windows OS and its support files. Data on this volume is protected by BitLocker. System Volume Must be NTFS, must differ from OS Volume, must NOT be encrypted Contains hardware-specific files that are needed to load Windows after the BIOS has booted the platform

Deployment Process Plan Deploy Support Review Existing Infrastructure Hardware Requirements Check for Hardware Requirements Key TPM Concepts Talk with your OEM BitLocker Protectors Define BitLocker Configuration Define Security Policy Configure Active Directory Configure Group Policy Deploy BitLocker Ready OS Image TPM Configuration Script BitLocker Configuration Script Support BitLocker Servicing

Review Existing Infrastructure Plan Deploy Support How and when are new machines configured? eg. OEM preconfigured, PXE boot WinPE, staging environment, etc… Do you plan to deploy BitLocker on non-TPM machines? What is the OS Deployment method used? eg. Imaging, unattended setup What is the Application Delivery Method? eg. Integrated with Image, scripted unattend install etc… How are updates/patches being applied?

Key TPM Concepts Physical Presence Endorsement Key TPM States Plan Deploy Support Physical Presence Physical presence implies direct interaction by a person with the platform to perform basic administrative tasks and to bootstrap management and access control mechanisms Endorsement Key Endorsement key(EK) is an RSA key pair. A given TPM must be associated with one and only one EK for a TPM to function properly TPM States On – The TPM should be enabled and activated. This requires Physical Presence Owned/Un-owned – A platform is owned when an EK exists and the true owner knows owner authorization data. BDE cannot use the TPM until it is in owned state

Talk with your OEM Plan Deploy Support What is the state of the TPM when it is shipped to your organization? Is the Endorsement Key already on the TPM? Does the OEM provide tools to automate management of TPM? How does the OEM implement Physical Presence? Do the existing machines without TPM devices support USB devices at boot time?

Define Security Policy Plan Deploy Support Recovery Scenarios Broken Hardware Recovery Scenario Hard drive moves to new system Recovery using Control Panel Attack Detected Recovery Scenario Modified or Missing Boot Loader Files Boot mode Recovery Missing Windows Critical Components Scenario WinRE Recovery Recovery policies Define policies per supported BitLocker configuration Develop recovery process flow per supported configuration In the event of recovery… determine root cause and track Recovery process should include identity checks for support calls Consider recovery material un-secure after used by non-secure party Regenerate new recovery material after use

Define Security Policy Plan Deploy Support Key management policy Backup recovery passwords to Active Directory Consider using Recovery Keys along with Recovery Passwords Save Recovery Keys to central location for support purposes Backup key material to secure offline storage Machine Retirement Policy Force Recovery on a drive without invalidating any saved recovery methods Force Recovery on a drive and invalidate all saved recovery methods Run Vista Format on a drive Automatically deletes all BitLocker key structures and then formats the drive Available starting RC1

Configure Active Directory Plan Deploy Support To store BitLocker recovery information in active directory: All domain controllers in the domain must be at least Windows Server 2003 SP1 Apply schema extensions to support additional attributes If you have a Windows Longhorn domain controller in your environment the schema extensions are already in place and no update is needed Configure permissions on BitLocker and TPM Recovery Information Schema Objects If you have more than one AD forest, extend the schema in each forest that will have BitLocker machines Give read permissions to users that will assist in the event of recovery

Configure Group Policy Plan Deploy Support BitLocker group policy settings include: Turn on AD backup of BDE recovery information Turn on AD backup of TPM recovery information Configure UI experience Consider enabling power management control for BitLocker enabled machines Limit machines from automatically enter sleep (default) Keep users from changing this configuration

BitLocker Ready OS Image Plan Deploy Support To create OS Image Install Windows Vista on a reference Machine that meets BitLocker partition requirements. Install any applications. Run Sysprep and generalize the machine Boot into Windows PE to capture the system and OS partition using ImageX For unattended installation replace the default Vista wim file with new OS wim file created in the previous step. Now initiate unattend install using PXE Boot, Windows PE Boot etc… For Image based deployment create the partitions using diskpart. Use ImageX to apply the System and OS wim files created earlier to the partitions WAIK and OPK Ensure that BitLocker partitions are defined within the Setup Node when you are describing Vista Setup via System Image Manager SMS OSD Vista update does not support multi-partition. You will need to write a script that uses Diskpart to create the required partitions

TPM Configuration Script Plan Deploy Support Computer with TPM 1.2 for which EK has been created by OEM. Need to turn on the TPM and take ownership. Using Manage-BDE Manage-bde.wsf –tpm –TurnOn Manage-bde.wsf –tpm –TakeOwnership Password Using WMI Call SetPysicalPresenceRequest(10) to enable, activate and allow the installation of a TPM owner using physical presence. A computer restart will be required. Call ConvertToOwnerAuth to create owner authorization value Call TakeOwnership to set an owner for the TPM

BitLocker Configuration Script Plan Deploy Support Enable BitLocker using TPM only on a computer that is BitLocker compliant. You want to be able to recover the volume in case of attack, computer damage etc… Using Manage-BDE Manage-bde.wsf -on -recoverypassword c: Manage-bde.wsf –status c: Using WMI Call methods beginning with ProtectKey to secure the encryption key for the volume. Make sure to include key protectors that can be used in recovery scenarios. For example: ProtectKeyWithTPM ProtectKeyWithNumericalPassword Call Encrypt to begin conversion of the volume Conversion is complete when GetConversionStatus indicates that the volume is fully encrypted Call GetProtectionStatus to ensure that BitLocker protection is on

BitLocker Servicing Plan Deploy Support Things you should know when upgrading components on BitLocker enabled machine For BIOS firmware BIOS is hashed by the TPM so servicing requires resealing of the keys. Always enter disabled mode prior to BIOS update. Failure to enter disabled mode will trigger recovery Disabled mode is an operation mode that does not decrypt the drive and allows component upgrades. For OS updates Patch sent through Windows Update Signature chain is automatically verified to establish trust Does not require entering disabled mode Other updates (e.g. apps) Patch sent by app/software vendors May require resealing or entering disabled mode

BitLocker™ Recovery Scenarios Lost/Forgotten Authentication Methods Lost USB key, user forgets PIN Upgrade to Core Files Unanticipated change to pre-OS files (BIOS upgrade, etc…) Broken Hardware Hard drive moved to a new system Deliberate Attack Modified or missing pre-OS files (Hacked BIOS, MBR, etc…)

BitLocker™ Recovery Methods Recommended method for domain-joined machines Automate key backups through BitLocker™ Setup Configure group policy to store keys in Active Directory Provides centralized storage and management of keys Recommended methods for non domain-joined machines Back up to a USB flash device Back up to a web-based key storage service “Windows Ultimate Extras” – Provides a free key storage service for home users or unmanaged environments Potential OEM or 3rd-party service for key storage Back up to a file Print or record to physical media

BitLocker Best Practices Create and securely store recovery information: set up and validate recovery processes that include a way to track the number of recovery requests, a way to determine root cause of recovery requests and a way to ensure that requests are from legitimate users. Keep BitLocker protection enabled, or turn protection off by decrypting the disk; temporarily disable BitLocker only for planned upgrade scenarios Avoid putting your computer in standby or hybrid sleep mode; configure your computer to hibernate or power off

TPM Best Practices TPM must be physically secured to the motherboard TPM that comes from the OEM with an Endorsement Key A platform that supports direct user input (not automated) to prove physical presence when committing important changes to the TPM Initialize the TPM before deploying the platform to end users when possible OEM should digitally sign and verify the TPM and BIOS firmware patches

Additional Resources Web Resources BitLocker™ Questions or Ideas Windows Vista BitLocker Client Platform Requirements http://www.microsoft.com/whdc/system/platform/hwsecurity/BitLockerReq.mspx Specs and Whitepapers http://www.microsoft.com/whdc/system/platform/hwsecurity/default.mspx Windows Logo Program Testing http://www.microsoft.com/whdc/GetStart/testing.mspx Trusted Computing Group (TCG) Website http://www.trustedcomputinggroup.org BitLocker™ Questions or Ideas e-mail: bdeinfo@microsoft.com BitLocker™ Blog http://blogs.msdn.com/si_team/default.aspx

Fill out a session evaluation on CommNet and Win an XBOX 360!

© 2006 Microsoft Corporation. All rights reserved © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Appendix

BitLocker Protectors TPM PIN Startup Key Recovery Password A security hardware that provides a hardware-based root of trust and can be leveraged to provide a variety of cryptographic services . BitLocker only supports TPM v1.2 and above. PIN The PIN can have 4 to 20 digits, and internally is stored as a 256-bit hash of the entered Unicode characters. This value is never displayed back to the user in any form or for any reason. The PIN is used to provide another factor of protection in conjunction with TPM authentication. Startup Key The startup key is an encrypted file that can be stored on USB flash drive. This protector can be used alone on non-TPM machines or in conjunction with a TPM for added security. Recovery Password This protector is a 48 character numeric number that is used to unlock a volume. This password must be entered at boot time in the event a recovery is needed using the function keys. Recovery Key Key used for recovering data encrypted on a BitLocker volume. This key is cryptographically equivalent to a Startup Key, and is not the same as the recovery password.

Key Architecture