Steve Lamb IT Pro Evangelist Microsoft Ltd What Do I Need To Know About PKI To Make Sense of BitLocker?
2 Objectives Review and teach you enough about Public Key Infrastructure to enable you to understand how Windows Vista’s Bitlocker feature set works Not bore you silly!
3 Agenda Introduction to Data Protection Cryptography Primer IPSec S/MIME BitLocker EFS
4 Introduction to Data Protection
5 Defense in Depth Using a layered approach: Each layer can be compromised Multiple layers reduce overall probability of penetration Policies, Procedures, & Awareness OS hardening, updates, BitLocker authentication, secure startup Firewalls, VPN quarantine Guards, locks, tracking devices, HSM, TPM Compartments, IPSec, IDS Application hardening Encryption (EFS, BitLocker), IRM, RMS User education against social engineering Physical Security Perimeter Internal Network Host Application Data
6 Digital Security Relies on Physical Security of Key Assets Strong Physical Security of KA Strong Digital Security Good Security Everywhere Weak Physical Security of KA Strong Digital Security Insecure Environment Strong Physical Security of KA Weak Digital Security Insecure Environment
7 Physical Security – How? Your data is only as secure as the physical security of the keys that encrypt it How do I secure the key? 1. Obfuscate it! Hackers will find it soon, so you must change the mechanism often enough. 2. Encrypt it! This only shifts the problem somewhere else, especially if the key is removed from one machine and put in another (AD?) 3. Lock it in a TPM or a smartcard! Excellent choice if device is “hard” and you trust it, but can anyone open it if they wish to? PINs? Passwords? Metrics? 4. Print it on paper! Great for occasionally used keys – but keep the paper safe, or memorise it.
8 Foundation of Data Protection Cryptography All existing data protection mechanisms rely on cryptography Differences in: Key protection Recovery strategies Deployment UI Purpose
9 Cryptography Primer
10 Symmetric Key Cryptography Encryption “The quick brown fox jumps over the lazy dog” “AxCv;5bmEseTfid3) fGsmWe#4^,sdgfMwi %” “The quick brown fox jumps over the lazy dog” Decryption Plain-text input Plain-text output Cipher-text Same key (shared secret)
11 Symmetric Pros and Cons Strength: Simple and really very fast (order of 1000 to faster than asymmetric mechanisms) Super-fast (and somewhat more secure) if done in hardware (DES, Rijndael) Weakness: Must agree the key beforehand Securely pass the key to the other party
12 Public Key Cryptography Knowledge of the encryption key doesn’t give you knowledge of the decryption key Receiver of information generates a pair of keys Publish the public key in a directory Then anyone can send him messages that only she can read
13 Public Key Encryption Encryption “The quick brown fox jumps over the lazy dog” “Py75c%bn&*)9|fDe^ mdFg$5knvMd’rkveg Ms” “The quick brown fox jumps over the lazy dog” Decryption Clear-text Input Clear-text Output Cipher-text Different keys Recipient’s public key Recipient’s private key private public
14 Public Key Pros and Cons Strength Solves problem of passing the key Allows establishment of trust context between parties Weakness: Extremely slow Susceptible to “known ciphertext” attack Problem of trusting public key (see later on PKI)
15 Hybrid Encryption (Real World) As above, repeated for other recipients or recovery agents Digital Envelope Other recipient’s or agent’s public key (in certificate) in recovery policy €25m hidden at 221b Baker St. Access code is… Symmetric key encrypted asymmetrically (e.g., RSA) Digital Envelope User’s public key (in certificate) RNG Randomly- Generated symmetric “session” key Symmetric encryption (e.g. AES) *#$fjda^ju539!3t t389E 5e%32\^kd
16*#$fjda^ju539!3t t389E 5e%32\^kd €25m hidden at 221b Baker St. Access code is… €25m hidden at 221b Baker St. Access code is… Symmetric decryption (e.g. AES) Digital Envelope Asymmetric decryption of “session” key (e.g. RSA) Symmetric “session” key Session key must be decrypted using the recipient’s private key Digital envelope contains “session” key encrypted using recipient’s public key Recipient’s private key Hybrid Decryption
17 Vista Supports NSA Suite B Required cryptographic algorithms for all US non- classified and classified (SECRET and TOP-SECRET) needs Except a small area of special-security needs (e.g. nuclear security) – guided by Suite A (definition is classified) Announced by NSA at RSA conference in Feb 2005
18 Suite-B Algorithms Encryption: AES Digital Signature: EC-DSA Key Exchange: EC-DH or EC-MQV Hashing: SHA-2
19 IPSec Layer 3 Security IPSec, or Internet Protocol (IP) Security Optional in IPv4, required in IPv6 IPv4 IPSec RFCs: 1828, 1829, 2085, 2104, 2401, 2402, 2403, 2404, 2406, 2407, 2408, 2409, 2410, 2411, 2451 plus a few drafts Purpose: Firewall-like filtering and end-point authentication See Steve Riley’s excellent sessions on the subject Confidentiality of data at IP level, i.e. Data Protection Independent of security of layers 4+ (SSL/TLS) Limitation: Host-to-host network security, not application-to-application
20 Secure / Multipurpose Internet Mail Extension Office 2007 uses S/MIME v3 (prior versions used v2) Purposes: Confidentiality of in transit over Internet Mailbox Reader-to-Mailbox Reader Causes problems of trust with web-mail, generally not implemented Digital signatures Integrity Authenticity and Identity Non-repudiation
21 BitLocker
22 BitLocker™ Purpose: Protection against laptop theft But only with secondary TPM protection (PIN/dongle etc) OS integrity assurance Hardware or disk-level offline attack protection Indirect protection of other secrets and keys Fast computer disposal Full volume encryption of the hard drive containing OS Fast and efficient 5-6% CPU usage on average, 15% in extreme cases
23 BitLocker Algorithms Suite-B naturally! AES-128 CBC with a diffuser for data Great, fast choice – use it! Diffuser (Elephant) prevents cipher-text manipulation attacks AES-256-CBC with/without diffuser is offered Much slower, not really necessary AES-256 is used for key management (no choices) Recovery key is 128 bits (48 digits)
24 BitLocker Recommendations Turn it on. For laptops, you really should enable additional key protection: PIN, Password, USB-dongle etc. Fingerprint? Ehm, no – weak security Recovery: Save the password well For extra security, remove it from escrow (in AD) See the session by Russ Humphries! All my security problems solved? No! Shared files, server folders, , workgroup and SharePoint...
25 Encrypting File System
26 EFS Purpose: folder-level confidentiality not limited to a machine Workgroups Files encrypted for multiple individuals Server locations Simple to use (right-click), but best if managed via policies Multiple recovery strategies based on: Recovery agents Escrow Key backup In Vista/Longhorn EFS can use smartcards
27 EFS Algorithms EFS supports: AES-256 (default on Server 2003/Longhorn), 192, 128 3DES – slow DESX – Algorithm unique to Microsoft, derived from DES, do not use it, as security is low Warning: this was the default on Windows XP! Change with policy: System cryptography: Use FIPS compliant algorithms for encryption, hashing and signing In Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\ Key exchange uses RSA and hashing SHA-1 before Vista, and it moves to Suite-B as of Vista/Longhorn
28 EFS Recommendations Set-up on file servers at departmental level Ensure all users’ public certificates are in AD and available For private key protection (on laptop/workstation) use: Smartcard BitLocker On Windows XP protection is afforded by “Protected Storage” Strength depends on the user’s password Observe: it does not replace, nor is replaced by BitLocker
29 Data Protection on Windows Platform IPSec BitLocker S/MIME EFS IRM/ERM
30 Summary Data Protection is your innermost layer of Defence-in- Depth, with cryptography at heart Never rely on any one technique alone Do risk assessment to know benefits and costs Windows Vista and Longhorn greatly build on the existing and already available platform
©2006 Microsoft Corporation & Project Botticelli Ltd. All rights reserved. This presentation is for informational purposes only. MICROSOFT AND PROJECT BOTTICELLI LTD MAKE NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY. E&OE. Thanks to Rafal and Project Botticelli for the material used in this presentation