Abstract
We discuss five attack strategies against BitLocker, which target the way BitLocker is using the TPM sealing mechanism. BitLocker is a disk encryption feature included in some versions of Microsoft Windows. It represents a state-of-the-art design, enhanced with TPM support for improved security. We show that, under certain assumptions, a dedicated attacker can circumvent the protection and break confidentiality with limited effort. Our attacks neither exploit vulnerabilities in the encryption itself nor do they directly attack the TPM. They rather exploit sequences of actions that Trusted Computing fails to prevent, demonstrating limitations of the technology.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Mitchell, C.J. (ed.): Research workshop on future TPM functionality: Final report, http://www.softeng.ox.ac.uk/etiss/trusted/research/TPM.pdf
Arbaugh, W.A., Farbert, D.J., Smith, J.M.: A secure and reliable bootstrap architecture. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 65–71. IEEE Computer Society, Los Alamitos (1997)
Fergusson, N.: AES-CBC + Elephant diffuser: A disk encryption algorithm for windows vista. Tech. rep., Microsoft (2006)
Microsoft TechNet. BitLocker Drive Encryption Technical Overview (May 8, 2008), http://technet.microsoft.com/en-us/library/cc732774.aspx
NVlabs: NVbit: Accessing bitlocker volumes from linux. Web page (2008), http://www.nvlabs.in/node/9
Hendricks, J., van Doorn, L.: Secure bootstrap is not enough: Shoring up the trusted computing base. In: Proceedings of the Eleventh SIGOPS European Workshop, ACM SIGOPS. ACM Press, New York (2004)
Halderman, J.A., Schoen, S.D., Heninger, N., Clarkson, W., Paul, W., Calandrino, J.A., Feldman, A.J., Appelbaum, J., Felten, E.W.: Lest we remember: Cold boot attacks on encryption keys. Tech. rep., Princeton University (2008)
Becher, M., Dornseif, M., Klein, C.N.: Firewire: all your memory are belong to us. Slides, http://md.hudora.de/presentations/#firewire-cansecwest
Templeton, S.J., Levitt, K.: A requires/provides model for computer attacks. In: Proceedings of New Security Paradigms Workshop, pp. 31–38. ACM Press, New York (2000)
Sparks, E.R.: Security assessment of trusted platform modules. Tech. rep., Dartmouth College (2007)
Sparks, E.R.: TPM reset attack. Web page, http://www.cs.dartmouth.edu/~pkilab/sparks/
Whitten, A., Tygar, J.D.: Why Johnny can’t encrypt. In: Proceedings of the 8th USENIX Security Symposium (1999)
Weingart, S.H.: Physical security devices for computer subsystems: A survey of attacks and defenses. In: Paar, C., Koç, Ç.K. (eds.) CHES 2000. LNCS, vol. 1965, pp. 302–317. Springer, Heidelberg (2000)
Weingart, S.: Physical Security Devices for Computer Subsystems: A Survey of Attacks and Defenses 2008, updated from the ches 2000 version (2008), http://www.atsec.com/downloads/pdf/phy_sec_dev.pdf
Drimer, S., Murdoch, S.J.: Keep your enemies close: Distance bounding against smartcard relay attacks. In: USENIX Security 2007 (2007)
Tygar, J.D., Yee, B.: Dyad: A system for using physically secure coprocessors. In: Tech. rep., Proceedings of the Joint Harvard-MIT Workshop on Technological Strategies for the Protection of Intellectual Property in the Network Multimedia Environment (1991)
Grawrock, D.: The Intel Safer Computing Initiative: Building Blocks for Trusted Computing. Intel Press (2006)
Hargreaves, C., Chivers, H.: Recovery of encryption keys from memory using a linear scan. In: Proceedings of Third International Conference on Availability, Reliability and Security, ARES 2008, pp. 1369–1376 (2008), doi:10.1109/ARES.2008.109
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Türpe, S., Poller, A., Steffan, J., Stotz, JP., Trukenmüller, J. (2009). Attacking the BitLocker Boot Process. In: Chen, L., Mitchell, C.J., Martin, A. (eds) Trusted Computing. Trust 2009. Lecture Notes in Computer Science, vol 5471. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-00587-9_12
Download citation
DOI: https://doi.org/10.1007/978-3-642-00587-9_12
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-00586-2
Online ISBN: 978-3-642-00587-9
eBook Packages: Computer ScienceComputer Science (R0)