Bitlocker

Remember the times someone logged in to your machine without you knowing, and posted crappy things on Facebook? Well, it could have been worse than that!

Assume that you’ve taken your computer to repair and the technicians somehow have accessed your valuable data stored in the hard drive. You have no idea what they can do with that data, because in some cases it would be a total nightmare. These are a few typical offline attacks that anyone would face in day to day life. In fact, the latter one is more dangerous because someone could have easily taken the hard drive from your computer and connect it to another so they can steal your data to use them for malicious purposes.

However, Windows Vista and later versions of Windows OS, come up with the functionality named “BitLocker” which is a great solution for these type of problems. By having BitLocker integrated with the operating system, it addresses the threats of data theft or exposure from lost or stolen computers.

So what is BitLocker?

BitLocker is full volume encryption component introduced by Microsoft, and it was first included with Enterprise and Ultimate editions of Windows Vista. It uses AES encryption algorithm along with the 128-bit or 256-bit key.

In simple terms, Bitlocker encrypts the hard drive(s) and make it unreadable for external parties, which helps to protect the Operating System and other data from offline attacks.

How does it work?

As mentioned earlier, BitLocker comes as an embedded feature of Windows operating systems, but we have to enable/initialize it in order to start using it.

So once you have initialized BitLocker, you should also create a recovery password or a recovery key. Because you should have a method to access and recover the data, if there is a problem occurred with the protected drive.

For the protection of the key, it also goes through few encryption cycles and finally encrypts using another key, also known as key-protector key. Some of these key-protectors are:

• TPM (Trusted Platform Module)
• Smart card
• recovery password
• user password

Additionally, BitLocker can use a Trusted Platform Module (TPM) which is hardware component installed in many newer computers by the manufacturers, and together it will verify the integrity of early boot components and boot configuration data. This helps to ensure that BitLocker makes the encrypted drive accessible only if those components have not been altered without authorization and the encrypted drive is connected to the original computer.

Security concerns

BitLocker is specially designed to protect data from offline attacks and it cannot protect data if the particular machine is stolen or lost before configuring BitLocker. The difficulty of protecting the keys is another concern associated with BitLocker.

According to Microsoft sources, BitLocker does not contain an intentionally built-in backdoor which can be used to address the issues related to law enforcement regarding disclosing confidential data in an emergency situations.

Additionally, in Windows 7 and later versions, BitLocker was developed as a new component for encrypting removable storage media devices, such as USB, which is called ‘BitLocker To Go’ . Despite of the earlier versions, BitLocker To Go allows the user to protect volumes with a password or smart card which adds more convenience for the user.

Fore more details about BitLocker, see the article ‘BitLocker Drive Encryption Overview’ (https://technet.microsoft.com/en-us/library/cc732774%28v=ws.11%29.aspx)

Article By: Pramodhi De Silva