Tuesday, February 12, 2008

BitLocker for the forensic investigator

Welcome back to my monologue on Vista BitLocker, specifically written for the forensic investigator.

BitLocker provides three modes of operation, which are implemented in four different options. The first two modes require a cryptographic hardware chip called a Trusted Platform Module (TPM), along with a compatible BIOS. BitLocker may be present in Enterprise or Ultimate versions of Vista. As Vista gains corporate acceptance, (and as users up-purchase to the most deluxe Vista computers) these are the most likely versions which might be encountered, so it is likely that BitLocker capabilities are lurking in the computer. 'Bad Guys' are likely to use BitLocker to their benefit. The forensic investigator needs to be prepared.

Here's some background on TPM hardware. By searching on the web for TPM, you are likely to quickly stumble on the Intel website, and ultimately, you may end up on the website of STMicroelectronics. They provide an integrated circuit which is the hardware basis for TPM encryption. A photograph from this family of chips is here. One of the current part # of the chips is ST19NA18; if you see this chip on the motherboard of a computer, it certainly has BitLocker capabilities (and your forensic investigation is likely a day late and a dollar short.) A full matrix of current and future TPM hardware offerings from STM is here. Other silicon manufacturers such as Infineon (part # SLD9630) are also vendors of TPM hardware, and I am confident that others exist. I would appreciate feedback if you run into other vendors of TPM hardware on the motherboards which you encounter.

The current version of TPM is 1.2 or higher.

The hardware implementation of BitLocker is important, as it provides obvious performance benefits to the user, along with some additional slight user satisfaction of knowing that FIPS 140 compatible hardware is involved in the process of encryption.

Now, back to the operating modes of BitLocker. They are Transparent Operation Mode; User authentication Mode (which has TWO options); and USB Key mode. Here are their descriptions:

The first mode is Transparent Operation Mode. This mode exploits the capabilities of the TPM hardware to provide for a transparent user experience. In this mode, the user may not even be aware that his drive is encrypted. The key used for the disk encryption is sealed (encrypted) by the TPM chip and will only be released to the OS loader code if the early boot files appear to be unmodified. The pre-OS components of BitLocker achieve this by implementing a Static Root of Trust Measurement -- a methodology specified by the Trusted Computing Group. ("BitLocker with TPM").

If Transparent Operation Mode is in effect, it will be difficult to remove or image the hard drive for analysis at another location. Any investigative attack on the drive (such as a Linux CD boot or an external USB boot) is likely not to be successful, but if there is a vulnerability in BitLocker, it would be in this mode of operation. Microsoft admits that this mode is vulnerable to hardware attacks.

The Transparent Operation Mode utilizes a series of cascading event points, as illustrated:

(The above chart copied from a Powerpoint presentation on Microsoft's website.)

An interesting sidepoint which may be deduced from is that BitLocker is NOT the same as Whole Disk Encryption. BitLocker maintains a small segment of the disk 'in the clear' in order to store early boot stuff. Without somewhere to store boot time code that is BitLocker/Transparent mode capable, BitLocker could not work. Consider the sequence of events which occurs at boot time:

1. Hard drive is accessed by the BIOS and code is returned/executed in the clear, without encryption.

2. This code verifies that the environment is OK; as a result a Storage Root Key is retrieved from encrypted storage within the TPM. This key gives access to the root of the encrypted OS Volume.

3. Thereafter, an encrypted key is retrieved from the root of the OS Volume. This new key is the Full Volume Encryption Key and provides access, as its name suggests, to the Full Volume.

We will now discuss the User Authentication Mode. This mode requires that the user provide some authentication to the pre-boot environment in order to be able to boot the OS. Two authentication modes are supported -- a pre-boot PIN entered by the user or a USB device that contains the required startup key. These two options are called "BitLocker with TPM and PIN" or "BitLocker with TPM and USB device".

These modes build on Transparent mode by requiring authentication. If only a PIN is required, the user's protection is limited to the capabilities of TPM (which are impressive) along with the ability to maintain security of the PIN. The temptation to use this mode of operation will be high, and it allows maximum opportunity for the properly forewarned investigator to deduce, hunt, search, or demand under warrant the PIN.

The other option of this mode simply places the PIN on a USB device. This allows even greater opportunities for the forensic investigator to find the PIN, simply by paying careful attention to USB devices.

The final mode of operation used by BitLocker is the "BitLocker with USB Key device" mode. You may be thinking that I have just copied a mode which I just described in the prior paragraphs. No, I did not. In this mode, there is no TPM hardware. All of the encryption is performed using software. The USB Key forces the user to maintain a key which is not part of the boot volume. As a result, BitLocker may be installed within any Vista computer; even without special hardware.

Microsoft makes the following comment on this form of BitLocker: "BitLocker provides support for full-volume encryption on computers that do not have the TPM 1.2 chip. Although the additional protection that the TPM provides is not present with this option, many organizations that require a basic encryption solution may find the BitLocker with USB device option satisfactory when combined with policies such as strong user account passwords and the Prompt for password when computer resumes from sleep or hibernate setting."

I am confident that Microsoft has not installed a backdoor to BitLocker. They have made this specific claim quite loudly and publicly.

Conclusions, with a forensic viewpoint:

1) Is BitLocker present? It is abundantly clear that any computer with Vista may have BitLocker.

2) Stabilize the computer. In the event of a sudden seizure, the forensic investigator needs to prevent computers from going to sleep or hibernating. Blatant, but honest advertisement right here: This may be accomplished with WiebeTech's 'Mouse Jiggler'. $29.95. It may also be accomplished by continuously moving the mouse.

3) Search for Keys. Specifically, find the user's USB key BitLocker. Alternatively, find his/her PIN code.

4) Image the computer. This may be performed prior to shutting the computer down, while the current user session is still in process, and BitLocker has not shut access to the disk. (You haven't let the computer go to sleep, have you?)

5) Consider removing the powered up computer to a secure location, utilizing WiebeTech's 'HotPlug'. (OK, that was also a blatant advertisement.)

If you feel I have left anything out of this discussion, or have disagreement with any point, please email me at james@wiebetech.com I welcome all feedback.

Monday, February 4, 2008

Whole Disk Encryption, for the forensic investigator

Portions of this post have been part of my presentation at the NIST Techno Forensics show.

Forensic investigators must deal with issues associated with encryption and password protection. Several companies, such as AccessData, market effective tools for dealing with password protection issues. I have witnessed demonstrations where password cracking software is able to extract user passwords (especially in a typical Windows XP environment). However, Whole Disk Encryption (WDE) is a completely new situation.

WDE is present in Windows Vista, and is also present natively in certain new kinds of hard drives. When used within Windows Vista, it is called 'BitLocker'.

Bitlocker is a collection of technologies and tools that allow users to encrypt any hard drive volume plugged into their Vista-powered computer system. It is very powerful encrypting technology, using a state of the art AES encrypting variant with 48 digit passwords.

Microsoft is in the process of having it certified to FIPS140-2, which is an extremely tough US data security / cryptographic standard. NIST maintains a very nice document which shows the current status of the effort, and I have bookmarked it here. I checked it earlier this morning, and it was last updated in late January.

Bitlocker is only available in the Enterprise and Ultimate editions of Vista. It is also in Server 2008, where Microsoft indicates it is an optional component.

Bitlocker invokes at the obvious times: for instance, at startup, or after screen savers, sleep or hibernation modes have been engaged. As a result, it provides formidable obstacles to forensic investigators. If invoked, it will stop forensic acquisition of drive contents dead in its tracks.

The reason that Bitlocker is so powerful (and nasty) is that its underlying technology uses a well established cipher (AES in CBC mode) with a new component called an Elephant diffuser. The diffuser adds some new encryption properties which are desirable in the disk encryption setting but not included in the AES-CBC cipher method. I will explain both the CBC mode and the Elephant diffuser, in turn.

CBC is particularly effective because each block of plaintext will have a different encrypted outcome. This is because each block is dependent on prior blocks. As a result, two identical blocks of plaintext into the encryption will have different outcomes. I found a website with a particularly nice description of this feature, here. The downside to CBC is that corruption in prior blocks will render consequent blocks unreadable.

The Elephant diffuser is a Microsoft trick for improving what is already nearly perfect. Essentially, it operates as an inline encrypter/decrypter that functions ahead of the AES-CBC cipher. Microsoft's argument is that even if it is broken, AES-CBC remains functional for all the encryption. Another way of saying it is that two encrypters are better than one. If you'd like to read Microsoft's argument, you can do so here. Another good independent commentary on this trick can be found here.

That's enough post for today. In my next post, I intend to cover Bitlocker modes of operation and options thereof.

Friday, January 25, 2008

How do forensic investigators seize and analyze a computer without turning it off?

The nightmare scenario for today's modern digital forensic investigator is the seizure of a computer with strong incriminating evidence contained on its hard drive. After seizure, but prior to investigation of the drive, the computer is turned off and removed to another location. The nightmare begins when the forensic investigator realizes that the computer was password protected and encrypted; and the perp won't provide the password (or the perp is nowhere to be found!).

Think it can't happen? It just did. Read this from a recent newspaper account:


WASHINGTON -- The federal government is asking a US District Court in Vermont to order a man to type a password that would unlock files on his computer, despite his claim that doing so would constitute self-incrimination.

The case, believed to be the first of its kind to reach this level, raises a uniquely digital-age question about how to balance privacy and civil liberties against the government's responsibility to protect the public.

The case, which involves suspected possession of child pornography, comes as more Americans turn to encryption to protect the privacy and security of files on their personal computers and thumb drives.

FBI and Justice Department officials, meanwhile, have said that encryption is allowing terrorists and criminals to communicate their plots covertly.

The original article may be found on the Washinton Post's website, in it's entirety, here.

The use of WiebeTech's 'HOTPLUG' device allows forensic criminal investigators (along with our companion product, 'Mouse Jiggler') to stabilize a computer, prevent it from going to sleep, examine it, and if necessary, relocate it to a secure location without ever powering the computer down. This is real technology, it works, and it's available now.

Go ahead and look at the links. You'll see technical information on how to use Hotplug and Mouse Jiggler, along with a couple of nifty Youtube videos that demonstrate Hotplug in action.