Tuesday, February 12, 2008

BitLocker for the forensic investigator



Welcome back to my monologue on Vista BitLocker, specifically written for the forensic investigator.

BitLocker provides three modes of operation, which are implemented in four different options. The first two modes require a cryptographic hardware chip called a Trusted Platform Module (TPM), along with a compatible BIOS. BitLocker may be present in Enterprise or Ultimate versions of Vista. As Vista gains corporate acceptance, (and as users up-purchase to the most deluxe Vista computers) these are the most likely versions which might be encountered, so it is likely that BitLocker capabilities are lurking in the computer. 'Bad Guys' are likely to use BitLocker to their benefit. The forensic investigator needs to be prepared.

Here's some background on TPM hardware. By searching on the web for TPM, you are likely to quickly stumble on the Intel website, and ultimately, you may end up on the website of STMicroelectronics. They provide an integrated circuit which is the hardware basis for TPM encryption. A photograph from this family of chips is here. One of the current part # of the chips is ST19NA18; if you see this chip on the motherboard of a computer, it certainly has BitLocker capabilities (and your forensic investigation is likely a day late and a dollar short.) A full matrix of current and future TPM hardware offerings from STM is here. Other silicon manufacturers such as Infineon (part # SLD9630) are also vendors of TPM hardware, and I am confident that others exist. I would appreciate feedback if you run into other vendors of TPM hardware on the motherboards which you encounter.

The current version of TPM is 1.2 or higher.

The hardware implementation of BitLocker is important, as it provides obvious performance benefits to the user, along with some additional slight user satisfaction of knowing that FIPS 140 compatible hardware is involved in the process of encryption.

Now, back to the operating modes of BitLocker. They are Transparent Operation Mode; User authentication Mode (which has TWO options); and USB Key mode. Here are their descriptions:

The first mode is Transparent Operation Mode. This mode exploits the capabilities of the TPM hardware to provide for a transparent user experience. In this mode, the user may not even be aware that his drive is encrypted. The key used for the disk encryption is sealed (encrypted) by the TPM chip and will only be released to the OS loader code if the early boot files appear to be unmodified. The pre-OS components of BitLocker achieve this by implementing a Static Root of Trust Measurement -- a methodology specified by the Trusted Computing Group. ("BitLocker with TPM").

If Transparent Operation Mode is in effect, it will be difficult to remove or image the hard drive for analysis at another location. Any investigative attack on the drive (such as a Linux CD boot or an external USB boot) is likely not to be successful, but if there is a vulnerability in BitLocker, it would be in this mode of operation. Microsoft admits that this mode is vulnerable to hardware attacks.

The Transparent Operation Mode utilizes a series of cascading event points, as illustrated:



(The above chart copied from a Powerpoint presentation on Microsoft's website.)

An interesting sidepoint which may be deduced from is that BitLocker is NOT the same as Whole Disk Encryption. BitLocker maintains a small segment of the disk 'in the clear' in order to store early boot stuff. Without somewhere to store boot time code that is BitLocker/Transparent mode capable, BitLocker could not work. Consider the sequence of events which occurs at boot time:

1. Hard drive is accessed by the BIOS and code is returned/executed in the clear, without encryption.

2. This code verifies that the environment is OK; as a result a Storage Root Key is retrieved from encrypted storage within the TPM. This key gives access to the root of the encrypted OS Volume.

3. Thereafter, an encrypted key is retrieved from the root of the OS Volume. This new key is the Full Volume Encryption Key and provides access, as its name suggests, to the Full Volume.

We will now discuss the User Authentication Mode. This mode requires that the user provide some authentication to the pre-boot environment in order to be able to boot the OS. Two authentication modes are supported -- a pre-boot PIN entered by the user or a USB device that contains the required startup key. These two options are called "BitLocker with TPM and PIN" or "BitLocker with TPM and USB device".

These modes build on Transparent mode by requiring authentication. If only a PIN is required, the user's protection is limited to the capabilities of TPM (which are impressive) along with the ability to maintain security of the PIN. The temptation to use this mode of operation will be high, and it allows maximum opportunity for the properly forewarned investigator to deduce, hunt, search, or demand under warrant the PIN.

The other option of this mode simply places the PIN on a USB device. This allows even greater opportunities for the forensic investigator to find the PIN, simply by paying careful attention to USB devices.

The final mode of operation used by BitLocker is the "BitLocker with USB Key device" mode. You may be thinking that I have just copied a mode which I just described in the prior paragraphs. No, I did not. In this mode, there is no TPM hardware. All of the encryption is performed using software. The USB Key forces the user to maintain a key which is not part of the boot volume. As a result, BitLocker may be installed within any Vista computer; even without special hardware.

Microsoft makes the following comment on this form of BitLocker: "BitLocker provides support for full-volume encryption on computers that do not have the TPM 1.2 chip. Although the additional protection that the TPM provides is not present with this option, many organizations that require a basic encryption solution may find the BitLocker with USB device option satisfactory when combined with policies such as strong user account passwords and the Prompt for password when computer resumes from sleep or hibernate setting."

I am confident that Microsoft has not installed a backdoor to BitLocker. They have made this specific claim quite loudly and publicly.

Conclusions, with a forensic viewpoint:

1) Is BitLocker present? It is abundantly clear that any computer with Vista may have BitLocker.

2) Stabilize the computer. In the event of a sudden seizure, the forensic investigator needs to prevent computers from going to sleep or hibernating. Blatant, but honest advertisement right here: This may be accomplished with WiebeTech's 'Mouse Jiggler'. $29.95. It may also be accomplished by continuously moving the mouse.

3) Search for Keys. Specifically, find the user's USB key BitLocker. Alternatively, find his/her PIN code.

4) Image the computer. This may be performed prior to shutting the computer down, while the current user session is still in process, and BitLocker has not shut access to the disk. (You haven't let the computer go to sleep, have you?)

5) Consider removing the powered up computer to a secure location, utilizing WiebeTech's 'HotPlug'. (OK, that was also a blatant advertisement.)


If you feel I have left anything out of this discussion, or have disagreement with any point, please email me at james@wiebetech.com I welcome all feedback.