As blogged recently by the Bitlocker crew
, the behaviour of BitLocker in Windows Vista RC1 has been changed – there were originally three methods of providing the regular unlock key to Bitlocker, and this has been reduced to one without some irritating Group Policy mularkey.
The key method that is left enabled by default is that of providing the key from the on-board TPM chip, after it has verified the boot code.
The two previous methods were TPM + PIN, where the user had to enter a 4-to-20 digit numeric key; and USB, where the TPM chip didn’t necessarily play any part, but the user had to provide a 128-bit key on a USB thumb-drive.
These methods are still available, if you want to go through an onerous Group Policy change, but they are hidden from users because, apparently, they are too complex for most users to use correctly.
Given that Bitlocker is an acknowledgement that the user is carrying data that we’d like to see made inaccessible rather than hand it to hackers, I’m sceptical that we should be assuming that the user – or more precisely, the system installer, is incapable of following technical instructions.
That aside, the use of TPM alone, followed by the statement from the BitLocker crew that BitLocker is designed to protect against offline attacks on a stolen laptop, suggests that they may have lost sight of their goal.
First, yes, strictly speaking, BitLocker does protect against an offline attack on the hard drive, no matter what keying material is used – TPM, TPM+PIN, or USB.
But that’s only half of the picture.
What about an online [i.e. powered-on] physical attack?
If I steal your laptop, protected by BitLocker, with TPM alone, I have everything I need to bring the system from a powered-off, encrypted, protected state, to a powered-on, decrypted, less-protected state. If I know an attack against your OS that can be achieved through any of the numerous holes on the outside of the machine (usually labeled “ports”), I can attack that machine at my leisure, while it’s running.
Quite simply, all I need do is wait for the next Vista exploit to do the rounds, and I can attack through the network, or the USB, or the parallel connection, or the 1394, or …
And while I respect the work that has been done to secure Vista, I’m certain that there will be a way to exploit a machine, “protected” by BitLocker and TPM, to which I have physical access.
[Maybe I don't have to wait so long - USB devices, after all, get direct access to the system's memory.]
Better by far is a solution where the keying material is kept away from the computer (such as the USB or TPM+PIN methods), so that the computer is not only protected against incursions into the operating system before it boots, but is also prevented from booting until you can provide keys that indicate you are the owner.
As it stands, Bitlocker + TPM – the only option available by default – will only protect the operating system from pre-boot incursion. Unlike other drive-encryption software, it will then allow the boot to proceed, exposing a wider attack surface to the thief.