320 likes | 585 Views
What Do I Need To Know About PKI To Make Sense of BitLocker ?. Steve Lamb IT Pro Evangelist Microsoft Ltd http://blogs.technet.com/steve_lamb mailto://stephen.lamb@microsoft.com. Objectives.
E N D
What Do I Need To Know About PKI To Make Sense of BitLocker? Steve Lamb IT Pro Evangelist Microsoft Ltd http://blogs.technet.com/steve_lamb mailto://stephen.lamb@microsoft.com
Objectives • Review and teach you enough about Public Key Infrastructure to enable you to understand how Windows Vista’s Bitlocker feature set works • Not bore you silly!
Agenda • Introduction to Data Protection • Cryptography Primer • IPSec • S/MIME • BitLocker • EFS
Defense in Depth • Using a layered approach: • Each layer can be compromised • Multiple layers reduce overall probability of penetration Policies, Procedures, & Awareness Physical Security Encryption (EFS, BitLocker), IRM, RMS Data Application Application hardening OS hardening, updates, BitLocker authentication, secure startup Host Internal Network Compartments, IPSec, IDS Firewalls, VPN quarantine Perimeter Guards, locks, tracking devices, HSM, TPM User education against social engineering
Strong PhysicalSecurity of KA Strong PhysicalSecurity of KA Weak PhysicalSecurity of KA Weak DigitalSecurity Strong DigitalSecurity Strong DigitalSecurity InsecureEnvironment Good SecurityEverywhere InsecureEnvironment Digital Security Relies on Physical Security of Key Assets
Physical Security – How? • Your data is only as secure as the physical security of the keys that encrypt it • How do I secure the key? • Obfuscate it! • Hackers will find it soon, so you must change the mechanism often enough. • Encrypt it! • This only shifts the problem somewhere else, especially if the key is removed from one machine and put in another (AD?) • Lock it in a TPM or a smartcard! • Excellent choice if device is “hard” and you trust it, but can anyone open it if they wish to? PINs? Passwords? Metrics? • Print it on paper! • Great for occasionally used keys – but keep the paper safe, or memorise it.
Foundation of Data Protection • Cryptography • All existing data protection mechanisms rely on cryptography • Differences in: • Key protection • Recovery strategies • Deployment • UI • Purpose
Symmetric Key Cryptography Plain-text input Plain-text output Cipher-text “The quick brown fox jumps over the lazy dog” “The quick brown fox jumps over the lazy dog” “AxCv;5bmEseTfid3)fGsmWe#4^,sdgfMwir3:dkJeTsY8R\s@!q3%” Encryption Decryption Same key(shared secret)
Symmetric Pros and Cons • Strength: • Simple and really very fast (order of 1000 to 10000 faster than asymmetric mechanisms) • Super-fast (and somewhat more secure) if done in hardware (DES, Rijndael) • Weakness: • Must agree the key beforehand • Securely pass the key to the other party
Public Key Cryptography • Knowledge of the encryption key doesn’t give you knowledge of the decryption key • Receiver of information generates a pair of keys • Publish the public key in a directory • Then anyone can send him messages that only she can read
private public Public Key Encryption Clear-text Input Clear-text Output Cipher-text “The quick brown fox jumps over the lazy dog” “The quick brown fox jumps over the lazy dog” “Py75c%bn&*)9|fDe^bDFaq#xzjFr@g5=&nmdFg$5knvMd’rkvegMs” Encryption Decryption Different keys Recipient’s private key Recipient’s public key
Public Key Pros and Cons • Strength • Solves problem of passing the key • Allows establishment of trust context between parties • Weakness: • Extremely slow • Susceptible to “known ciphertext” attack • Problem of trusting public key (see later on PKI)
Symmetric encryption (e.g. AES) *#$fjda^j u539!3t t389E *&\@ 5e%32\^kd Symmetric key encrypted asymmetrically (e.g., RSA) Digital Envelope User’s public key (in certificate) As above, repeated for other recipientsor recovery agents DigitalEnvelope Randomly- Generated symmetric“session” key Other recipient’s or agent’s public key (in certificate) in recovery policy RNG Hybrid Encryption (Real World) €25m hiddenat 221b Baker St. Access code is…
Symmetricdecryption (e.g. AES) €25m hiddenat 221b Baker St. Access code is… Symmetric “session” key Recipient’s privatekey Asymmetric decryption of “session” key (e.g. RSA) Session key must be decrypted using the recipient’s private key Digital envelope contains “session” key encrypted using recipient’s public key Digital Envelope Hybrid Decryption *#$fjda^j u539!3t t389E *&\@ 5e%32\^kd
Vista Supports NSA Suite Bwww.nsa.gov/ia/industry/crypto_suite_b.cfm • Required cryptographic algorithms for all US non-classified and classified (SECRET and TOP-SECRET) needs • Except a small area of special-security needs (e.g. nuclear security) – guided by Suite A (definition is classified) • Announced by NSA at RSA conference in Feb 2005
Suite-B Algorithms • Encryption: AES • Digital Signature: EC-DSA • Key Exchange: EC-DH or EC-MQV • Hashing: SHA-2
IPSecLayer 3 Security • IPSec, or Internet Protocol (IP) Security • Optional in IPv4, required in IPv6 • IPv4 IPSec RFCs: 1828, 1829, 2085, 2104, 2401, 2402, 2403, 2404, 2406, 2407, 2408, 2409, 2410, 2411, 2451 plus a few drafts • Purpose: • Firewall-like filtering and end-point authentication • See Steve Riley’s excellent sessions on the subject • Confidentiality of data at IP level, i.e. Data Protection • Independent of security of layers 4+ (SSL/TLS) • Limitation: • Host-to-host network security, not application-to-application
Secure / Multipurpose Internet Mail Extension • Office 2007 uses S/MIME v3 (prior versions used v2) • Purposes: • Confidentiality of email in transit over Internet • Mailbox Reader-to-Mailbox Reader • Causes problems of trust with web-mail, generally not implemented • Digital signatures • Integrity • Authenticity and Identity • Non-repudiation
BitLocker™ • Purpose: • Protection against laptop theft • But only with secondary TPM protection (PIN/dongle etc) • OS integrity assurance • Hardware or disk-level offline attack protection • Indirect protection of other secrets and keys • Fast computer disposal • Full volume encryption of the hard drive containing OS • Fast and efficient • 5-6% CPU usage on average, 15% in extreme cases
BitLocker Algorithms • Suite-B naturally! • AES-128 CBC with a diffuser for data • Great, fast choice – use it! • Diffuser (Elephant) prevents cipher-text manipulation attacks • AES-256-CBC with/without diffuser is offered • Much slower, not really necessary • AES-256 is used for key management (no choices) • Recovery key is 128 bits (48 digits)
BitLocker Recommendations • Turn it on. • For laptops, you really should enable additional key protection: • PIN, Password, USB-dongle etc. • Fingerprint? Ehm, no – weak security • Recovery: • Save the password well • For extra security, remove it from escrow (in AD) • See the session by Russ Humphries! • All my security problems solved? No! • Shared files, server folders, email, workgroup and SharePoint...
EFS • Purpose: folder-level confidentiality not limited to a machine • Workgroups • Files encrypted for multiple individuals • Server locations • Simple to use (right-click), but best if managed via policies • Multiple recovery strategies based on: • Recovery agents • Escrow • Key backup • In Vista/Longhorn EFS can use smartcards
EFS Algorithms • EFS supports: • AES-256 (default on Server 2003/Longhorn), 192, 128 • 3DES – slow • DESX – Algorithm unique to Microsoft, derived from DES, do not use it, as security is low • Warning: this was the default on Windows XP! • Change with policy: • System cryptography: Use FIPS compliant algorithms for encryption, hashing and signing • In Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\ • Key exchange uses RSA and hashing SHA-1 before Vista, and it moves to Suite-B as of Vista/Longhorn
EFS Recommendations • Set-up on file servers at departmental level • Ensure all users’ public certificates are in AD and available • For private key protection (on laptop/workstation) use: • Smartcard • BitLocker • On Windows XP protection is afforded by “Protected Storage” • Strength depends on the user’s password • Observe: it does not replace, nor is replaced by BitLocker
Data Protection on Windows Platform S/MIME EFS IRM/ERM BitLocker IPSec
Summary • Data Protection is your innermost layer of Defence-in-Depth, with cryptography at heart • Never rely on any one technique alone • Do risk assessment to know benefits and costs • Windows Vista and Longhorn greatly build on the existing and already available platform
Thanks to Rafal and Project Botticelli for the material used in this presentation © 2006 Microsoft Corporation & Project Botticelli Ltd. All rights reserved.This presentation is for informational purposes only. MICROSOFT AND PROJECT BOTTICELLI LTD MAKE NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY. E&OE.