Pen Testing Windows Vista Bitlocker Drive Encryption From The Inside presented at HITBSecConf Malaysia 2006

by Douglas Maciver,

Tags: Security Testing

Summary : Presentation Title:Presentation Details:This insider’s candid perspective on the threat analysis and penetration of BitLocker Drive Encryption will be a forthright review of its threats, vulnerabilities, and their mitigations — significant since the talk is in advance of the products release date. The presentation will bring together known device attacks such as DMA exploits with “not-widely-discussed” platform vulnerabilities to show how they affect BitLocker Drive Encryption and device security in general. The presentation will also include the penetration team’s best crack-finding practices, the BitLocker team’s use of Microsoft’s Security Development Lifecycle, threat-modeling, threat-storming, queer views, and other practical tips. Along with DMA exploits, some of the other BitLocker and device attacks to be discussed are: PIN-hammering, key-wear analysis, ciphertext manipulation, physical memory attacks, Trusted Computing Base subversion, LPC bus attacks, and others.Other threat analysis and penetration insights from the team will include: the poison of conventional wisdom, avoiding paranoia-induced burnout, pros and cons of external security review, security code review best practices, how to avoid analysis paralysis, leveraging dream states, adversary modeling, forensics, and cryptographic validation. The presenter is a member of the penetration team. This presentation will not be a marketing or sales presentation. It will contain a (very) brief overview of BitLocker Drive Encryption, limited to its security elements. For general BitLocker information, please go to www.microsoft.com.Why this talk rocksReason 1:This presentation is an insider’s candid perspective on the threat analysis and penetration of a significant data protection feature in Microsoft Windows Vista. The presenter is a member of the penetration team. This is not a marketing or sales presentation.Reason 2:This will be a forthright discussion of threats and mitigations — in advance of the products release. The presentation will bring together known device attacks such as DMA exploits with “not-widely-discussed” platform vulnerabilities to show how they affect BitLocker Drive Encryption and device security in general.Reason 3:Microsoft has staffed a formidable security team and implemented new security engineering processes which are state-of-the-art. Sharing the BitLocker teamxe2u20acu2122s experiences with these processes will help the threat analysis and penetration community.Detailed Outline:1. Brief Technical Intro to BitLockerTrusted Platform Module (TPM)Pre-OS ArchitectureSecure StartupOS ArchitectureKey ArchitectureModes: Usability & TCO vs. Security2. Attacks against the CRTM and TCBCore Root of Trust for Measurement (CRTM)Trusted Computing BaseCRTM ImmutabilityPre-OS component Attacks (bootmgr, winload, winresume)Mitigations: BIOS Secure Upgrade3. Defining the Threat DomainDefining the target of evaluationHow the device has become the new attack frontierAttack / defense asymmetry: Every stone in the castle wall must be checkedModeling the adversary: profiling and serial criminalsWhy we assume adversaries have oracle knowledge of the system4. DMA AttacksReferences David Maynor and David Hulton previous USB and PCCard bus workDescribes how these threats affect BitLockerMitigations5. Ciphertext Manipulation AttacksAttacks against the CRTM and the security posture of the systemMitigations6. Brief Intro to BitLocker Cryptographic ComponentsAESAES CCMElephant / Diffusion7. BitLocker Cryptographic ValidationImplementation bugsInternal reviewExternal reviewFIPS8. Brief Intro to Microsoft’s Security Development LifecycleList the 13 stagesDiscuss how BitLocker exceeds SDL requirements and whyToolsWhat did and didn’t work for the BitLocker team9. TPM PIN Dictionary AttacksDescriptionMitigationsRelated attacks10. Brief Intro to Threat Modeling at MicrosoftComponent DiagramsEntry PointsTrust LevelsProtected AssetsThreats, STRIDE, DREADData Flow DiagramsToolsThreat Trees vs. Threat GraphsThreat-stormingQueer viewsWhat did and didn’t work for the BitLocker team11. Why Code Review is FruitfulStatic analysis1000’s of APIs100,000’s Lines of CodeExamples of vulnerabilities found and fixed12. Analysis Paralysis and the Data FloodCondensing the threats: Top TenThreat classes13. Pentest Tool DevelopmentManual vs. Automated pentestingNegative testing vs. pentestingDumb and smart fuzzingDemoing the Exploit: An (expensive) communication medium to management14. External Security Review:Pro and cons15. Physical Memory AttacksWarm ghostDIMM ExtractionBurn-inMitigations16. Avoiding Paranoia BurnoutFinding the threat edgeFear of the unknownPostcards from Lu-Lu land17. ForensicsFront doors onlyNo secret sauce18. Crack-finding summaryTop ten habits of successful penetratorsPuzzlesDreamingThe insider threat19. A short description of the BitLocker penteamTop ten desirable characteristics of penetratorsWhy it pays to have in-team threat analysis and penetration20. Security work at Microsoft is hotMicrosoft has built a world-class security team.Our experience, talent, knowledge base, tools, and resources are a formidable asset.If you want to take part in security that will positively affect millions of people, this is an excellent place to be.21. BitLocker crack-finding is an on-going effortThe crack-finding work will continue indefinitelyAbout DouglasDouglas MacIver joined Microsoft in 2004 as a penetration engineer, hell-bent on helping to build data privacy tools for the citizens of world. He has worked on security projects at Intel, PassEdge, InterTrust, and Microsoft.