Mar 23 2007

Encrypting Data With Vista

Microsoft has tried on a few occasions to use proprietary encryption algorithms rather than rely on industry-standard algorithms. The theory was that a closed-source proprietary algorithm was that much less likely to be cracked.

The reality seems to be the opposite. No matter how much testing Microsoft performs against its algorithms, somebody may still be able to crack them. Publicly available algorithms have the advantage of having been attacked and tested and withstood the test of time. The trial by fire provides some peace of mind that the algorithm is, in fact, strong enough to protect the data.

Vista relies primarily on AES (Advanced Encryption System), using it as the encryption algorithm both EFS (Encrypted File System) and BitLocker drive encryption. BitLocker can be configured to use either 128-bit or 256-bit AES encryption. IPSec encryption uses DES (Data Encryption Standard) or 3DES, but provides the ability to use a standard MD5 hash or an SHA-1 (Secure Hashing Algorithm) hash for the integrity algorithm.

Encrypting the Pagefile Security

experts have noted for some time that the Windows pagefile poses a security risk. Windows designates a portion of the hard drive which it uses to augment the system RAM and swap data in and out of memory to improve system performance. As a result, the pagefile may contain sensitive or classified information.

Under normal conditions, the pagefile is locked down pretty well and attempts to access or view its contents from within Windows are virtually assured to fail. However, if an attacker boots the computer up using a different operating system, such as a variant of Linux that can boot from CD, they may be able to access the contents of the pagefile.

In Windows XP, there is an option in the Local Security Policy to clear the virtual memory pagefile on shutdown. With this setting enabled, you at least know that pagefile is empty when the machine is off. However, many users leave their computers on 24 x 7. In that case, the computer is never shut down so the pagefile is never erased and an attacker may be able to gain access to the contents.

Vista allows you to encrypt the pagefile using EFS. The downside is that decrypting the pagefile, typically a single file that can be 1 gigabyte or more in size, can be a time-consuming affair and may significantly impact the performance of your computer, particularly when you first boot it up.

Encrypting the pagefile may indeed be more secure, but the performance impact can be painful and you have to weigh the day-to-day impact on the functionality of the computer with the remote possibility that someone might boot your computer up with another operating system and may be able to view sensitive information contained in the pagefile.

Changes to Offline Folder Encryption

Network shares are great, as long as they are available. To ensure that data will be available even if the network is not, Microsoft has provided the ability to cache the data locally using Offline Files. Storing locally cached copies of data is fine and dandy as long as you are the only user of your machine, but on computers that are shared by more than one user the Offline Files pose a bit of a problem.

In Windows 2000, the Offline Files were cached to a directory that could be accessed and viewed by any user of the computer. With Windows XP, Microsoft tried to fix this faux pas by actually encrypting the Offline Files using EFS. There was still a problem, however. Windows XP used the LocalSystem account to generate the EFS encryption key and attackers discovered that it was rather trivial to log on to a system under the LocalSystem account, thereby gaining access to the encrypted data.

In Vista, Microsoft has improved that security by using the individual user’s own account to generate the EFS encryption key. That means that John’s Offline Files are encrypted with John’s EFS key, and Sally’s cached data is encrypted with Sally’s EFS key, and never the twain shall meet. As long as John and Sally’s individual user credentials aren’t compromised, accessing their encrypted Offline Folders data should be virtually impossible.

BitLocker Encryption and TPM

One of the hottest topics in encryption today is whole disk encryption. The high-profile cases of lost or stolen notebook computers containing sensitive or classified data unencrypted have prompted many organizations to implement some sort of whole disk encryption.

Granted, Windows has file and folder encryption already via EFS. You could just direct users to encrypt classified information, or create an encrypted folder and require that all users place their classified data into that folder. However, these measures rely on the user’s ability to realize what data is classified, and to follow through on the directive and handle it appropriately. Leaving security to user discretion is frequently a recipe for disaster.

With BitLocker, Vista is able to encrypt the entire hard drive, with the exception of a small volume which contains the basic components the computer needs in order to start booting Vista. Part of what makes BitLocker so secure is its reliance on the TPM (Trusted Platform Module) chip. It is possible to encrypt a drive using BitLocker on a system without a TPM chip, but BitLocker is designed to leverage the TPM chip and encrypting a non-TPM system is less secure.

The TPM chip is hard-wired to the system motherboard, preventing any tampering and assuring its security. The TPM chip validates the hardware components and establishes trust early in the system boot process, before the operating system is initialized. Because the TPM establishes trust based on the system hardware, an attacker cannot simply inject code or fake out the system to circumvent the security measures.

The TPM is also involved with encryption keys for the system. The TPM can create keys, in addition to storing the private key. The TPM does not rely on other components or the operating system to function. It does its processing internally, using its own firmware. Because it does not rely on or interact with any other hardware or software to function, the TPM can maintain the private key without ever exposing it to potential compromise.

The TPM acts as a cornerstone of trust for the system, and for encryption in particular. It can encrypt symmetric encryption keys so that only that specific TPM will be able to decrypt them. The TPM uses an SRK (Storage Root Key) for this type of encryption. The TPM also contains an EK (Endorsement Key) which is used as the basis for creating and maintaining the other keys on the TPM.

The BitLocker implementation in Windows Vista requires a TPM chip that meets the version 1.2 standard, and a compatible BIOS.

By default, however, BitLocker will encrypt the entire hard drive and ensure that an attacker can’t remove the drive to bypass the encryption and access the data. However, once validated by the TPM, the system would still boot up to the Windows Welcome or login screen. If a user has a weak or blank password, an attacker could still gain access to the system.

To provide the type of security necessary for lost or stolen notebooks, though, BitLocker needs tobe configured to require a PIN or Startup Key (stored on a USB thumb drive). The PIN or Startup Key would be required before Vista would be able to complete the boot process.

As long as the tools provided are properly configured, the improved encryption in Windows Vista is certainly one of the components that make this operating system the most secure version of Windows yet.

Eric Jans is a security engineer with CDW Corp., a $6.7 billion technology services provider in Vernon Hills, Ill.