Enterprise And Server Use Of BitLocker™ Drive Encryption Stephen Heil

Enterprise And Server Use Of BitLocker Drive Encryption Stephen Heil Technical Evangelist Windows Core OS Microsoft Corporation Xian Ke Program Manager Windows System Integrity Microsoft Corporation

Agenda Remote and branch office server scenarios BitLocker Drive Encryption overview Protection and recovery scenarios Demo Management scenarios Management features Enterprise concerns BitLocker requirements for Windows Server codenamed “Longhorn” Summary

Information Loss is Costly Information loss – whether via theft or accidental leakage – is costly on several levels Financial Legal & Regulatory Compliance Image & Credibility The The U.S. U.S. Dept Dept of of Justice Justice estimates estimates that that intellectual intellectual property property theft theft cost cost enterprises enterprises 250 250 billion billion in in 2004 Loss Loss of of revenue, revenue, market market capitalization, capitalization, and competitive competitive advantage Increasing Increasing regulation: SOX, HIPAA, HIPAA, GLBA GLBA Bringing Bringing a a company company into into compliance compliance can can be complex complex and and expensive expensive Non-compliance Non-compliance can can lead lead to to significant significant legal legal fees, fees, fines fines and/or and/or settlements settlements Leaked Leaked executive e-mails can be embarrassing Unintended Unintended forwarding forwarding of of sensitive information can adversely adversely impact impact the the company’s company’s image image and/or and/or credibility credibility

Branch Office Challenges Theft of server and/or its hard drives Re-provision or decommission of server or its hard drives Data theft via disk cloning by maintenance and outsourcing technicians Secure deployment of a fully configured machine shipped to remote location Data-at-rest on Branch Office Servers needs protection!

Branch Office Server Class Systems More than 25% of Windows Servers are installed in branch offices and remote locations where physical security may be lax Retail Finance Insurance Typical hardware 1P and 2P pedestal systems RAID

BitLocker And TPM Features BitLocker Drive Encryption Encrypts entire volume Uses Trusted Platform Module (TPM) v1.2 to validate pre-OS components Customizable protection and authentication methods Pre-OS Protection USB startup key, PIN, and TPM-backed authentication Single Microsoft TPM Driver Improved stability and security TPM Base Services (TBS) Enables third party applications Active Directory Backup Automated key backup to AD server Group Policy support Scriptable Interfaces TPM management BitLocker management Command-line tool

1-Factor TPM-Only Protection Scenario Cleartext data Data ------------------------- Encrypted Volume Volume Encryption Key (FVEK) FVEK VMK Decryption performed on data using FVEK Encrypted Disk Sectors Transparently validates early boot components on OS startup Best ease of use Protects against SW-only attacks Vulnerable to some HW attacks Unseal performed on VMK by TPM TPM

2-Factor TPM PIN Protection Scenario Cleartext data Data ------------------------- Volume Encryption Key (FVEK) FVEK VMK Decryption performed on data using FVEK Encrypted Disk Sectors Must enter 4-20 digit PIN on OS startup Validates PIN and early boot components Protects against software-only and many hardware attacks Vulnerable to TPM breaking attacks Unseal performed on VMK TPM Key TPM PIN Disk Encrypted Volume

2-Factor TPM Startup Key Protection Scenario Cleartext data FVEK VMK Decryption performed on data using FVEK Volume Encryption Key (FVEK) Unseal performed on VMK Combining keys by using XOR Disk Encrypted Volume TPM Intermediate key ------------------------- Encrypted disk sectors Looks for USB flash drive with Startup Key Validates saved key and early boot components Protects against many HW attacks Protects against TPM attacks USB device with Startup Key

Startup Key Protection Scenario Cleartext Data Data ------------------------- Volume Encryption Key (FVEK) FVEK VMK Decryption performed on data using FVEK Encrypted disk sectors Looks for USB with Startup Key Validates saved key Protects against many HW attacks Vulnerable to lost token and pre-OS attacks Decrypting of the VMK Disk Encrypted Volume USB device with Startup Key

Recovery Key Scenario Cleartext Data Data ------------------------- Volume Encryption Key (FVEK) FVEK VMK Decryption performed on data using FVEK Encrypted disk sectors Looks for USB with Recovery Key Validates saved key Unlocks volume to enable decryption Decrypting of the VMK MK dV e t ryp Enc RK Disk Encrypted Volume USB device with RK

Recovery Password Scenario Cleartext Data ------------------------- Data Volume Encryption Key (FVEK) FVEK VMK Decryption performed on data using FVEK Encrypted disk sectors Prompts user to enter Recovery Password Validates Password Unlocks volume to enable decryption Decryption of the VMK using the password cr En Encrypted Volume d te yp K VM Re c ov ery pa ssw o rd F-key password obtained from Admin

Protection For Data Volumes Definition: A data volume is a BitLocker-capable volume without the current OS Automatic unlocking Transparently read encrypted data volumes Save unlock keys on the BitLocker-protected OS volume Inherited protection Gain TPM-based protection from the OS volume No need to manage new startup PINs or startup keys Recover volumes Unlock access with a numerical password or external key Decommission volumes Reduce data exposure by wiping stored BitLocker keys Integrated into FORMAT in Windows Vista RC1

BitLocker And Data Volumes Server and client management Unlocking and auto-unlocking

BitLocker Management Scenarios Turn on and off BitLocker protection View BitLocker status indicators View and manage key protectors for the volume’s encryption key Temporarily disable protectors without decryption Unlock and recover encrypted volumes Set up automatic unlocking of data volumes Decommission volumes

TPM Management Scenarios Initialize TPM to work with BitLocker and other apps Turn on and manage the TPM with “physical presence” assertions View TPM status and manufacturer information View all available TPM commands and descriptions Block and allow TPM commands

BitLocker Status Indicators Conversion status Fully encrypted Encryption/decryption in progress, encryption percentage Encryption/decryption paused, encryption percentage Fully decrypted Protection status Protection On: Fully encrypted and key protectors enabled Protection Off Lock status Unlocked: Encrypted data is accessible Locked: Needs recovery to access data

BitLocker Key Protectors Key 256 Bit TPM TPM And Startup Key TPM And PIN (OS volume only) (OS volume only) (OS volume only) Password sequence Key 256 Bit Key 256 Bit Password sequence Key 256 Bit External Key Numerical Password PIN

Available Management Features BitLocker management features Control Panel integration BitLocker setup and key management wizards Scriptable WMI provider interface Command-line tool: manage-bde.wsf TPM management features Microsoft Management Console (MMC) snap-in TPM initialization and management wizards BIOS integration for physical presence Scriptable WMI provider interface Remote management functionality Sample scripting solutions

Managing Keys Control panel options Duplicate the recovery password Duplicate the recovery key Duplicate the recovery key to a folder Duplicate the startup key Reset the PIN Command-line and scripting options All control panel options List, add, remove any key protectors, including recovery passwords and recovery keys

Managing Data Volumes Turning on automatic unlocking in Windows Server Longhorn First turn on BitLocker protection for the OS volume Create an external key on the data volume Enable autounlock to save a key onto the current OS volume Start encryption before or after enabling automatic unlocking Managing automatic unlocking in Windows Server Longhorn Determine autounlock status Disable autounlock Clear autounlock keys before decrypting the BitLocker-protected OS volume Other data volume management tasks (Windows Vista and Windows Server Longhorn) Unlocking a BitLocker-protected volume Lock a BitLocker-protected volume Turn off BitLocker protection on a volume

BitLocker And TPM Group Policy BitLocker Group Policy configurations Turn on BitLocker backup to Active Directory Domain Services Configure setup wizard experience (Default is display all available startup and recovery options) Configure disk encryption method (Default is AES 128 bit with Diffuser) Configure TPM platform validation profile (Default is PCR 0, 2, 4, 5, 8-11) TPM Group Policy configurations Turn on TPM backup to Active Directory Domain Services Configure the blocked TPM commands (Default list of blocked commands include TPM PCR Reset, TPM Extend, and TPM Quote)

Enterprise Backup BitLocker setup can automatically back up recovery password to Active Directory BitLocker setup will not continue if backup step fails Can also back up BitLocker key package for specialized recovery (coming in Windows Vista RC1) TPM ownership step can automatically back up TPM owner password hash to Active Directory Active Directory requirements Windows Server 2003 SP1, R2, or Windows Server Longhorn Schema extension for storing recovery information Configure access control permissions to write to AD Configure Group Policy settings

Enterprise Recovery Self-recovery with USB recovery key or known recovery password Help desk-assisted recovery to retrieve stored passwords from Active Directory BitLocker recovery screen displays computer name and password ID that can unlock disk access Help desk verifies user identity, even over the phone for in-the-field recovery Given a computer name, find the recovery passwords for all disk volumes Given a Password ID, find the recovery password that can unlock the volume

Enterprise Deployment Enterprises will integrate BitLocker deployment steps into existing OS and software distribution infrastructure Enterprises will evaluate hardware manufacturers using Windows Logo Program requirements BitLocker feature requirements BitLocker best practice recommendations Enterprise security policies Enterprise deployment requirements

BitLocker Server Requirements Trusted Platform Module (TPM) v1.2 Provides platform integrity measurement and reporting TPM 1.2 Spec: https://www.trustedcomputinggroup.org/specs/TPM/ Requires platform support for TPM 1.2 Interface Specification (TIS) Memory Mapped I/O, Locality 0 https://www.trustedcomputinggroup.org/specs/PCClient/ Firmware – TCG compliant Conventional BIOS or EFI Establishes chain of trust for pre-OS boot Must support TCG Static Root Trust Measurement (SRTM) Conventional BIOS TCG PC Client Specification: https://www.trustedcomputinggroup.org/specs/PCClient/ EFI TCG ACPI Specification TCG EFI Interface Specification TCG EFI Protocol Specification https://www.trustedcomputinggroup.org/specs/server Firmware support for reading USB flash drives during boot Disk must have at least two NTFS partitions See Windows Server Longhorn Logo guide for details http://www.microsoft.com/whdc/winlogo/default.mspx

Branch Office Challenges Met Theft of server and/or its hard drives OS Volume (including the pagefile and the OS) and data volumes are completely protected by BitLocker Re-provision or decommission of server or its hard drives Volume encryption keys can be destroyed via WMI provider method call. Multiple hours for reclamation turned into seconds and data is gone! Data theft via disk cloning by maintenance and outsourcing technicians Volume encryption keys are not released to the thief without an authenticated boot. Disk cloning will only copy encrypted data. Secure deployment of a fully configured machine shipped to remote location Image created at main office is secured with PIN. Authorized personnel at branch office call in to get PIN and unlock the image. Data-at-rest on Branch Office Servers is protected!

Value-Add Opportunities Solutions to lower enterprise deployment costs Remove manual steps to ready the TPM for BitLocker enterprise deployment An interactive “physical presence” assertion guards against malicious software turning on the TPM, but zero-touch deployment is possible after the TPM is on Factory pre-configurations that ease BitLocker setup Other value-add BIOS features or management tools End-to-end enterprise solutions on clients and servers Help enterprises achieve regulatory compliance – e.g., Sarbanes-Oxley, Health Insurance Portability and Accountability Act (HIPAA) Key management, recovery and escrow services

Call To Action Build server platforms with BitLocker support Trusted Platform Module (TPM) v1.2 Requires platform support of TPM 1.2 Interface Specification (TIS) System firmware support Conventional BIOS or EFI USB flash drive functionality at boot BitLocker uses USB drives as startup and recovery tokens Disk must have at least two NTFS partitions The system volume must have at least 1.5 GB for MBR, loader, boot and setup files. Work with us to test your reference designs E-mail: bdeinfo @ microsoft.com for more information

Additional Resources Web resources BitLocker information http://www.microsoft.com/technet/windowsvista/security/bitlockr.mspx BitLocker technical papers and specs http://www.microsoft.com/whdc/system/platform/hwsecurity/default.mspx Windows Logo program testing http://www.microsoft.com/whdc/GetStart/testing.mspx TCG http://www.trustedcomputinggroup.org Related sessions BitLocker Drive Encryption: Hardware Enhanced Data Protection (CPA064) Windows Vista and Windows Server Longhorn Security Platform Enhancements (CPA127) BitLocker questions bdeinfo @ microsoft.com

Question And Answer Thank You! Please fill out an evaluation form

2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.