Security Concerns
According to Microsoft sources, BitLocker does not contain an intentionally built-in backdoor; there is no way for law enforcement to have a guaranteed passage to the data on the user's drives that is provided by Microsoft. The lack of any backdoor has been a concern to the UK Home Office, which tried entering into talks with Microsoft to get one introduced, although Microsoft developer Niels Ferguson and other Microsoft spokesmen state that they will not grant the wish to have one added. Although the AES encryption algorithm used in BitLocker is in the public domain, its implementation in BitLocker, as well as other components of the software, are closed source; however, the code is available for scrutiny by Microsoft partners and enterprises, subject to a non-disclosure agreement.
The "Transparent operation mode" and "User authentication mode" of BitLocker use the TPM hardware to detect if there are unauthorized changes to the pre-boot environment, including the BIOS and MBR. If any unauthorized changes are detected, BitLocker requests a recovery key on a USB device. This cryptographic secret is used to decrypt the Volume Master Key (VMK) and allow the bootup process to continue.
Nevertheless, in February 2008, a group of security researchers published details of a so-called "cold boot attack" that allows full disk encryption systems such as BitLocker to be compromised by booting the machine off removable media, such as a USB drive, into another operating system, then dumping the contents of pre-boot memory. The attack relies on the fact that DRAM retains information for up to several minutes (or even longer if cooled) after power has been removed. Use of a TPM alone does not offer any protection, as the keys are held in memory while Windows is running, although two-factor authentication, i.e. using TPM together with a PIN, offers better protection for machines that are not powered on when physical access to them is obtained. Similar full disk encryption mechanisms of other vendors and other operating systems, including Linux and Mac OS X, are vulnerable to the same attack. The authors recommend that computers be powered down when not in physical control of the owner (rather than be left in a "sleep" state) and that the encryption software be configured to require a password to boot the machine.
Once a BitLocker-protected machine is running, its keys are stored in memory where they may be susceptible to attack by a process that is able to access physical memory, for example, through a 1394 DMA channel. Any cryptographic material in memory is at risk from this attack, which therefore, is not specific to BitLocker.
Read more about this topic: Bit Locker Drive Encryption
Famous quotes containing the words security and/or concerns:
“...I lost myself in my work and never felt that marriage would give me the security I wanted. I thought that through the trade union movement we working women could get better conditions and security of mind.”
—Mary Anderson (18721964)
“History in the making is a very uncertain thing. It might be better to wait till the South American republic has got through with its twenty-fifth revolution before reading much about it. When it is over, some one whose business it is, will be sure to give you in a digested form all that it concerns you to know, and save you trouble, confusion, and time. If you will follow this plan, you will be surprised to find how new and fresh your interest in what you read will become.”
—Anna C. Brackett (18361911)