Presentation Title: Pen Testing Windows Vista BitLocker Drive Encryption from the Inside
Presentation Details:

This insider’s candid perspective on the threat analysis and penetration of BitLocker Drive Encryption will be a forthright review of its threats, vulnerabilities, and their mitigations — significant since the talk is in advance of the products release date. The presentation will bring together known device attacks such as DMA exploits with “not-widely-discussed” platform vulnerabilities to show how they affect BitLocker Drive Encryption and device security in general. The presentation will also include the penetration team’s best crack-finding practices, the BitLocker team’s use of Microsoft’s Security Development Lifecycle, threat-modeling, threat-storming, queer views, and other practical tips. Along with DMA exploits, some of the other BitLocker and device attacks to be discussed are: PIN-hammering, key-wear analysis, ciphertext manipulation, physical memory attacks, Trusted Computing Base subversion, LPC bus attacks, and others.

Other threat analysis and penetration insights from the team will include: the poison of conventional wisdom, avoiding paranoia-induced burnout, pros and cons of external security review, security code review best practices, how to avoid analysis paralysis, leveraging dream states, adversary modeling, forensics, and cryptographic validation. The presenter is a member of the penetration team. This presentation will not be a marketing or sales presentation. It will contain a (very) brief overview of BitLocker Drive Encryption, limited to its security elements. For general BitLocker information, please go to www.microsoft.com.

Why this talk rocks

Reason 1: This presentation is an insider’s candid perspective on the threat analysis and penetration of a significant data protection feature in Microsoft Windows Vista. The presenter is a member of the penetration team. This is not a marketing or sales presentation.

Reason 2: This will be a forthright discussion of threats and mitigations — in advance of the products release. The presentation will bring together known device attacks such as DMA exploits with “not-widely-discussed” platform vulnerabilities to show how they affect BitLocker Drive Encryption and device security in general.

Reason 3: Microsoft has staffed a formidable security team and implemented new security engineering processes which are state-of-the-art. Sharing the BitLocker team’s experiences with these processes will help the threat analysis and penetration community.

Detailed Outline:
1. Brief Technical Intro to BitLocker

Trusted Platform Module (TPM)
Pre-OS Architecture
Secure Startup
OS Architecture
Key Architecture
Modes: Usability & TCO vs. Security

2. Attacks against the CRTM and TCB

Core Root of Trust for Measurement (CRTM)
Trusted Computing Base
CRTM Immutability
Pre-OS component Attacks (bootmgr, winload, winresume)
Mitigations: BIOS Secure Upgrade

3. Defining the Threat Domain

Defining the target of evaluation
How the device has become the new attack frontier
Attack / defense asymmetry: Every stone in the castle wall must be checked
Modeling the adversary: profiling and serial criminals
Why we assume adversaries have oracle knowledge of the system

4. DMA Attacks

References David Maynor and David Hulton previous USB and PCCard bus work
Describes how these threats affect BitLocker
Mitigations

5. Ciphertext Manipulation Attacks

Attacks against the CRTM and the security posture of the system
Mitigations

6. Brief Intro to BitLocker Cryptographic Components

AES
AES CCM
Elephant / Diffusion

7. BitLocker Cryptographic Validation

Implementation bugs
Internal review
External review
FIPS

8. Brief Intro to Microsoft’s Security Development Lifecycle

List the 13 stages
Discuss how BitLocker exceeds SDL requirements and why
Tools
What did and didn’t work for the BitLocker team

9. TPM PIN Dictionary Attacks

Description
Mitigations
Related attacks

10. Brief Intro to Threat Modeling at Microsoft

Component Diagrams
Entry Points
Trust Levels
Protected Assets
Threats, STRIDE, DREAD
Data Flow Diagrams
Tools
Threat Trees vs. Threat Graphs
Threat-storming
Queer views
What did and didn’t work for the BitLocker team

11. Why Code Review is Fruitful

Static analysis
1000’s of APIs
100,000’s Lines of Code
Examples of vulnerabilities found and fixed

12. Analysis Paralysis and the Data Flood

Condensing the threats: Top Ten
Threat classes

13. Pentest Tool Development

Manual vs. Automated pentesting
Negative testing vs. pentesting
Dumb and smart fuzzing
Demoing the Exploit: An (expensive) communication medium to management

14. External Security Review:

Pro and cons

15. Physical Memory Attacks

Warm ghost
DIMM Extraction
Burn-in
Mitigations

16. Avoiding Paranoia Burnout

Finding the threat edge
Fear of the unknown
Postcards from Lu-Lu land

17. Forensics

Front doors only
No secret sauce

18. Crack-finding summary

Top ten habits of successful penetrators
Puzzles
Dreaming
The insider threat

19. A short description of the BitLocker penteam

Top ten desirable characteristics of penetrators
Why it pays to have in-team threat analysis and penetration

20. Security work at Microsoft is hot

Microsoft has built a world-class security team.
Our experience, talent, knowledge base, tools, and resources are a formidable asset.
If you want to take part in security that will positively affect millions of people, this is an excellent place to be.

21. BitLocker crack-finding is an on-going effort
The crack-finding work will continue indefinitely

About Douglas

Douglas MacIver joined Microsoft in 2004 as a penetration engineer, hell-bent on helping to build data privacy tools for the citizens of world. He has worked on security projects at Intel, PassEdge, InterTrust, and Microsoft.