Starter for someone who is not familiar with bitlocker

  • Article

This is my first entry for Digging in blog of mine. I thought of giving a brief description of bitlocker as a starter for someone who is not familiar with bitlocker. I will lay down the principle of its working in as simple language as I can. Bitlocker provides protection against offline data capture attacks and also protection of data in case of stolen hard drives whether in laptops or workstations. It provides OS drive encryption as of now. It may or may not use TPM (trusted platform module chip) for providing validation. The basic principle is that you need the treasure and the key of the treasure is stored in another suitcase which is kept in same room were treasure is. Now to get the treasure, you need the key to suitcase. This key is with the guard sitting on beach. So the question is when guard will give you the key so that you can go and unlock the suitcase in treasure room and access treasure. This guard is going to ask you a few questions and authenticate you to make sure you are the right person. He may either ask you a few questions which you have to answer correct or you can give him princess ring to authenticate yourself or you have to provide the secret code that James Bond gave you. Or if guard has some special instructions you may have to provide a combination of princess key, James bond password or manually answering the guard’s questions.

Now let me tell who’s who.

Treasure is the data on the hard drive which you want to access.

Suitcase is the FVE metadata stored on hard drive which contains FVE

Treasure room is your hard drive.

Guard can be assumed as someone who is the source of all the keys just for assumption

Princess ring is the volume master key (key which will unlock FVE key stored in metadata) stored on a usb flash drive

James bond password is analogous to pin (that if configured to put) user has to put before getting access to treasure i.e. data on hard drive

Questions asked by guards is equivalent to hashes stored in a chip known as TPM i.e. answers of those questions are already stored and if you want the key you have to answer those questions with same answers.

Now there are few ways of providing this VMK to FVE metadata either by using tpm and pin or using usb + pin or tpm only or usb only. pin provides additional validation what we call multi factor authentication. In future version we may use combination of all 3 as 3 point authentication.

So this explains that you may use bitlocker without TPM chip too. But then what and why are two questions which come in mind. Why do we need tpm, what is the extra thing it can do? Tpm in addition provides validation of operating system components and code validation along with bios and ROM validation too i.e. they have not been tampered with.

VMK=volume master key

FVE=full volume encryption

TPM= trusted platform module

------------------

This posting is provided "AS IS" with no warranties, and confers no rights.