As you (hopefully) know, Windows Vista ships with a component we call Bitlocker – at least some of the Windows Vista versions do. Now, Bitlocker can be run with different way of protecting your keys: a TPM chip (basically a smartcard on your motherboard), a normal USB-stick, the TPM chip with a password and the TPM chip with a USB-stick. If we look into these options, we have certain advantages and dis-advantages:
- TPM chip: First and fore most, you need a TPM v 1.2. For example, my notebook only runs TPM 1.1, which means, even though I have a TPM chip it is useless for Bitlocker. From the risk perspective, if I protect my keys with the TPM, one can boot (if they have my machine) and my secrets are protected by my login credentials “only”. What they cannot do is booting from another OS and then mounting the disk.
- USB-stick: at the first glimpse, these seems pretty attractive: You can basically more or less use any USB-stick and the computer will not boot up without the USB-stick attached to it. Cool, isn’t it? The attacker would need the notebook and the USB-.stick. But let’s be honest here: I used this setup over a few months and my USB-stick is in the same bag as the notebook because I am lazzy….. So, if you get my bag, you won.
- TPM and PIN: There you cannot boot until you enter the PIN. This is one of the solutions I think should be looked into as it prohibits anybody to get further than the BIOS load with this disk.
- TPM and USB stick: See above. Does not make it any better if you look at the combination of the two paragraphs.
So, out of the box, I would try to use the TPM with PIN or (if you happen not to have a TPM 1.2) use the USB-solution and try to educate the users (ever tried to do that????)
Now, I used a kind of am additional option: I am using Bitlocker with a USB-stick but I am using a USB-stick that is protected with my fingerprint. This is a pretty smart device as the fingerprint-reader is part of the USB-stick meaning that the notebook does not even see the USB-stick until I am authenticated with one of my fingerprints. If you have this, the following scenario works:
- I attach my USB.stick to my notebook
- I boot it up
- As the computer close to immediately needs access to the USB-stick and does not find any (as I am not yet authenticated to it), it runs into the Bitlocker recovery screen
- I am unlocking my USB-stick with my fingerprint
- I am pressing “Esc” to reboot my machine
- the Machine boots
I know that the point withthe recovery screen is not too nice but this is the only way it works. Beforehand, there is no power on the USB port and therefore the stick cannot be unlocked and then it takes only a fraction of a second until Bitlocker sees that it has no USB stick attached and this is simply not enough time for the USB stick to recognize that I have my finger on the stick. With this limitation, I think that this is a really nice setup. If you now get hold of my notebook bag, you even have the USB stick but not my finger (I hope). You will therefore not have access to my disk nor boot my machine.
Cool, isn’t it?