Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Black Hat TPM Hack and BitLocker

10 Feb 2010   #1
z3r010

 
Black Hat TPM Hack and BitLocker

Quote:
Last week at the Black Hat DC conference a presenter showed how one manufacturer's Trusted Platform Module (TPM) could be physically compromised to gain access to the secrets stored inside. Since that presentation, I have had plenty of questions from customers wanting to know how this might affect Windows. The answer? We believe that using a TPM is still an effective means to help protect sensitive information and accordingly take advantage of a TPM (if available) with our BitLocker Drive Encryption feature in Windows 7.

The attack shown requires physical possession of the PC and requires someone with specialized equipment, intimate knowledge of semiconductor design, and advanced skills. While this attack is certainly interesting, these methods are difficult to duplicate, and as such, pose a very low risk in practice. Furthermore, it is possible to configure BitLocker in a way that mitigates this unlikely attack.

With our design for BitLocker in Windows 7, we took into account the theoretical possibility that a TPM might become compromised due to advanced attacks like this one, or because of poor designs and implementations. The engineering team changed the cryptographic structure for BitLocker when configured to use enhanced pin technology, discussed in the BitLocker Drive Encryption in Windows 7: Frequently Asked Questions. As a result, an attacker must not only be able to retrieve the appropriate secret from the TPM, they must also find the user-configured PIN. If the PIN is sufficiently complex, this poses a hard, if not infeasible, problem to solve in order to obtain the required key to unlock the BitLocker protected disk volume.

BitLocker remains an effective solution to help safeguard personal and private data on mobile computers. For more information on BitLocker best practices, we have published guidance in The Data Encryption Toolkit for Mobile PCs. This toolkit discusses the balance of security and usability and details that the most secure method to use BitLocker in hibernate mode and a TPM+PIN configuration. With the advancements in Windows 7, users that are worries about potential attacks such as this one should also enable the Allow enhanced PINs for startup group policy setting for their environment.


More...


My System SpecsSystem Spec
.

Reply

 Black Hat TPM Hack and BitLocker




Thread Tools





Similar help and support threads
Thread Forum
BitLocker Drive Encryption - BitLocker To Go - Turn On or Off
How to Turn Windows 7 BitLocker To Go On or Off for Removable Drives BitLocker To Go is used to encrypt and password protect any removable external hard drives and USB flash drives. The drives must be formatted using either the exFAT, FAT16, FAT32, or NTFS file system and must be at least...
Tutorials
is this a hack?
hi, i'm not sure that this is the correct section for this topic... if not, please move it to the correct one... Today I played Generals Zero Hour online on my secondary PC... after a player cheated, in the game's chat appeared some strange messages... They were like courses of folders in my...
System Security
BIOS flash error, BITLOCKER on? No bitlocker installed, Win 7 Pro
I tried using HP BIOS Flashing utility on my HP Z400 Workstation, and it says it can't continue because I have Bitlocker enabled, but I don't have bitlocker on Win 7 Professional 32bit. I don't see it on the control panel or in context menus. I do see it set to manual in "Services" but the service...
General Discussion
Bitlocker: BitLocker could not be enabled
I am trying to enable BitLocker on a Windows 7 Ultimate x32 system with TPM. I follow the Wizard and when asked to encrypt the drive I select 'Run BitLocker system check' and 'Continue' (see attached sreenshot). The USB is inserted and contains the recovery key (.txt and .tpm). During reboot I...
System Security
Call Of Duty Black Ops Bearable TEMP FIX. (NO HACK)
Hey people, i have tried this and it makes it bearable. Give it a bash, personally i am going to wait for the patch. http://steamcommunity.com/groups/codbozombies/announcements/detail/990985643783375458
Gaming
Ip Hack
I know alot about the world of I.T apart from security. Can someone hack me easily if they know my I.P?
Network & Sharing

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 05:32.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App