FACTOID # 24: Looking for table makers? Head to Mississippi, with an overwhlemingly large number of employees in furniture manufacturing.
 
 Home   Encyclopedia   Statistics   States A-Z   Flags   Maps   FAQ   About 
 
WHAT'S NEW
 

SEARCH ALL

FACTS & STATISTICS    Advanced view

Search encyclopedia, statistics and forums:

 

 

(* = Graphable)

 

 


Encyclopedia > BitLocker Drive Encryption

BitLocker Drive Encryption is a data protection feature integrated into Microsoft's Windows Vista operating system that provides encryption for the entire OS volume. BitLocker is included in the Enterprise and Ultimate editions of Vista.[1] By default it uses the AES encryption algorithm in CBC mode with a 128 bit key, combined with the Elephant diffuser for additional security. Microsoft is one of few companies engaging itself in the console wars Where they are up against sony, nintendo, and of course sharps new console which may cause a threat. ... Windows Vista is the latest release of Microsoft Windows, a line of graphical operating systems used on personal computers, including home and business desktops, notebook computers, Tablet PCs, and media centers. ... An operating system (OS) is a computer program that manages the hardware and software resources of a computer. ... This article is about algorithms for encryption and decryption. ... Introduction and Definition In the context of computer operating systems, volume is the term used to describe a single accessible storage area with a single filesystem, typically (though not necessarily) resident on a single partition of a hard disk. ... In cryptography, the Advanced Encryption Standard (AES), also known as Rijndael, is a block cipher adopted as an encryption standard by the U.S. government. ... In cryptography, a block cipher operates on blocks of fixed length, often 64 or 128 bits. ...

Contents

Overview

BitLocker provides three modes of operation.[2] The first two modes require a cryptographic hardware chip called a Trusted Platform Module (version 1.2 or later) and a compatible BIOS: In computing, Trusted Platform Module (TPM) is both the name of a published specification detailing a microcontroller that can store secured information, as well as the general name of implementations of that specification. ... BIOS, in computing, stands for Basic Input/Output System also incorrectly known as Basic Integrated Operating System. ...

  • Transparent operation mode: This mode leverages the capabilities of the TPM 1.2 hardware to provide for a transparent user experience – the user logs onto Windows Vista as normal. The key used for the disk encryption is sealed (encrypted) by the TPM chip and will only be released to the OS loader code if the early boot files appear to be unmodified. The pre-OS components of BitLocker achieve this by implementing a Static Root of Trust Measurement – a methodology specified by the Trusted Computing Group.
  • User authentication mode: This mode requires that the user provide some authentication to the pre-boot environment in order to be able to boot the OS. Two authentication modes are supported – a pre-boot PIN entered by the user or a USB device inserted that contains the required startup key.

The final mode does not require a TPM chip: TCG logo The Trusted Computing Group (TCG), successor to the Trusted Computing Platform Alliance (TCPA), is an initiative led by AMD, Hewlett-Packard, IBM, Infineon, Intel, Lenovo, Microsoft, and Sun Microsystems to implement trusted computing. ... Universal Serial Bus (USB) is a serial bus standard to interface devices. ...

  • USB-Key: The user must insert a USB device that contains a startup key into the computer to be able to boot the protected OS. Note that this mode requires that the BIOS on the protected machine supports the reading of USB devices in the pre-OS environment.

In order for BitLocker to operate, the hard disk requires at least two NTFS-formatted volumes: a "system volume" with a minimum size of 1.5GB, and the "boot volume" which contains Windows Vista. Note: The system volume BitLocker is installed on is not encrypted, so it should not be used to store confidential information. Unlike previous versions of Windows, Vista's diskpart command-line tool includes the ability to shrink the size of an NTFS volume so that the system volume for BitLocker can be created. NTFS or New Technology File System is the standard file system of Windows NT and its descendants: Windows 2000, Windows XP, Windows Server 2003 and Windows Vista. ... It has been suggested that this article or section be merged into Booting. ... It has been suggested that this article or section be merged into Booting. ...


On client versions of Vista, only the operating system volume can be encrypted with BitLocker. Encrypting File System continues to be the recommended solution for real-time encryption of data on an NTFS partition. Encrypting File System support is also highly recommended in addition to BitLocker since BitLocker protection effectively ends once the OS kernel has been loaded. Both can be seen as protections against different classes of attacks. The EFS or Encrypting File System is a file system available in Microsofts Windows 2000, Windows XP,Windows Server 2003, and now Windows Media Center 2005 operating systems. ...


At WinHEC 2006, Microsoft demonstrated "Longhorn" (now Vista) Server which contained support for BitLocker protected data volumes in addition to the operating system volume protection. The Windows Hardware Engineering Conference (WinHEC) is the annual conference where Microsoft sets out its hardware plans for Microsoft Windows-compatible PCs. ... For the Manfred Mann album, see 2006 (album). ...


In domain environments, BitLocker supports key escrow to Active Directory, as well as a WMI interface for remote administration of the feature. An example of how to use the WMI interface is the script manage-bde.wsf (installed in Vista by default in %WindirSystem32), that can be used to setup and manage BitLocker from the command line. Typically Active Directory is managed using the graphical Microsoft Management Console. ... This article or section is not written in the formal tone expected of an encyclopedia article. ...


According to Microsoft sources, [3] BitLocker does not contain a backdoor; there is no way for law enforcement to have a guaranteed passage to the data on the users drives. This has been one of the main concerns among power-users since the announcement of built-in encryption in Vista.


It should be noted that contrary to the official name, BitLocker Drive Encryption is logical volume encryption. A volume may or may not be an entire drive, or can be one or more drives. Using built-in command-line tools, BitLocker can be used to encrypt more than just the boot volume, but additional volumes cannot be encrypted using the GUI. Future Windows versions (e.g. Longhorn server) are expected to support additional volume encryption using the GUI. Also, when enabled TPM/Bitlocker also ensures the integrity of the trusted boot path (e.g. BIOS, boot sector, etc.), in order to prevent offline physical attacks, boot sector malware, etc.


Criticism

When backing up a Bitlocker encrypted drive, the backup volume itself is not encrypted; the Windows Vista backup program will warn the user to this fact prior to the backup. If the user proceeds with the backup, the resulting backup volume is unencrypted and exposes the user to data compromise. If the user chooses not to back-up, a hardware failure of the encrypted drive may result in permanent loss of data.


Questions about whether or not the technology contains backdoors to allow law enforcement access have been denied by Microsoft, but the technology does support a "recovery key" which may allow access beyond what the user expects. [1] A backdoor in a computer system (or cryptosystem or algorithm) is a method of bypassing normal authentication or securing remote access to a computer, while attempting to remain hidden from casual inspection. ...


See also

Disk encryption is a special case of data at rest protection when the storage media is a sector-addressable device (e. ... It has been suggested that OTFE be merged into this article or section. ... To protect confidentiality of the data stored on a computer disk a computer security technique called disk encryption is used. ... Windows Vista (formerly codenamed Windows Longhorn) has many significant new features compared with previous Microsoft Windows versions, covering most aspects of the operating system. ... The following is a list of Microsoft Windows components. ... The forthcoming version of Microsofts Windows operating system, Windows Vista, includes a number of new I/O technologies and enhancements that are intended to shorten the time taken to boot the system, improve the responsiveness of the system, and improve the reliability of data storage. ... FileVault is a system that protects files on a computer. ...

References

  1. ^ BitLocker Drive Encryption: Executive Overview. Microsoft (2006-04-05). Retrieved on 2006-07-01.
  2. ^ Windows Vista Beta 2 BitLocker Drive Encryption Step-by-Step Guide. Microsoft TechNet. Microsoft. Retrieved on 2006-04-29.
  3. ^ Back-door nonsense. System Integrity Team Blog. Microsoft. Retrieved on 2006-06-19.

For the Manfred Mann album, see 2006 (album). ... April 5 is the 95th day of the year in the Gregorian calendar (96th in leap years). ... For the Manfred Mann album, see 2006 (album). ... July 1 is the 182nd day of the year (183rd in leap years) in the Gregorian Calendar, with 183 days remaining. ... For the Manfred Mann album, see 2006 (album). ... April 29 is the 119th day of the year in the Gregorian calendar (120th in leap years). ... For the Manfred Mann album, see 2006 (album). ... June 19 is the 170th day of the year (171st in leap years) in the Gregorian Calendar, with 195 days remaining. ...

External links

  • AES-CBC + Elephant diffuser   Specifications of the encryption algorithm used in BitLocker Drive Encryption

 
 

COMMENTARY     


Share your thoughts, questions and commentary here
Your name
Your comments

Want to know more?
Search encyclopedia, statistics and forums:

 


Press Releases |  Feeds | Contact
The Wikipedia article included on this page is licensed under the GFDL.
Images may be subject to relevant owners' copyright.
All other elements are (c) copyright NationMaster.com 2003-5. All Rights Reserved.
Usage implies agreement with terms, 1022, m