Microsoft BitLocker
There has been a lot of talk the last few weeks about research reports that Microsoft's BitLocker can be circumvented on systems with Trusted Platform Modules. Microsoft recently posted a blog on this topic and noted, "This sort of targeted attack poses a relatively low risk to folks who use BitLocker in the real world. Even with BitLocker's multi-authentication configurations, an attacker could spoof the pre-OS collection of the user's PIN, store this PIN for later retrieval, and then reboot into the authentic collection of the user's PIN. The attacker would then be required to gain physical access to the laptop for a second time in order to retrieve the user's PIN and complete the attack scheme. "
http://www.trustedcomputinggroup.org/solutions/authentication.
Microsoft goes on to say, "We recognize users want advice with regards to BitLocker and have published best practice guidance in The Data Encryption Toolkit for Mobile PCs. In the toolkit, we discuss the balance of security and usability and detail that the most secure method to use BitLocker in hibernate mode and a TPM+PIN configuration. Using this method, a machine that is powered off or hibernated will protect users from the ability to extract a physical memory image of the computer."
We urge users and IT administrators with BitLocker and TPMs to review this post and follow published best practices for BitLocker with TPM to thwart attacks.
For more information on protecting data at rest, please visit http://www.trustedcomputinggroup.org/solutions/data_protection. For more information on the TPM, go tohttp://www.trustedcomputinggroup.org/solutions/authentication.
Categories: Data Protection