Bitlocker offers a deceptive sense of security

• 26 August 2023
• security,
• bitlocker,
• windows,
• tpm,
• deceptive security

What makes BitLocker less secure? #

BitLocker is a reliable method for encrypting your Windows installation, suitable for both personal and business purposes. Using BitLocker is acceptable and advisable.
Problematic is the default way the Decryption is implemented and configured. By default Bitlocker relies on transporting the Decryption Key for the encrypted partition in cleartext from the TPM to the CPU.

The emergence of a new report on this vulnerability has reminded me of the potential issues raised by this approach. [1]
But this should not come as a surprise, as there was already an article on arstechnica in 2021 covering the same problem. [2]
This implementation presents a vulnerability as it allows for the passive sniffing (no interception / MitM necessary) of traffic between the TPM and CPU, enabling attackers to bypass disk encryption with relative ease using low-cost and relatively simple hardware.

The issue in this case is that, in theory, TPMs enable the use of encrypted sessions that could mitigate passive sniffing attacks, similar to how it is implemented on Linux with LUKS. At the time of writing, Windows/BitLocker does not utilise that feature.[3]

What can be done about this? #

Microsoft already provides clear documentation on BitLocker in their FAQ, recommending the addition of a PIN for the decryption process to begin. [4] This method provides sufficient mitigation with relative ease. [5]

Takeaway - Or why Linux/Luks/ZFS require Pin-Input for the Boot process to begin #

The standard BitLocker implementation can give an inaccurate perception of security.
While it would be possible for Microsoft to upgrade the TPM communication to encrypted traffic, thereby mitigating the vulnerability, a more effective solution would be to require the user to set a pin for the Boot process. Currently, this is the standard for Linux-based systems.

So, if anyone asks why a password is required for encrypted Linux installations to boot while Windows can boot without one, now you know.

Sources #

[1] - Bypassing Bitlocker using a cheap logic analyzer on a Lenovo laptop, Guillaume Quéré
[2] - Trusted platform module security defeated in 30 minutes, no soldering required, DAN GOODIN
[3] - Hacker News, als0
[4] - Prepare an organization for BitLocker: Planning and policies, paolomatarazzo
[5] - Bitlocker – Activate Pre-Boot Bitlocker PIN, Andy

• Previous: Eastereggs in Footnotes - Citing the Unabomber in a Math paper
• Next: Learning - E01 - How to keep learning forever and why self-improvement is important