Laptop Data Protection

December 17, 2008 Agenda

Scope of the problem Data encryption toolkit Laptop threats discussion

Page 2 | microsoft.com/technet/SolutionAccelerators Mental Health Laptop Stolen With 22,000 Clinic Loses Patients' Data Laptop Bearing Patient Data

Hospital Chain Stolen government laptop Loses Patient held patient data Records of Data 2,500 taking part in a medical study Stolen Laptop went missing last month Contains Unsecured Data on 365,000 Up to 3,000 patients' data stolen Patients The details of up to 3,000 NHS patients could have NHS laptop with been on a computer stolen 5,123 patient from a doctors' surgery. records stolen “Workers will average nearly 40% of their time away from the desk – a factor that will massively play into mobilizing millions of corporate inboxes this year.”

Strategy Analytics, “Mobile business Application Outlook”, January 2006

“In 2006 we estimate the number of mobile professionals (defined as spending at least 20% of their time away…) will grow to roughly two thirds of workers.”

Strategy Analytics, “Mobile Business Application Outlook”, January 2006

“The worldwide mobile worker population is set to increase to 878.2 million in 2009, accounting for 27.3% of the workforce.” Strategy Analytics, “Mobile business Application Outlook”, January 2006

Page 4 | microsoft.com/technet/SolutionAccelerators Microsoft Vision: “When a customer loses a laptop, they only lose a laptop.”

And so.. The Laptop Data Protection Solution Accelerator was born The goal of the guide is to help customers secure the data on their mobile (and desktop) computers http://technet.microsoft.com/en-us/library/cc500474.aspx

Trustworthy Computing:

“The security of our customers' computers and networks is a top priority, and we are committed to building software and services to better help protect our customers and the industry.” Microsoft

The threats discussed in this presentation are not secrets Our customers‟ adversaries are aware of these attack vectors Our customers need this information too, so that they may make informed decisions about the level of data protection that they need Online attacks With BitLocker, data is protected when the system is shutdown (protecting against offline attacks) When the system is started, the keys are loaded and available in memory Same thing if the system is in sleep mode (S3 standby) Goal: Get the keys from memory Online attacks.. Warm Ghosting Attacker boots system Attacker warm reboots into OS which avoids destruction of RAM image Attacker then can access ghost secrets in Memory Cold Ghosting / Iceman attack Physical memory cells may retain charge long enough to be copied Battery backed DIMMs make it easy! Recent research made headlines but nothing “really” new… http://citp.princeton.edu.nyud.net/pub/coldboot.pdf Online Attacks.. Direct memory access via physical interfaces PCI bus Exploit with PC Card & DMA (David Hulton, ShmooCon 2006) Firewire / IEEE 1394 (allows physical access to host memory) Firewire Attack Adam Boileau, RuxCon 2006 Full Memory Dump via Firewire interface Leads to dump analysis to find the Bitlocker keys

Firewire

Linux Target Vista, online Threats against the TCB

Core Root of Trust for Measurement (CRTM) is intended to be „immutable‟ portion of BIOS Attacking the CRTM Execute chosen-code in CRTM Control / prevent measurements Physically remove it Attack existing CRTM (e.g. buffer overrun) Attack secure update-mechanism to inject unauthorized code into CRTM

Page 12 | microsoft.com/technet/SolutionAccelerators Premeditated Attacks

Attacker hobbles BitLocker protection prior to laptop loss or theft There are many advance-strikes BitLocker does not protect against boot rootkits that are BitLocker-aware

Page 13 | microsoft.com/technet/SolutionAccelerators Bitlocker: Key Protection mechanisms Advanced modes

Dongle Only e TPM Only

s “What you TPM + PIN “What it is.” TPM + U “What you have.” Dongle f Protects o Protects know.” “Two what I TPM + PIN + against: SW- e against: All HW Protects have’s.” Dongle s only attacks attacks against: Many “Two what I a Vulnerable to: Protects

E Vulnerable to: HW attacks have’s, One I HW attacks against: Losing dongle Vulnerable to: Many HW know.” Pre-OS attacks TPM breaking attacks attacks Vulnerable to: Vista SP1, HW attacks Server 2008 only

Security Vista SP1\2008 Mitigations: Use bitlocker advanced modes with hibernation - Group policy for hibernate Ensure BIOS meets bitlocker standards Disable 1394 and PCI host controllers • http://blogs.msdn.com/si_team/archive/2008/02/25/ protecting-bitLocker-from-cold-attacks-and-other- threats.aspx Require smartcards for logon or use strong passwords Use EFS + smartcard to protect user data • After “x” bad tries, Smart Card locked FOREVER Defence in depth:

EFS: Mitigates offline attacks except against user account Prevents online attacks (on encrypted files) Threats switch to user‟s password

BitLocker with advanced modes Prevents offline attacks (replace passwords, read hashes) Threats switch to user logons

Ideal: BitLocker (+USB+Pin)+ EFS with Smart Card Attacker with notebook + Smart Card needs PIN After “x” bad tries, Smart Card locked FOREVER

Pre-Vista SP1\2008: SYSKEY in mode 2 or 3 (can be used on XP\2000 etc)  Key stored in your head (mode 2)  Key stored on a floppy (mode 3)  Protects password hashes with 128 bit symmetric encryption  Either mode prevents „Nordahl‟ boot-disk attacks  Also prevents the DS Restore mode style attacks Threat – Attacks on Passwords Password guessing:  Any services that exposes authentication protocols are at risk for password guessing attacks  NetBIOS, SMB, RDP, IIS, FTP etc.

Online attacks: Dumping password hashes from LSASS while the operating system is running • Pwdump*.exe, L0phtCrack 5, GSecDump • http://truesecurity.se/blogs/murray/default.aspx Must have admin access for this to work Threats against Passwords

Man In the Middle Attacks Sniffing shared-secret authentication exchanges based on a users password between client / server (LM, NTLMv2, Kerberos) • Tools available for LM/NTLM and Kerberos v5: ScoopLM BeatLM /Kerbcrack/ LC5 Threats against Passwords

Mitigations Make your hashes immune to reversing in any reasonable amount of time. Use 10 (or 15) character or stronger complex passwords • Or better yet pass-phrases! • NT based operating systems support 128 character pass-phrases • Use two factor authentication Change them every 90 days or less. Minimum time before password can be changed 1 day Number of previous passwords remembered: at least 24 Run in least privilege Shutdown un-needed services (Server service, FTP service etc.)