Security: Cardspace and Bitlocker

Over the past couple weeks, I've spent a lot time talking about Cardspace and Bitlocker.  In fact, at the Charlotte Code Camp on Saturday, we had some time at the end of the Cardspace talk so we dove into Bitlocker a little. 

I've had some previous comments to my earlier Cardspace entries, and it came up at some of my talks: "Isn't Cardspace just 'yet another' method, like Passport, of handling authentication?" Yes it's another method, but it's much more extensible and flexible (think WS-Security, WS-Trust, WS-MetadataExchage, to name a few).  The biggest problem it solves, in my opinion, is eliminating the possibility of phishing attacks.  And it's not tied to Windows, either. 

As Garrett Serack and others talked about at Mix, it's possible to take an infocard and import it into a Linux digital wallet and use it there, if you wish.  You can download this session at ... search for this session: XBD07 - Enable Windows CardSpace and Information Cards in Your Web Site.

So ... the question usually comes up: How does Cardspace protect me if I walk away from my desktop (without locking it) or the laptop is stolen? 

The answer is: very little.  Sure, you can have a pin on a card, but Cardspace is not trying to solve the physical access problem.  (Besides, if you ask me: if someone walks up to your unlocked desktop, you've got bigger problems than potentially non-pin protected cards.  The old joke internally is to write an emotional e-mail to Bill or Steve, and leave the cursor on the send button.)

For physical security, there's Bitlocker.  Bitlocker will encrypt the entire boot volume.  It requires either a TPM 1.2 (Trusted Platform Module -- installed on the motherboard by the OEM) or, a USB key AND USB capable BIOS.  (The key needs to read before the OS loads, of course, since it's encrypted, so that's why the BIOS needs to be able to read the USB device.  Most PC's support this today.)

It works by looking at the boot configuration and essentially hashing that value into the TPM.  Next time the system boots, if the signature doesn't match, the key is not retrieved so the volume stays encrypted.  This prevents the drive from being taken out and installed into another machine, and also keeps the data encrypted while booting into another OS on the same machine. 

One typical question I've been getting is: What if I want to change some hardware?  Or what if my motherboard is fried?

There's very few hardware changes that would cause the boot signature to change.  Changing the BIOS would be one such scenario, and if you're doing this, you'll need to temporarily disable Bitlocker until completed.  Note that disabling Bitlocker doesn't mean you need to decrypt and then re-encrypt the entire volume -- it just disables the boot-time check while you're updating the system.  Changes to peripherals -- like video cards, network cards, etc., should not affect Bitlocker.

There are also several recovery methods that are possible, and for corporate users, the recommended approach is to store the recovery key in Active Directory.  For some interesting in-depth info on Bitlocker, check out these articles which touch on the Platform Configuration Registers Bitlocker uses:

Comments are closed

My Apps

Dark Skies Astrophotography Journal Vol 1 Explore The Moon
Mars Explorer Moons of Jupiter Messier Object Explorer
Brew Finder Earthquake Explorer Venus Explorer  

My Worldmap

Month List