Chapter 4: BitLocker and EFS Together

  • Article

Published: April 04, 2007

Microsoft® BitLocker™ Drive Encryption (BitLocker) and Encrypting File System (EFS) are two independent technologies that can be combined to provide a very strong overall solution for data security. An encryption solution that uses a combination of BitLocker and EFS benefits from the strong per-computer encryption provided by BitLocker and the per-user encryption provided by EFS.

Choosing a BitLocker and EFS Combination

Many different combinations of BitLocker and EFS could be implemented by an organization. A complete discussion of every possible combination is out of scope for this document, although there are a few common combinations of BitLocker and EFS. This section summarizes some combinations and discusses their risk mitigations. These combinations are:

  • BitLocker with Trusted Platform Module (TPM) and EFS
  • BitLocker with TPM and personal identification number (PIN) and EFS
  • BitLocker with TPM and PIN and EFS with smart cards

BitLocker with TPM and EFS with Software Key Storage

The combination of BitLocker with a TPM and EFS with software key storage provides basic security with minimal overhead and user training requirements.

The most usable solution for organizations that want to combine BitLocker and EFS would be to combine the BitLocker with TPM and EFS (without smart cards) options that were discussed earlier in this guide. The following subsection provides information about the characteristics of such a solution.

Mitigated Risks: BitLocker with TPM and EFS with Software Key Storage

BitLocker and EFS together mitigate the following risks to data:

  • Insider can read encrypted data. A specific advantage of EFS as compared with BitLocker is that the encryption keys are stored in a secure key store that is protected with the user’s credentials. In this configuration, the credential is a password. Therefore, other authorized users of the computer can log on to the computer either interactively or over the network, but will not be able to access confidential files on the computer that another user has protected with EFS unless this user specifically grants them access to the files.
  • Key discovery through offline attack. The volume master key (VMK) is encrypted using a key within the TPM hardware that is combined with a PIN. If the PIN is not known, the attacker would need to mount a brute-force attack to determine the value of the full-volume encryption key (FVEK).
  • Offline attacks against the operating system. Offline attacks against the operating system are mitigated by the fact that an attacker has to either successfully recover the storage root key (SRK) from the TPM and then use it to decrypt the VMK, or conduct a brute-force attack on the FVEK. In addition, BitLocker configured with its diffuser technology (enabled by default) mitigates precisely focused attacks of this nature, because small modifications to ciphertext will propagate over a larger area.
  • Plaintext data leaks through hibernation file. A main goal of BitLocker is to protect data on the operating system volume of the hard disk drive when the computer is turned off or in hibernation mode. When BitLocker is enabled, the hibernation file is encrypted.
  • Plaintext data leaks through system paging file. On Windows Vista, EFS can be configured to encrypt the pagefile using a temporary symmetric key that is generated at boot time but is never written to disk. After the system is shut down this key is discarded, so recovering data from the pagefile would require a brute-force attack to find the symmetric key used to encrypt the pagefile. If BitLocker is also enabled, an attacker would have to defeat BitLocker and successfully complete a brute-force attack on the pagefile key to recover any useful information.
  • User error. Because BitLocker is a full-volume encryption technology, it encrypts all files stored in the Windows Vista operating system volume. This functionality helps prevent mistakes by users who make incorrect decisions about whether or not to apply encryption.

Residual Risks and Mitigations: BitLocker with TPM and EFS with Software Key Storage

BitLocker and EFS together do not mitigate the following risks without additional controls and policy. Details about these risks and their mitigations can be found in the scenario discussions in Chapter 2: BitLocker Drive Encryption and Chapter 3: Encrypting File System in this Security Analysis.

  • Computer left in hibernation. If the user doesn't configure the computer to prompt for a password when the computer resumes, the operating system cannot discern that the current user is not the proper user. If the computer is configured to prompt for user credentials when it resumes from hibernation mode, this risk is mitigated.
  • Computer left in sleep (standby) mode. As with hibernation mode, the state of the laptop computer and BitLocker encryption keys are not changed when the laptop enters sleep mode. When it resumes from sleep mode, the FVEK remains accessible to the computer. This risk can be mitigated by enabling the Prompt for password when computer resumes from sleep setting.
  • Computer left logged on and desktop unlocked. A user who gains access to the desktop of a computer protected with BitLocker and EFS essentially has full access to the computer. This risk can be mitigated by providing security awareness training and considering the use of Group Policy settings to automatically lock the computer after a period of inactivity.
  • Discover local/domain password. EFS keys are decrypted in a sequence that starts with a key that is derived from the user’s password. Therefore, EFS encryption is compromised if the user’s password is compromised.
  • Online attacks against the operating system. Online attacks against the operating system are not mitigated by this option. An attacker who can successfully attack the operating system while it is running can run code of their choosing to recover encrypted data.
  • Platform attacks. Neither BitLocker nor EFS provides complete protection against platform attacks.
  • Required authentication factor left with computer. If the user leaves their logon password with the computer, an attacker can log in and impersonate the user, gaining full access to its resources. This risk can be mitigated by providing security awareness training for users.

BitLocker with TPM and PIN and EFS with Software Key Storage

Adding a PIN requirement to a BitLocker-enabled computer significantly enhances the security of the BitLocker technology at the cost of usability and manageability. In this option, the user is prompted for two passwords to use their computer: one for BitLocker (at boot time) and one for the computer or domain at logon. The two passwords should and probably will be different, because the PIN is restricted to numeric characters entered through the function keys (F0 - F9) and most domain password policies would reject an all-numeric password. In this combination, EFS continues to provide mitigation of some attacks that BitLocker does not mitigate on its own.

Mitigated Risks: BitLocker with TPM and PIN and EFS with Software Key Storage

  • Computer left in hibernation. BitLocker with TPM and PIN mitigates this risk, because the user is prompted to provide the PIN when the laptop resumes from hibernation mode.
  • Discover local/domain password. A major advantage of the BitLocker with TPM and PIN option is that the solution introduces another factor, or credential, that must be provided to boot the computer or resume from hibernation mode. This benefit is significant for those users who are at risk for either social engineering attacks or because they have poor password habits, such as using their Windows password on untrusted computers.
  • Insider can read encrypted data. A specific advantage of EFS as compared with BitLocker is that the encryption keys are stored in a secure key store that is protected with the user’s credentials. In this configuration, the credential is a password. Therefore, other authorized users of the computer can log on to the computer either interactively or over the network, but will not be able to access confidential files on the computer that another user has protected with EFS unless that user specifically grants them access to the files.
  • Key discovery through offline attack. The VMK is encrypted using a key within the TPM hardware that is combined with a PIN. If the PIN is not known, the attacker would need to mount a brute-force attack to determine the value of the FVEK.
  • Offline attacks against the operating system. Offline attacks against the operating system are mitigated by the fact that an attacker has to either successfully recover the SRK from the TPM and then use it to decrypt the VMK, or conduct a brute-force attack on the FVEK. In addition, BitLocker configured with its diffuser technology (enabled by default) mitigates precisely focused attacks of this nature, because small modifications to ciphertext will propagate over a larger area.
  • Plaintext data leaks through hibernation file. A main goal of BitLocker is to protect data on the operating system volume of the hard disk drive when the computer is turned off or in hibernation mode. When BitLocker is enabled, the hibernation file is encrypted.
  • Plaintext data leaks through system paging file. On Windows Vista, EFS can be configured to encrypt the pagefile using a temporary symmetric key that is generated at boot time but is never written to disk. After the system is shut down this key is discarded, so recovering data from the pagefile would require a brute-force attack to find the symmetric key used to encrypt the pagefile. If BitLocker is also enabled, an attacker would have to defeat BitLocker and successfully complete a brute-force attack on the pagefile key to recover any useful information.
  • Required authentication factor left with computer. The PIN is a second non-physical authentication factor that cannot be lost with the computer unless it is written on a piece of paper or left in an obvious location.
  • User error. Because BitLocker is a full-volume encryption technology, it encrypts all files stored in the Windows Vista operating system volume. This functionality helps prevent mistakes by users who make incorrect decisions about whether or not to apply encryption.

Residual Risks and Mitigations: BitLocker with TPM and PIN and EFS with Software Key Storage

BitLocker and EFS together do not mitigate the following risks without additional controls and policy. Details about these risks and their mitigations can be found in the scenario discussions in Chapter 2: BitLocker Drive Encryption and Chapter 3: Encrypting File System of this Security Analysis.

  • Computer left in sleep (standby) mode. The state of the laptop computer and BitLocker encryption keys are not changed when the laptop enters sleep mode. When it resumes from sleep mode, the FVEK remains accessible to the computer. This risk can be mitigated by enabling the Prompt for password when computer resumes from sleep setting.
  • Computer left logged on and desktop unlocked. A user who gains access to the desktop of a computer protected with BitLocker and EFS essentially has full access to the computer. This risk can be mitigated by providing security awareness training and considering the use of Group Policy settings to automatically lock the computer after a period of inactivity.
  • Online attacks against the operating system. Online attacks against the operating system are not mitigated by this option. An attacker who can successfully attack the operating system while it is running can run code of their choosing to recover encrypted data.
  • Platform attacks. Neither BitLocker nor EFS provides complete protection against platform attacks.

BitLocker with TPM and PIN and EFS with Smart Cards (Cached Key Mode)

BitLocker with a TPM and PIN and EFS with smart cards in cached key mode together mitigate almost all of the significant risks described in this guide. However, this combination of technologies requires a substantial investment in smart card infrastructure deployment, so it is most appropriate for organizations that have strong business requirements for this level of security.

Mitigated Risks: BitLocker with TPM and PIN and EFS with Smart Cards

  • Computer left in hibernation. BitLocker with TPM and PIN mitigates this risk, because the user is prompted to provide the PIN when the laptop resumes from hibernation mode.
  • Discover local/domain password. A major advantage of the BitLocker with a TPM and PIN option is that the solution introduces another factor, or credential, that must be provided to boot the computer or resume from hibernation mode. This benefit is significant for those users who are at risk for either social engineering attacks or because they have poor password habits, such as using their Windows password on untrusted computers.
  • Insider can read encrypted data. A specific advantage of EFS as compared with BitLocker is that the encryption keys are stored in a secure key store that is protected with the user’s credentials. In this configuration, the credential is a password. Therefore, other authorized users of the computer can log on to the computer either interactively or over the network, but will not be able to access confidential files on the computer that another user has protected with EFS unless that user specifically grants them access to the files.
  • Key discovery through offline attack. The VMK is encrypted using a key within the TPM hardware that is combined with a PIN. If the PIN is not known, the attacker would need to mount a brute-force attack to determine the value of the FVEK.
  • Offline attacks against the operating system. Offline attacks against the operating system are mitigated by the fact that an attacker has to either successfully recover the SRK from the TPM and then use it to decrypt the VMK, or conduct a brute-force attack on the FVEK. In addition, BitLocker configured with its diffuser technology (enabled by default) mitigates precisely focused attacks of this nature, because small modifications to ciphertext will propagate over a larger area.
  • Plaintext data leaks through hibernation file. A main goal of BitLocker is to protect data on the operating system volume of the hard disk when the computer is turned off or in hibernation mode. When BitLocker is enabled, the hibernation file is encrypted.
  • Plaintext data leaks through system paging file. On Windows Vista, EFS can be configured to encrypt the pagefile using a temporary symmetric key that is generated at boot time but is never written to disk. After the system is shut down this key is discarded, so recovering data from the pagefile would require a brute-force attack to find the symmetric key used to encrypt the pagefile. If BitLocker is also enabled, an attacker would have to defeat BitLocker and successfully complete a brute-force attack on the pagefile key to recover any useful information.
  • Required authentication factor left with computer. The PIN is a second non-physical authentication factor that cannot be lost with the computer unless it is written on a piece of paper or left in an obvious location.
  • User error. Because BitLocker is a full-volume encryption technology, it encrypts all files stored in the Windows Vista operating system volume. This functionality helps prevent mistakes by users who make incorrect decisions about whether or not to apply encryption.

Residual Risks and Mitigations: BitLocker with TPM and PIN and EFS with Smart Cards

  • Computer left in sleep (standby) mode. Neither Bitlocker nor EFS in cached key smart card mode mitigate this risk. An attacker who can gain access to the computer in standby mode can wake the computer and access any data to which that user has rights.
  • Computer left logged on and desktop unlocked. In cached key smart card mode, this risk is not mitigated. An attacker who can gain access to the unlocked desktop can impersonate the legitimate user and access any data to which that user has rights.
  • Online attacks against the operating system. Neither BitLocker nor EFS fully mitigates the risk of an online attack against the operating system. An attacker who can successfully attack the operating system while it is running can run code of their choosing to recover encrypted data. However, EFS with smart cards in uncached key mode provides an effective mitigation against online attacks that attempt to recover cryptographic keys.
  • Platform attacks. In cached mode, a computer configured to use EFS with smart card key storage will maintain the EFS keys in memory, and a platform attack might succeed in recovering them. Bitlocker does not offer protection against platform attacks.

Risk Analysis Summary

The following table lists data risks and indicates whether different combinations of BitLocker with a TPM and PIN and EFS with software key storage mitigate each risk. Risks that are mitigated for specific combinations are marked with the letter Y. Hyphens - indicate risks for which the specific combination provides little or no mitigation.

Table 4.1. Bitlocker and EFS Risk Mitigations

BitLocker and EFS Risk Mitigations

This accelerator is part of a larger series of tools and guidance from Solution Accelerators.
Download

Get the Data Encryption Toolkit for Mobile PCs
Update Notifications

Sign up to learn about updates and new releases
Feedback

Send us your comments or suggestions