Attacking the BitLocker Boot Process
Thursday, February 11, 2010
TPM and BitLocker are interesting targets for security experts. Tarnovsky has recently reverse engineered a Trusted Platform Module (TPM) chip from from Infineon. Five researchers from German Fraunhofer Institute have explored attacks on BitLocker when using TPM to seal the data.
The paper is interesting even if you are not familiar with TPM. The team targets the boot loader and especially the recovery strategy. If you illegaly modify the environment of the machine, the TPM will detect it but the sealing data for BitLocker will not be accurate anymore. Thus, Bitlocker uses a recovery mechanism independent from the TPM. The idea is to trick the user in this mode. They suggest five attacks: create a false plausible recovery situtation, spoof the recovery message, Spoof then hide, replace the computer by a “‘phishing” computer, and preemptive modification (i.e. modify the computer before activating BitLocker. The two last attacks are less plausible. All attacks require physical access to teh target.
Lesson: The attacks target the operating mode and process and not the technology itself. Therefore, they are clever.
Recovery systems are always BACKDOORS in a system!!
The paper is available at here.