Problems inherent to Vista's complex security
Vista's security poses the risk of significant data loss
At last week's COSAC conference in Ireland, the well-known Inforenz/Detica security specialist Vince Gallo raised serious practical concerns regarding the security inherent to the Vista operating system. This report is based on his presentation.
Vista's security is based on trusted computing, a concept consisting of a trusted operating system running on a trusted platform. Trust in the platform is here based on the Trusted Computing Group's Trusted Platform Module, TPM, a chip integrated into the motherboard of the trusted platform, i.e. your PC, and used to manage and store cryptographic keys as well as to perform cryptographic operations. TCG's specifications also include the Extensible Firmware Interface (EFI), a system used to include security functions into the firmware of the platform.
Among trusted OSes on this platform you find Vista from Microsoft (previously, Paladium and Longhorn), plus the European Multilaterally Secure Computing Base (EMSCB) and Open Trusted Computing (OpenTC) in the Linux/Unix sphere. Longhorn was originally announced alongside Intel's LaGrande, a project with the aim of delivering compartmentalised workstations (and it can, though not in connection with Vista, which is too complex for that purpose).
Vista is based on
- EFS, an encrypted file system. This can be set up in different ways to provide partial or full disk encryption
- Secure Startup, featuring full volume encryption and (almost) fully encrypted startup information
- TPM, the Trusted Platform Module.
EFS allows encryption of individual files and directories with individual unique keys and can be set up to protect system and swap files. It is intended to make the encrypted information accessible to a defined number of users plus, if chosen, a recovery agent. Keys are stored in the TPM and tied to the particular computer on which they were generated. It is worth noting that if files are simply backed up they remain encrypted, and can consequently only be read on the original computer from which they came, using the original user's credentials. To accommodate these functions the CryptoAPI has been extended quite considerably.
This system is very secure. It can be set up to use a selection of strong algorithms like DESX, 3-DES or AES. So, forget recovery by brute force. The system includes PKC key protection, which is also attack-proof. There is potentially password entry to private keys, leaving the usual entry route open. However, LanManager mode is off by default in Vista, although it can be switched on to permit backward compatibility.
The startup process ensures boot integrity because it is resilient to offline software attacks and because it locks the machine and stops the boot process if tampered with. This works because all data in the Windows volume is encrypted (including system, hibernation, page and temporary files). As an aside, this obviously goes a long way towards solving the serious issue of equipment recycling. Without possession of suitable credentials there is no way into existing data left on a hard drive.
The way the process works is to use the tamper resistant cryptographic processor in the TPM in connection with a PC unique stored key pair (formed when the system is first initiated). The TPM is activated from a clear text sector on the boot drive and starts by generating a hash across the initial bootstrapper. Only if this is correct will control be given to firmware code, thus establishing a core root of trust. Building on this, the boot process goes through several secure steps, establishing a kernel and finally a full DOS providing disk access.
So, this process builds on a BIOS hash, a kernel hash and finally a driver hash. If anything fails to add up, the process stops and the computer is locked. In reality the whole key generation and access process is fairly complex and outside the scope of this article.
A consequence of this technology is that the significance of the quality of the motherboard supplier you select is vastly greater than before. The basis of trust in your systems, including cryptographic services, is now in the hands of your motherboard supplier. Can you really be sure they are not located in a country with which you do not particularly care to share all your secrets...?
The root of the cryptography on the PC is a Storage Master Key (SMK) held only in the TPM. The system allows for any number of application master keys (AMKs), each encrypted using the SMK. These can be bound to the PC configuration and, if so desired, PIN protected. Similarly protected application data keys can then be generated, encrypted by AMKs. So, typically, applications will (or may) be using keys bound to the PC (or in case of DRM systems, the accredited PC), the user and the operating system.
So, to summarise, a Vista system will typically contain and operate with some or all of the following key types:
- secure startup volume keys
- EFS user keys
- application specific keys
and/or the following types of potentially encrypted data:
- whole local volume
- local and remote volumes and directories
- local or remote files or records.