Presentation held at Research Workshop "Challenges for Trusted Computing" im Rahmen der 3rd European Trusted Infrastructure Summer School (ETISS), held in Oxford, 31st August - 5th September 2008
Abstract
We discuss attack scenarios against the TPM-based boot process of BitLocker. Bit Locker is a disk volume encryption feature included in some recent versions of Microsoft Windows. BitLocker is capable of using the TPM to manage all or a portion of its secret encryption keys. Specifically it uses the sealing feature to ensure keys are released only if the platform is in a predefined, trusted state. We present six ways in which an attacker may gain access to secret key material by manipulating the boot process in ways not prevented by the trusted computing technology. We also discuss their causes and contributing factors.
