Posts Tagged data encryption
A common issue facing businesses and organizations today is a lost or stolen laptop or PC that contains sensitive data. As a result, many companies are starting to move to on-disk encryption to protect their data. Windows Vista and Windows 7 Ultimate and Enterprise editions contain a feature called BitLocker which protects data by encrypting information over entire volumes.
BitLocker is a full disk encryption program that uses the AES encryption algorithm in CBC(Cipher-block chaining) mode with a 128-bit key. BitLocker is only available on Server 2008 and select editions of Windows Vista and Windows 7. There are 3 different authentication modes that can be used as building blocks to implement BitLocker encryption.
Transparent Operation Mode
Transparent Operation Mode uses a key for the disk encryption. It is encrypted by the Trusted Platform Module (TPM) chip and will only be released to the OS loader code if the early boot files appear to be unmodified. By using TPM, a user can only protect against software based attacks but the computer is still vulnerable to hardware based attacks. An example of such attack would be a cold-boot attack where a user doesn’t let the computer shut down completely. This attack relies on data to be in the RAM after power has been removed.