Welcome to Vista Banter. You are currently viewing our boards as a guest which gives you limited access to view most discussions, articles and access our other FREE features. By joining our free community you will have access to ask questions and reply to others posts, upload your own photos and access many other special features. Registration is fast, simple and absolutely free so please, join our community today! If you have any problems with the registration process or your account login, please contact contact support. |
|
Security and Windows Vista A forum for discussion on security issues with Windows Vista. (microsoft.public.windows.vista.security) |
|
LinkBack | Thread Tools | Display Modes |
|
|||
BitLocker: How does Diffuser work?
Hi Jamie,
Has the paper you mention below providing details of Diffuser and the overall encryption algorithm available yet? If not, a question: Can you describe a bit more about how a 256-bit AES key is used to "mix up the bits" (all 512 bytes) of an *entire* sector, when the key itself is only 32 bytes long? Thanks! "Jamie Hunter [MS]" wrote: Tavis, you keep firing good questions at me The FVEK (Full Volume Encryption Key) contains 2 keys, one for the AES algorithm, and one for the Diffuser algorithm. This ensures the diffuser cannot weaken AES (a shared key would be an architecture concern). The diffuser is applied to an entire sector before encryption and can be described as "mixing the bits of the sector prior to encryption". The IV (initial vector) for both algorithms is derived from the sector number to ensure that sectors cannot be swapped. Consider this in reverse, a single bit change will result in a moderate change c/o CBC, however this change gets diffused throughout all the bits of the sector resulting in an entire sector change. This mitigates creative attacks where someone would try to introduce a minor change into some code or data to change OS behavior in a desirable way. A paper giving the details of the Diffuser (and other low level details) is forthcoming, before RTM. - Jamie Hunter [MS] "tavis" wrote in message ... How does the diffuser work under BitLocker encryption? Is the diffuser applied to each block of cyphertext within a sector, or is it somehow applied across several blocks concurrently or across the entire sector at once, some how? I'm assuming that for an AES-256 bit key, BitLocker encrypts the entire 512-byte sector using 32-byte blocks of data. The Cypher Block Chaining (CBC), XOR's the cyphertext output of the previous block with the plaintext of the current block. How is diffusion applied, and how is the diffuser generated? Some nice references on good ol' wikipedia: http://en.wikipedia.org/wiki/Confusion_and_diffusion http://en.wikipedia.org/wiki/Block_c...s_of_operation Thanks! |
|
|||
BitLocker: How does Diffuser work?
Hi Tavis, haven't forgotton you!
I'll try and chase this up tomorrow. Niels presented this paper recently, so if it's not downloadable yet, I'll make sure it's downloadable soon. Niels is the crypto expert on the team, I've seen him draw the explaination on the board dozens of times, but I still look in awe Caution, this is the not so crypto expert reply: AES in CBC mode, in encryption behavior has a chain effect where each block effects the previous block (http://en.wikipedia.org/wiki/Block_c...s_of_operation look for CBC, gives a good diagram of this). However when considering an attack that modifies data prior to decryption, and looking at the decrypted data, it is possible to cause only minor changes to earlier CBC blocks whilst causing major changes to other CBC blocks. A good diffuser with no key mixes bits from each CBC block, so that each decrypted block is a mix determined from the entire sector, and on reverse, a slight change in the decrypted result of one CBC block would be distributed among the remaining CBC blocks. An additional key allows the details of the mixing to change from sector to sector and disk to disk. I think of the diffuser as a net spread over the sector, and any modification of the encrypted data in an attempt to effect the decrypted data will cause the net to get tangled. - Jamie Hunter [MS] --- "tavis" wrote in message ... Hi Jamie, Has the paper you mention below providing details of Diffuser and the overall encryption algorithm available yet? If not, a question: Can you describe a bit more about how a 256-bit AES key is used to "mix up the bits" (all 512 bytes) of an *entire* sector, when the key itself is only 32 bytes long? Thanks! "Jamie Hunter [MS]" wrote: Tavis, you keep firing good questions at me The FVEK (Full Volume Encryption Key) contains 2 keys, one for the AES algorithm, and one for the Diffuser algorithm. This ensures the diffuser cannot weaken AES (a shared key would be an architecture concern). The diffuser is applied to an entire sector before encryption and can be described as "mixing the bits of the sector prior to encryption". The IV (initial vector) for both algorithms is derived from the sector number to ensure that sectors cannot be swapped. Consider this in reverse, a single bit change will result in a moderate change c/o CBC, however this change gets diffused throughout all the bits of the sector resulting in an entire sector change. This mitigates creative attacks where someone would try to introduce a minor change into some code or data to change OS behavior in a desirable way. A paper giving the details of the Diffuser (and other low level details) is forthcoming, before RTM. - Jamie Hunter [MS] "tavis" wrote in message ... How does the diffuser work under BitLocker encryption? Is the diffuser applied to each block of cyphertext within a sector, or is it somehow applied across several blocks concurrently or across the entire sector at once, some how? I'm assuming that for an AES-256 bit key, BitLocker encrypts the entire 512-byte sector using 32-byte blocks of data. The Cypher Block Chaining (CBC), XOR's the cyphertext output of the previous block with the plaintext of the current block. How is diffusion applied, and how is the diffuser generated? Some nice references on good ol' wikipedia: http://en.wikipedia.org/wiki/Confusion_and_diffusion http://en.wikipedia.org/wiki/Block_c...s_of_operation Thanks! |