The primary purpose of BitLocker is to encrypt the hard drive on Vista enterprise and Windows 7, Vista ultimate and Windows 7 or Windows server 2008 and R2. Encryption of hard drives is not allowed for Windows 2000, Windows XP or Windows 2003. Only Vista, Windows 7 and server 2008 has the BitLocker luxury. Moreover, BitLocker is compatible with the portable instances of Windows 8 Enterprise edition. Encryption of drives can be performed with 128 bit or 256 bit. Offline attack is averted through BitLocker. It also protects data if a malicious user boots from an alternating operating system. In one needs to harvest data, when the machine fails, the tool has the functionality to prompt the admin for recovery key. This allows access to hard drive.
Operation:BitLocker is a logical volume encryption system. Volume can be a single hard disk drive or it may have multiple physical drives. After enabling, it ensures integrity of the trusted boot path (boot sector, Bios), in order to avert offline attack. For BitLocker to operate, minimum two NTFS-formatted volumes are necessary. One takes care of the operating system while another one of size 100MB performs the booting operation. Microsoft developed a new tool called BitLocker drive preparation. It facilitates shrinkage of an existing volume on Vista to allow room for a new boot volume. Besides, it allows transfer of bootstrapping files.
Microsoft’s Encryption File System can be used in sync with BitLocker to offer protection once the operating system kernel is running. Protecting files from processes and users within the operating system can be done using encryption software, which operates within Windows. Rogue elements can attack BitLocker and other full disk encryption systems. Once the secret is captured, Volume Master Key can be decrypted.
Three mechanisms can be used as a building block to implement BitLocker encryption
Transparent Operation Mode: It provides transparent user experience. This mode utilizes the capabilities of Trusted Platform Module (TPM) 1.2 hardware. User power up and log into windows naturally. The disk encryption key is sealed by the TPM chip. The key is released to the OS loader code if the early boot flies appears to be unmodified. Despite all the positive features, mode is susceptible to a cold boot attack, since it allows a powered-down machine to be booted by an attacker.
User Authentication Mode: This mode asks user for some authentication to the pre-boot environment in form of a pre-boot pin.
USB Key Mode: User needs to insert a USB device containing a start-up key into the computer to boot the protected OS. However, this mode requires that the BIOS on protected machine supports the reading of USB devices in the pre-OS environment. The USB key may be provided by a CCID device for reading a cryptographic smartcard. Use of CCID offers additional benefits beyond storing the key file on an external USB thumb drive.
Shortcomings: BitLocker is unable to protect computer content while Windows is running. When Vista or Windows 7 is running, unauthorized access could come in ways listed below: