Encryption in Windows Vista not yet

Microsoft has added some security features to the new generation operating system, including Bitlocker. This hard drive encryption technique may play an important role in businesses but there are many limitations, so the market still needs other security solutions.

Bitlocker, formerly known as " Secure Startup - Full Volume Encryption ", gives users the ability to encrypt an entire hard drive, far beyond the encryption of Encrypting File Sytem files in Windows 2000 and XP.

Combined with Trusted Platform Module (TPM) technology, this function helps users to prevent computers containing important or stolen information and to avoid unauthorized access. The method derives from the Palladium security technique, later renamed by Microsoft to the Next Generation Secure Computing Base.

Principle of operation

Bitlocker is included in " Enterprise ", " Ultimate " and " Longhorn " versions of Windows Vista. In order to use the TPM function, the motherboard needs a standard 1.2 security chip from the Trusted Computing Group. The Vista encryption process does not happen automatically, but must be activated by the user.

TPM chips are only needed during computer startup to check system integrity. Bitlocker will use hashing capabilities for TPM programs. By comparing the current hash value with the original value, the program can identify whether the BIOS and file system (loader file) have been modified.

In addition, Microsoft uses TPM chips to ensure certain individuals are allowed access to data. Encrypting hard drive content is done by a key created by Bitlocker and stored in the TPM chip. When users start the computer, the operating system will automatically read this key and allow data access. Therefore, users will not be able to view information if they bring the hard drive to another computer.

This key can also be stored in a USB memory stick. At startup, the operating system will find out if the memory card is attached to the computer. Using this key in combination with personal identification number (PIN) will improve security. Thanks to the "anti-hammering" function of TPM, after each wrong PIN entry, the waiting time between the two entries will double. Thus, people will have to wait many days to be able to do it again after 20 times after.

Expert evaluation

Nobert Pohlmann, professor of Internet Security Institute at the University of Gelsenkirchen (Germany), highly appreciated the decision to directly integrate security techniques such as Bitlocker into Microsoft products. Pohlmann believes that this software will play a very important role in large businesses and security solution providers will lose market share because of Bitlocker.

However, Yankee Group did not approve of this statement. In the report " Vista will not be able to" kill the Windows security market "(Microsoft will stop the Windows Security Aftermarket), Yankee predicts that Bitlocker / Vista will only mitigate the need to use security tools. Other passwords from the third manufacturer.

According to Richard Aufreiter, Director of Utimaco's security products, Bitlocker only replaced "part of the function" compared to Utimaco's Safeguard Easy version. It can encrypt the boot partition of the computer, but does not support other data storage facilities. " Therefore, we will embrace Microsoft software calmly, at least in the early stages ," Aufreiter said.

Phan Ba