Remote disk encryption using BitLocker

A little theory about encryption and data obfuscation

Since the beginning of civilization, we have had to deal with encryption/hiding of data. At first, there were signs placed in special places, the meaning of which was known only to selected people. Later, the so-called effect of passing time affecting various objects was used for this. As early as in ancient times, a slave owner could place a message on the shaved head of a slave and leave it hidden from third parties until the hair grew back. The science that deals with the study of such events is steganography.

Steganography (Gr. στεγανός, steganos “hidden, protected” and γράφειν, graphein “to write”) – the science of communicating in such a way that the presence of a message cannot be detected. Unlike cryptography (where the presence of a message is not denied, while its content is secret) steganography attempts to hide the fact of communication. Steganographic techniques are also used to mark digital data. Source: Wikipedia

Steganography is a related field to cryptography, but in the case of cryptography, the goal is not to hide the explicit message, but to encrypt it. This ensures that when a third party finds an encrypted message it will be useless to them, unreadable. In the case of steganography, the message would be read by third parties without the slightest problem. For this, the best way to preserve the confidentiality of the message is to use these two ways simultaneously. Cryptography to encrypt the message, and steganography to hide it.

What is encryption?

It is a cryptographic process that involves encoding data in such a way that a person without the right key cannot read the data. One of the first most popular ciphers was Caesar’s Cipher, which relied on the fact that each letter corresponded to a different letter in the alphabet. For example, Julius Caesar used a rearrangement of letters by three, so that, for example, the letter A was written as C.

Nowadays, we use two types of encryption:

• asymmetric encryption (two keys are used to carry out the encryption procedure: one to decrypt the message (the so-called private key) and a public key used to encrypt the message, which is generally available to anyone,
• symmetric encryption (one and the same key is used for the encryption and decryption process).

In what situations is the encryption process applicable?

Data encryption is already practically everywhere. In every area of our lives, although many people don’t realize it. 1G network technology was a first-generation analog cellular network and the last one that did not use data encryption. Therefore, its main drawback was its susceptibility to eavesdropping and, by using analog technology, its susceptibility to interference. In each subsequent generation of cellular networks, data transmission has already been encrypted. Here are some examples from everyday life where encryption is applicable:

• payment cards,
• websites (nowadays it is standard that the transmission between the user and the web server is already encrypted. Until a few years ago, only banking sites, transaction services or e-mail were subject to encryption, although in the case of mail, this was not so observed.

For what purpose should data be encrypted?

The purpose of disk encryption is to prevent third parties from reading confidential data. For example, when browsing the web, the entire content of the page is downloaded to the computer. When logging into banking or social networking sites during the authorization process, the login and password are sent to the server to confirm identity. If the transmission is not encrypted, the data can be very easily previewed with a network traffic scanner, such as “Wireshark”, and consequently – it can be read without problems. In the case of logical drives or other media, such as flash drives, it is enough to take over the given unencrypted media. Even if we have an established user password, the only thing that protects us is the NTFS system. It is enough to plug the media into another computer as an external memory and we practically have access to all files. To protect against this type of situation, encrypt the entire drive with a tool (such as BitLocker or VeraCrypt), using the appropriate encryption algorithm.

What is BitLocker disk encryption?

It is a Microsoft cryptographic solution that encrypts drives with AES 128 or 256-bit cipher. BitLocker allows you to encrypt both internal and external drives like flash drives. Authentication is possible with:

• TPM module,
• password,
• 48-bit key,
• a key stored on a USB drive (.bak),
• additionally, we have the possibility to assign to a user in the domain a device on which it will be automatically unlocked.

BitLocker in eAuditor system

In the eAuditor system we have added a new functionality that allows from the console level manage encryption on all computers, that have BitLocker and the eAuditor or Hyprovision DLP system agent installed. Disks encrypted with BitLocker can be used on any Windows computer, regardless of version.

Identification of storage and removable drives in the eAuditor system

eAuditor identifies all storage (physical and logical drives) and verifies whether a drive (partition) has been encrypted with BitLocker. Using eAuditor, you can remotely encrypt and decrypt one or multiple drives.

• What BitLocker functionalities are available in the eAuditor system?
  Encryption or decryption of selected logical drives on selected computers in the system using: password, TPM module or 48-bit key.
• Encryption of flash drives using: password, 48-bit key and the ability to assign a device to a specific device in the domain.