On Shifting “Windows” and “Security” from Less Antonymous to More Synonymous
(Page 6)
The Figuratively-Two-Tusked Elephant
Several compromises had to be made, and in a situation such as this, custom tailoring was the only route, given the lack of pre-existing options. Remember this maxim: Security is a trade-off. And so it goes, practical environments rarely spawn a Homeric lotusland climate. Even though we have a treasure trove full of secure cryptographic primitives, there comes a time when none of them will fit. How well did Microsoft improvise? Impressively well. Consider the certainty that cryptography generates overhead, and this overhead must be acceptable; if it's unacceptable, users will disable it. Why? For many, convenience is greater than security. I doubt Windows Vista (Molasses Edition) is on the company's radar.
Meet Elephant. Elephant sports two diffusers, which are built to render much better poor-man's authentication than vanilla AES in CBC mode (which shall hereby be dubbed “AES-CBC”); it should be noted, however, that AES-CBC mode, without Elephant, is an option, because there of those of you out there who must obey strict standards compliance policies. You're going to lose integrity preservation this way, but this appears to be an inevitable caveat of the conditions that BitLocker is working under. Although not ideal, poor-man's authentication is the most suitable solution for these constraints, and Elephant's goal is to make the best of it. Until a more detailed analysis is published, I'll laymanize the general voodoo that composes its structure. To help elucidate the flow of understanding, here's a simple graphic.
Click to view the diagram of BitLocker's internal cryptographic primitives.
When encryption takes place, four operations occur. The plaintext is combined, via XOR, with a sector key. At this point, it flows through two unkeyed diffusers. From there, it is encrypted using AES-CBC. The sector key, and AES-CBC, are the two components that require key material; this leads to the crucial aspect of keying them independently. By doing so, it simplifies the formalization of a proof for reducing the security of the AES-CBC and Elephant construction to that of AES-CBC. This dexterous tactic balances the scale a little, since Elephant is a new primitive, and new primitives will be met with reluctance until they're rigorously analyzed. Having the ability to show that the AES-CBC and Elephant construction is no easier to attack than AES-CBC alone, is perhaps its flagship property.
<
1
2
3
4
5
6
7
8
>
