Email	Print Reprint
	add to:
	Del.icio.us Digg Google Furl	Slashdot Y! MyWeb Blink
	TABLE OF CONTENTS Bitlocker Drive Encryption Testing Methodology Performance Analysis Security

To protect the confidentiality of data stored on hard disks, security applications (called "disk encryption" applications) are often used. The Windows Vista Enterprise and Ultimate editions, for instance, use Bitlocker Drive Encryption, which encrypts all data on the system volume. And at the heart of Bitlocker is the AES-CBC + Elephant diffuser encryption algorithm (download.microsoft.com/download/0/2/3/ 0238acaf-d3bf-4a6d-b3d6-0a0be4bbb36e/ BitLockerCipher200608.pdf).

Figure 1 presents an overview of the AES-CBC + Elephant diffuser (a "diffuser" is a data-mixing function). As you can see, there are four separate operations in each encryption. The plaintext is XORed with a sector key, run through two different diffusers, and then encrypted with the Advanced Encryption Standard (AES) in cipher-block chaining (CBC) mode. Diffuser A runs AC times and Diffuser B runs BC times. In the current Bitlocker implementation, AC=5 and BC=3.

Figure 1: Overview of AES-CBC + Elephant diffuser.

Plaintext and key are parameterized; in this article, the parameters we use are:

• Plaintext is 512 bytes. The current standard sector size.
• Tweak-key is 256 bits. The first 128 bits serve as the drive sector key and the last 128 bits as the Initial Vector (IV) for AES-CBC.
• We use the 256-bit key versions of the AES for maximum security.

1 Bitlocker Drive Encryption | 2 Testing Methodology | 3 Performance Analysis | 4 Security Next Page

RELATED ARTICLES Building Line-of-Business Apps with Silverlight 2 Code Signing in Adobe AIR Using LINQ-to-SQL XML Mapping Files Identifying Weaknesses In Network-accessible Programs CodeGear Delphi 2009, C++ Builder 2009 Released		TOP 5 ARTICLES No Top Articles.