publication . Preprint . 2019

BitCracker: BitLocker meets GPUs

Agostini, Elena; Bernaschi, Massimo;
Open Access English
  • Published: 04 Jan 2019
Abstract
BitLocker is a full-disk encryption feature available in recent Windows versions. It is designed to protect data by providing encryption for entire volumes and it makes use of a number of different authentication methods. In this paper we present a solution, named BitCracker, to attempt the decryption, by means of a dictionary attack, of memory units encrypted by BitLocker with a user supplied password or the recovery password. To that purpose, we resort to GPU (Graphics Processing Units) that are, by now, widely used as general-purpose coprocessors in high performance computing applications. BitLocker decryption process requires the computation of a very large ...
Subjects
free text keywords: Computer Science - Cryptography and Security
Download from

[1] BitLocker Drive Encryption: us/library/cc162804.aspx

[2] Implementing BitLocker Drive Encryption for Forensic Analysis, Jesse D. Kornblum, Digital Investigation: The International Journal of Digital Forensics & Incident Response archive, Volume 5 Issue 3-4, March 2009, Pages 75-84

[3] Secure Hash Standard (SHS), Information Technology Laboratory, National Institute of Standards and Technology, Gaithersburg, MD 20899- 8900 (http://dx.doi.org/10.6028/NIST.FIPS.180-4). Checked on May 20 2018.

[4] N. Kumar and V. Kumar, `Bitlocker and Windows Vista', 2008 (http://www.nvlabs.in/uploads/projects/nvbit/nvbit_bitlocker_white_paper.pdf. Checked on May 20 2018)

[5] BitLocker Drive Encryption (BDE) format speci cation: https://github.com/libyal/libbde/tree/master/documentation. Checked on May 20 2018.

[6] Dislocker: FUSE driver to read/write Windows' BitLocker-ed volumes under Linux/Mac OSX: https://github.com/Aorimn/dislocker. Checked on May 20 2018.

[7] Hashcat: https://hashcat.net/hashcat. Checked on May 20 2018.

[8] John the Ripper: http://www.openwall.com/john. Checked on May 20 2018.

[9] John the Ripper GitHub: https://github.com/magnumripper/JohnTheRipper. Checked on May 20 2018.

[11] M. Bernaschi, M. Bisson, F. Milo, \A Fast, GPU based, Dictionary Attack to OpenPGP Secret Keyrings", Journal of Systems and Software, Vol. 84, n. 12 (2011). [OpenAIRE]

[12] Elcomsoft Forensic Disk Decryptor, https://www.elcomsoft.com/efdd.html. Checked on May 20 2018.

[13] Openwall HPC Village: Checked on May 20 2018.

[14] BitCracker on GitHub: Checked on May 20 2018.

Abstract
BitLocker is a full-disk encryption feature available in recent Windows versions. It is designed to protect data by providing encryption for entire volumes and it makes use of a number of different authentication methods. In this paper we present a solution, named BitCracker, to attempt the decryption, by means of a dictionary attack, of memory units encrypted by BitLocker with a user supplied password or the recovery password. To that purpose, we resort to GPU (Graphics Processing Units) that are, by now, widely used as general-purpose coprocessors in high performance computing applications. BitLocker decryption process requires the computation of a very large ...
Subjects
free text keywords: Computer Science - Cryptography and Security
Download from

[1] BitLocker Drive Encryption: us/library/cc162804.aspx

[2] Implementing BitLocker Drive Encryption for Forensic Analysis, Jesse D. Kornblum, Digital Investigation: The International Journal of Digital Forensics & Incident Response archive, Volume 5 Issue 3-4, March 2009, Pages 75-84

[3] Secure Hash Standard (SHS), Information Technology Laboratory, National Institute of Standards and Technology, Gaithersburg, MD 20899- 8900 (http://dx.doi.org/10.6028/NIST.FIPS.180-4). Checked on May 20 2018.

[4] N. Kumar and V. Kumar, `Bitlocker and Windows Vista', 2008 (http://www.nvlabs.in/uploads/projects/nvbit/nvbit_bitlocker_white_paper.pdf. Checked on May 20 2018)

[5] BitLocker Drive Encryption (BDE) format speci cation: https://github.com/libyal/libbde/tree/master/documentation. Checked on May 20 2018.

[6] Dislocker: FUSE driver to read/write Windows' BitLocker-ed volumes under Linux/Mac OSX: https://github.com/Aorimn/dislocker. Checked on May 20 2018.

[7] Hashcat: https://hashcat.net/hashcat. Checked on May 20 2018.

[8] John the Ripper: http://www.openwall.com/john. Checked on May 20 2018.

[9] John the Ripper GitHub: https://github.com/magnumripper/JohnTheRipper. Checked on May 20 2018.

[11] M. Bernaschi, M. Bisson, F. Milo, \A Fast, GPU based, Dictionary Attack to OpenPGP Secret Keyrings", Journal of Systems and Software, Vol. 84, n. 12 (2011). [OpenAIRE]

[12] Elcomsoft Forensic Disk Decryptor, https://www.elcomsoft.com/efdd.html. Checked on May 20 2018.

[13] Openwall HPC Village: Checked on May 20 2018.

[14] BitCracker on GitHub: Checked on May 20 2018.

Powered by OpenAIRE Open Research Graph
Any information missing or wrong?Report an Issue