Embed Size (px)
Citation preview
On login screen
Powered offUser session
is open
M a ch i n e l i f e c yc l e
On login screen
Powered offUser session
is open
SysKey / BootKey
M a ch i n e l i f e c yc l e
On login screen
Powered offUser session
is open
SysKey / BootKey
EFS
M a ch i n e l i f e c yc l e
On login screen
Powered offUser session
is open
BitLocker
SysKey / BootKey
EFS
M a ch i n e l i f e c yc l e
On login screen
Powered offUser session
is open
BitLocker
SysKey / BootKey
EFS
DPAPI
M a ch i n e l i f e c yc l e
On login screen
Powered offUser session
is open
BitLocker
SysKey / BootKey
EFS
DPAPI
LSASS
M a ch i n e l i f e c yc l e
On login screen
Powered offUser session
is open
BitLocker
SysKey / BootKey
EFS
DPAPI
LSASS
.NET ProtectedMemory, ...
M a ch i n e l i f e c yc l e
On login screen
Powered offUser session
is open
BitLocker
SysKey / BootKey
EFS
DPAPI
LSASS
.NET ProtectedMemory, ...
CryptoAPI and CNG
M a ch i n e l i f e c yc l e
On login screen
Powered offUser session
is open
BitLocker
SysKey / BootKey
EFS
DPAPI
LSASS
.NET ProtectedMemory, ...
Machine Key
CryptoAPI and CNG
M a ch i n e l i f e c yc l e
On login screen
Powered offUser session
is open
BitLocker
SysKey / BootKey
EFS
DPAPI
LSASS
.NET ProtectedMemory, ...
Machine Key
CryptoAPI and CNG
SMB
M a ch i n e l i f e c yc l e
On login screen
Powered offUser session
is open
BitLocker
SysKey / BootKey
EFS
DPAPI
LSASS
.NET ProtectedMemory, ...
Machine Key
CryptoAPI and CNG
SMB
Group Policy Prefs
M a ch i n e l i f e c yc l e
On login screen
Powered offUser session
is open
BitLocker
SysKey / BootKey
EFS
DPAPI
LSASS
.NET ProtectedMemory, ...
Machine Key
CryptoAPI and CNG
SMB
Schannel
Group Policy Prefs
M a ch i n e l i f e c yc l e
On login screen
Powered offUser session
is open
BitLocker
SysKey / BootKey
EFS
DPAPI
LSASS
.NET ProtectedMemory, ...
Machine Key
CryptoAPI and CNG
SMB
Schannel
Group Policy Prefs
Windows CardSpace
M a ch i n e l i f e c yc l e
On login screen
Powered offUser session
is open
BitLocker
SysKey / BootKey
EFS
DPAPI
LSASS
.NET ProtectedMemory, ...
Machine Key
CryptoAPI and CNG
SMB
Schannel
Group Policy Prefs
Windows CardSpace
M a ch i n e l i f e c yc l e
On login screen
Powered offUser session
is open
BitLocker
SysKey / BootKey
EFS
DPAPI
LSASS
.NET ProtectedMemory, ...
Machine Key
CryptoAPI and CNG
SMB
Schannel
Group Policy Prefs
Windows CardSpace
M a ch i n e l i f e c yc l e
On login screen
Powered offUser session
is open
BitLocker
SysKey / BootKey
EFS
DPAPI
LSASS
.NET ProtectedMemory, ...
Machine Key
CryptoAPI and CNG
SMB
Schannel
Group Policy Prefs
Windows CardSpace
M a ch i n e l i f e c yc l e
Name TypeProtected
assets
Open
questions
Importance
for futureTotal Research Tools
Support for
recent versions?Total
Resulting
priorityRank
Windows Data Protection
API (DPAPI)OS 5 4 4 80 3 3 3 27 53 1
PrioritiesDescription Adding factors Diminushing factors
DHCP serverWindows 8 client with
Network Unlock
Windows Server 2012
Computer boots
DHCP request via the UEFI DHCP driver
Returns IPv4 address
Vendor specific DHCP broadcast containing a network and a session key.Both keys are encrypted using the public key of the network Unlock certificate.
Server recognises the request anddecrypts the message with its private key.
Server returns the network key encrypted with the session key via a specific DHCP reply
Decrypts the network key andstarts the computer if it matches
