Blackberry PRD-09695-004 Technical Overview - Page 26

Examples of attacks that the BlackBerry Smart Card Reader security protocols are designed to prevent Eavesdropping An eavesdropping event occurs when a user with malicious intent listens to the communication between the BlackBerry® Smart Card Reader and a BlackBerry device or computer. The goal of the user with malicious intent is to determine the shared device transport key on the BlackBerry Smart Card Reader and the BlackBerry device or computer, given only xS and yS. The initial key establishment protocol and the connection key establishment protocol are designed so that the user with malicious intent can only compute the device transport key by solving the ECDH problem. This calculation is equivalent to solving the DH problem, which is considered computationally infeasible. Impersonating a BlackBerry device or computer An impersonation of the BlackBerry® Smart Card Reader occurs when a user with malicious intent sends messages to a BlackBerry device or computer so that the BlackBerry device or computer believes it is communicating with the BlackBerry Smart Card Reader. The user with malicious intent must send X = xP, instead of xS to the BlackBerry Smart Card Reader. A user with malicious intent might try this when the user with malicious intent does not know the secure pairing PIN. The initial key establishment protocol is designed so that the BlackBerry Smart Card Reader calculates K = yX = yxP. To calculate the same key, the user with malicious intent must determine y from Y. This problem is considered to be computationally infeasible. The connection key establishment protocol is designed so that a user with malicious intent can perform only the following actions: • guess the secure pairing PIN • compute the device transport key by solving the discrete log problem, which is computationally infeasible, to try to determine the secret private key on the BlackBerry device or computer Man-in-the-middle attack A man-in-the-middle attack occurs when a user with malicious intent intercepts and modifies messages in transit between the BlackBerry® Smart Card Reader and a BlackBerry device or computer. A successful man-in-the-middle attack results in each party not knowing that the user with malicious intent is sitting between them, monitoring and changing data traffic. The user with malicious intent must remain in the middle (between the BlackBerry device or computer and the BlackBerry Smart Card Reader) forever, not just for the duration of the key establishment protocol, for a man-in-themiddle attack to occur. For a user with malicious intent to successfully start a man-in-the-middle attack, the user with malicious intent must know the secure pairing PIN. The initial key establishment protocol is designed to use ECDH and the shared device transport key to prevent a man-in-the-middle attack. If the user with malicious intent learns the secure pairing PIN after the initial key establishment protocol is complete, the mathematical difficulty of the discrete log problem protects the device transport key. To determine the device transport key, the user with malicious intent must determine one of x or y. The user cannot gain knowledge of the device transport key before the initial key establishment protocol begins as long as the secure pairing PIN remains secret until the initial key establishment protocol completes successfully. The connection key establishment protocol is designed to use SPEKE to prevent a man-in-the-middle attack through the use of the secure pairing PIN. Offline attack An offline attack occurs when a user with malicious intent tries to send X = xP, instead of xS to the BlackBerry® Smart Card Reader. The user with malicious intent might try this when the user with malicious intent does not know the secure pairing PIN. The initial key establishment protocol is designed so that the BlackBerry Smart Card Reader replies with Y=xS and calculates K = yX = yxP. Meanwhile, the user with malicious intent must calculates K = xY = 26