Blackberry PRD-09695-004 Technical Overview - Page 27

yxS = yxzP, for some z such that S = zP. To calculate yxP from yzxP without knowledge of z corresponds to solving the discrete logarithm problem, which is computationally infeasible, for S. Offline dictionary attack An offline dictionary attack occurs when a user with malicious intent tries all possible passwords and determines the correct password. The connection key establishment protocol is designed to use SPEKE to prevent a known offline dictionary attack through the use of a password (the secure pairing PIN) in case the user with malicious intent uses computational resources (where, in theory, nothing limits the speed at which the user with malicious intent can force the password) to determine the password. Online dictionary attack An online dictionary attack is similar to an offline dictionary attack, but a user with malicious intent must rely on the BlackBerry® device, the computer, or the BlackBerry® Smart Card Reader to determine if a key is the correct secure pairing PIN. The BlackBerry Smart Card Reader supports only one try to guess the secure pairing PIN. If the guess is incorrect, the BlackBerry Smart Card Reader changes the secure pairing PIN before the next try occurs. Small subgroup attack A small subgroup attack occurs when a user with malicious intent tries to limit the protocol to generate device transport keys from only a small subset of keys. The BlackBerry® Smart Card Reader security protocols are designed to use ECDH operations that use a cofactor in their calculations and verify that the result is not the point at infinity. For example, if the user with malicious intent chooses X as the point at infinity, then K is the point at infinity regardless of what the BlackBerry Smart Card Reader chose for Y. By checking that X is not at the point of infinity, 1, or -1, the BlackBerry Smart Card Reader security protocols are designed to avert this threat. 27