Blackberry PRD-09695-004 Security Guide - Page 24

BlackBerry Smart Card Reader 24 Appendix E: Examples of attacks that the BlackBerry Smart Card Reader security protocols are designed to prevent Eavesdropping An eavesdropping event occurs when the user with malicious intent listens to the communication between the BlackBerry Smart Card Reader and the BlackBerry device or computer. The goal of the user with malicious intent is to determine the shared master encryption key on the BlackBerry Smart Card Reader and the BlackBerry device or computer, given only xS and yS. The initial key establishment protocol and the connection key establishment protocol are designed so that the user with malicious intent can only compute the master encryption key by solving the ECDH problem. This calculation is equivalent to solving the DH problem, which is computationally infeasible. Impersonating a BlackBerry device or computer An impersonation of the BlackBerry Smart Card Reader occurs when the user with malicious intent sends messages to the BlackBerry device or computer so that the BlackBerry device or computer believes it is communicating with the BlackBerry Smart Card Reader. The user with malicious intent must send X = xP, instead of xS to the BlackBerry Smart Card Reader. A user with malicious intent might try this because the user with malicious intent does not know the secure pairing key. The initial key establishment protocol is designed so that the BlackBerry Smart Card Reader calculates K = yX = yxP. To calculate the same key, the user with malicious intent must determine y from Y. This problem is considered to be computationally infeasible. The connection key establishment protocol is designed so that • the user with malicious intent can only guess the secure pairing key • the user with malicious intent can only compute the master encryption key by solving the discrete log problem, which is computationally infeasible, to try to determine the secret private key on the BlackBerry device or computer Man-in-the-middle attack A man-in-the-middle attack occurs when the user with malicious intent intercepts and modifies messages in transit between the BlackBerry Smart Card Reader and the BlackBerry device or computer. A successful man-inthe-middle attack results in each party not knowing that the user with malicious intent is sitting between them, monitoring and changing data traffic. The user with malicious intent must remain in the middle (between the BlackBerry device or computer and the BlackBerry Smart Card Reader) forever, not just for the duration of the key establishment protocol, for a man-inthe-middle attack to occur. For a user with malicious intent to successfully start a man-in-the-middle attack, the user with malicious intent must know the secure pairing key. The initial key establishment protocol is designed to use ECDH and the shared master encryption key to prevent a man-in-the-middle attack. If a user with malicious intent learns the secure pairing key after the initial key establishment protocol is complete, the mathematical hardness of the discrete log problem protects the master encryption key. To determine the master encryption key, a user with malicious intent must determine one of x or y. The user cannot gain knowledge of the master encryption key before the initial key establishment protocol begins as long as the secure pairing key remains secret until the initial key establishment protocol completes successfully. The connection key establishment protocol is designed to use SPEKE to prevent a man-in-the-middle attack through the use of the secure pairing key. Offline attack An offline attack occurs when the user with malicious intent tries to send X = xP, instead of xS to the BlackBerry Smart Card Reader. A user with malicious intent might try this because the user with malicious intent does not know the secure pairing key. The initial key establishment protocol is designed so that the BlackBerry Smart Card Reader replies with Y=xS and calculates K = yX = yxP. Meanwhile, the user with malicious intent must www.blackberry.com