Table of Contents
Advertisement
BlackBerry Enterprise Solution
Appendix G: BlackBerry Router protocol
When the BlackBerry Enterprise Server and the BlackBerry device use the BlackBerry Router protocol to open a
connection between them, the BlackBerry Router protocol is designed to use its unique authentication protocol
to verify that the BlackBerry device has the correct master encryption key while preventing the BlackBerry
Router from knowing the value of the master encryption key. To accomplish this, the BlackBerry Router protocol
uses two runs of the elliptic curve version of the Schnorr identification scheme to provide mutual authentication
between the BlackBerry device and the BlackBerry Enterprise Server.
The BlackBerry Enterprise Server and the BlackBerry Router also use the BlackBerry Router protocol to close an
authenticated connection to the BlackBerry device. The BlackBerry Router protocol is designed to allow only an
authenticated party to close the connection by using one run of the Schnorr identification scheme to
authenticate the close command that the BlackBerry Enterprise Server sends to the BlackBerry Router.
The BlackBerry Router, the BlackBerry Enterprise Server, and the BlackBerry device are designed to share the
following cryptosystem parameters when using the BlackBerry Router protocol.
Parameter
Description
E(Fq)
the NIST-approved 521-bit random elliptic curve over Fq, which has a cofactor of 1; the
BlackBerry Router authentication protocol does all math operations in the group E(Fq) and Z
Fq
a finite field of prime order q
P
a point of E that generates a prime subgroup of E(Fq) of order p
xR
a representation of elliptic curve scalar multiplication, where x is the scalar and R is a point on
E(Fq)
s
the master encryption key value
h
the SHA-512 hash of s
How the BlackBerry Router protocol uses the Schnorr identification scheme
The implementation of the Schnorr identification scheme in the BlackBerry Router protocol uses a group of large
prime order, the additive group of elliptic curve points for a prime p.
The BlackBerry Router protocol is designed to use the following security measures:
•
uses the NIST recommended 521 bit elliptic curve group
•
verifies that points supplied by the parties involved in the communication are members of the Elliptic Curve
group
•
verifies that R
does not equal R
D
•
verifies that e does not equal 0, to prevent recovery of h by an attacker
•
verifies that R does not equal the point at infinity, to verify that R is a valid public key
•
verifies that R does not equal the point at infinity, to verify that R is a valid public key
•
resets any malformed data that it finds to a random value so that the protocol can proceed past the point at
which it detects malformed data, allowing the protocol to fail at completion only; this measure is designed
to prevent various types of timing attacks
Examples of attacks that the BlackBerry Router protocol is designed to prevent
Impersonating a BlackBerry device
An impersonation of the BlackBerry device occurs when the attacker sends messages to the BlackBerry
Enterprise Server so that the BlackBerry Enterprise Server believes it is communicating with the BlackBerry
device. The attacker must send master encryption key value (s) to the BlackBerry Enterprise Server, which
requires effectively solving the discrete log problem to determine s or the hash of s.
©
2009 Research In Motion Limited. All rights reserved.
, to prevent recovery of h by an attacker
B
www.blackberry.com
80
p
Advertisement
Table of Contents
