Offline Dictionary Attack; Online Dictionary Attack; Small Subgroup Attack - Blackberry PRD-09695-004 - SMART Card Reader Overview

yxS = yxzP, for some z such that S = zP. To calculate yxP from yzxP without knowledge of z corresponds to solving the
discrete logarithm problem, which is computationally infeasible, for S.

Offline dictionary attack

An offline dictionary attack occurs when a user with malicious intent tries all possible passwords and determines the
correct password. The connection key establishment protocol is designed to use SPEKE to prevent a known offline
dictionary attack through the use of a password (the secure pairing PIN) in case the user with malicious intent uses
computational resources (where, in theory, nothing limits the speed at which the user with malicious intent can force
the password) to determine the password.

Online dictionary attack

An online dictionary attack is similar to an offline dictionary attack, but a user with malicious intent must rely on the
BlackBerry® device, the computer, or the BlackBerry® Smart Card Reader to determine if a key is the correct secure
pairing PIN.
The BlackBerry Smart Card Reader supports only one try to guess the secure pairing PIN. If the guess is incorrect, the
BlackBerry Smart Card Reader changes the secure pairing PIN before the next try occurs.

Small subgroup attack

A small subgroup attack occurs when a user with malicious intent tries to limit the protocol to generate device
transport keys from only a small subset of keys.
The BlackBerry® Smart Card Reader security protocols are designed to use ECDH operations that use a cofactor in
their calculations and verify that the result is not the point at infinity. For example, if the user with malicious intent
chooses X as the point at infinity, then K is the point at infinity regardless of what the BlackBerry Smart Card Reader
chose for Y. By checking that X is not at the point of infinity, 1, or –1, the BlackBerry Smart Card Reader security
protocols are designed to avert this threat.
27