1. Manuals
  2. Brands
  3. Blackberry Manuals
  4. Card Reader
  5. PRD-09695-004 - SMART Card Reader
  6. Manual

Offline Dictionary Attack; Online Dictionary Attack; Small Subgroup Attack - Blackberry PRD-09695-004 - SMART Card Reader Manual

Blackberry smart card reader security technical overview
Hide thumbs Also See for PRD-09695-004 - SMART Card Reader:
Table of Contents

Advertisement

BlackBerry Smart Card Reader
25
calculates K = xY = yxS = yxzP, for some z such that S = zP. To calculate yxP from yzxP without knowledge of z
corresponds to solving the discrete logarithm problem, which is computationally infeasible, for S.

Offline dictionary attack

An offline dictionary attack occurs when the user with malicious intent tries all possible passwords and
determines the correct password. The connection key establishment protocol is designed to use SPEKE to
prevent a known offline dictionary attack through the use of a password (the secure pairing key) in case the user
with malicious intent uses computational resources (where, in theory, nothing limits the speed at which the user
with malicious intent can force the password) to determine the password.

Online dictionary attack

An online dictionary attack is similar to an offline dictionary attack, but the user with malicious intent must rely
on the BlackBerry device, the computer, or the BlackBerry Smart Card Reader to determine if a key is the correct
secure pairing key.
The BlackBerry Smart Card Reader supports only one try to guess the secure pairing key. If the guess is incorrect,
the BlackBerry Smart Card Reader changes the secure pairing key before the next try occurs.

Small subgroup attack

A small subgroup attack occurs when the user with malicious intent tries to limit the protocol to generate master
encryption keys from only a small subset of keys.
The BlackBerry Smart Card Reader security protocols are designed to use ECDH operations that use the cofactor
in their calculations and verify that the result is not the point at infinity. For example, if the user with malicious
intent chooses X as the point at infinity, then K is the point at infinity regardless of what the BlackBerry Smart
Card Reader chose for Y. By checking that X is not at the point of infinity, 1, or –1, the BlackBerry Smart Card
Reader security protocols avert this threat.
www.blackberry.com

Advertisement

Table of Contents
loading

Related Manuals for Blackberry PRD-09695-004 - SMART Card Reader

Related Content for Blackberry PRD-09695-004 - SMART Card Reader

This manual is also suitable for:

Smart card reader

Table of Contents