BlackBerry Smart Card Reader
24
Appendix E: Examples of attacks that the BlackBerry Smart Card Reader
security protocols are designed to prevent
Eavesdropping
An eavesdropping event occurs when the user with malicious intent listens to the communication between the
BlackBerry Smart Card Reader and the BlackBerry device or computer. The goal of the user with malicious intent
is to determine the shared master encryption key on the BlackBerry Smart Card Reader and the BlackBerry
device or computer, given only
xS
and
yS
.
The initial key establishment protocol and the connection key establishment protocol are designed so that the
user with malicious intent can only compute the master encryption key by solving the ECDH problem. This
calculation is equivalent to solving the DH problem, which is computationally infeasible.
Impersonating a BlackBerry device or computer
An impersonation of the BlackBerry Smart Card Reader occurs when the user with malicious intent sends
messages to the BlackBerry device or computer so that the BlackBerry device or computer believes it is
communicating with the BlackBerry Smart Card Reader. The user with malicious intent must send
X
=
xP
, instead
of
xS
to the BlackBerry Smart Card Reader. A user with malicious intent might try this because the user with
malicious intent does not know the secure pairing key.
The initial key establishment protocol is designed so that the BlackBerry Smart Card Reader calculates
K
=
yX
=
yxP
. To calculate the same key, the user with malicious intent must determine
y
from
Y
. This problem is
considered to be computationally infeasible.
The connection key establishment protocol is designed so that
•
the user with malicious intent can only guess the secure pairing key
•
the user with malicious intent can only compute the master encryption key by solving the discrete log
problem, which is computationally infeasible, to try to determine the secret private key on the BlackBerry
device or computer
Man-in-the-middle attack
A man-in-the-middle attack occurs when the user with malicious intent intercepts and modifies messages in
transit between the BlackBerry Smart Card Reader and the BlackBerry device or computer. A successful man-in-
the-middle attack results in each party not knowing that the user with malicious intent is sitting between them,
monitoring and changing data traffic.
The user with malicious intent must remain in the middle (between the BlackBerry device or computer and the
BlackBerry Smart Card Reader) forever, not just for the duration of the key establishment protocol, for a man-in-
the-middle attack to occur. For a user with malicious intent to successfully start a man-in-the-middle attack, the
user with malicious intent must know the secure pairing key.
The initial key establishment protocol is designed to use ECDH and the shared master encryption key to prevent
a man-in-the-middle attack. If a user with malicious intent learns the secure pairing key after the initial key
establishment protocol is complete, the mathematical hardness of the discrete log problem protects the master
encryption key. To determine the master encryption key, a user with malicious intent must determine one of
x
or
y
. The user cannot gain knowledge of the master encryption key before the initial key establishment protocol
begins as long as the secure pairing key remains secret until the initial key establishment protocol completes
successfully.
The connection key establishment protocol is designed to use SPEKE to prevent a man-in-the-middle attack
through the use of the secure pairing key.
Offline attack
An offline attack occurs when the user with malicious intent tries to send
X
=
xP
, instead of
xS
to the BlackBerry
Smart Card Reader. A user with malicious intent might try this because the user with malicious intent does not
know the secure pairing key. The initial key establishment protocol is designed so that the BlackBerry Smart
Card Reader replies with
Y
=
xS
and calculates
K
=
yX
=
yxP
. Meanwhile, the user with malicious intent must
www.blackberry.com