Innovation in Mobile Email
10 Website: www.blackberry.net
1997-2000 Research In Motion Limited
Message Integrity
The end-to-end encryption also ensures the integrity of the message. Even if the message was to be
intercepted when travelling between the desktop and handheld, an intervenor cannot alter the contents of
the message. If the message is altered in transit, the decryption engine at the receiving end will reject the
message.
How Secure Is It?
BlackBerry uses the Triple-DES encryption algorithm. The U.S. government created this encryption
algorithm and using today’s technology it would take many trillions of years to decode a message
encrypted by it. In the past year, a message encrypted with Single-DES was cracked in a reasonable period
of time using many computers operating in parallel. But it is important to note that Triple-DES would take
a thousand trillion times longer than Single-DES to break. Triple-DES is used by the banking industry to
protect sensitive transactions and is the only widely-used and tested encryption algorithm.
Guarding the Back Doors
The encryption algorithm itself is only part of a secure private key encryption system. Potential areas of
weakness in any encryption system include generation of the key, transfer of the key, and security of the
key. Since computers are too deterministic to be able to generate a purely random encryption key, all good
private key solutions require human-produced randomness to generate a key. When BlackBerry is installed,
a dialog box will appear, asking the user to move the mouse. At this point, enough random mouse
movements are captured to ensure a truly random key (Figure 6).
Figure 6: Encryption Key Generation
Because of the importance that the key is known only to the desktop and the handheld, the security of the
key transfer between the desktop and handheld is also extremely important. If the key is not transferred
over a secure link, there is potential for “eavesdroppers” to intercept the key exchange. The BlackBerry
solution uses the cradle’s private serial connection between the desktop and the handheld to transfer keys.
The final area of potential weakness in a secure end-to-end solution is perhaps the most obvious – security
of the “ends” where the keys are held. Setting a user password on the handheld can protect the contents of
the RIM Wireless Handheld. Once set, the user can easily lock the handheld to protect against unauthorized
access, including access through the serial port on the handheld. If the user accidentally leaves the handheld
unlocked, password protection automatically begins after a brief period of inactivity if the password is set.
Should an incorrect password be entered more than ten times, the handheld’s memory will automatically be
erased, leaving the handheld unusable. If the legitimate owner forgot the password, the handheld’s
applications can be reloaded at the desktop. The password itself is stored on the handheld in a secure
manner so if the contents of memory were somehow downloaded from the handheld, it would not be
possible to determine the password. As an added measure of security, the IT department can enforce the use
of passwords and even the length of passwords for all BlackBerry users.
Conclusion
The only security concern left is the requirement of leaving the computer on. This desktop requirement can
be eliminated with the deployment of the BlackBerry Enterprise Server. In any event, security of the user’s
desktop can be achieved by means that are likely already in place – physical security within the company’s
(13 paginas)
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comentarios a estos manuales