Manualshelf

User guide

ManualsBrandsBlackberry ManualsOtherENTERPRISE SOLUTION SECURITY - ENFORCING ENCRYPTION OF INTERNAL AND EXTERNAL FILE SYSTEMS ON DEVICES
31323334353637383940
A traditional attack tries to exploit data that a cryptographic system stores or transmits. The potentially malicious user tries to
determine the key or the plain-text data by exploiting a weakness in the design of the cryptographic algorithm or protocol.
The potentially malicious user uses a side-channel attack to try to exploit the physical properties of the BlackBerry device
implementation of the AES algorithm using power analysis (for example, SPA and DPA) and electromagnetic analysis (for example,
SEMA and DEMA). A potentially malicious user tries to determine the keys that the BlackBerry device uses by measuring and
analyzing the power consumption or the electromagnetic radiation that the BlackBerry device emits during cryptographic
operations. The BlackBerry device uses a masking operation, table splitting, and a random mask application to help protect the
keys and plain-text data against side-channel attacks at all points during the encryption and decryption operations.
Process flow: Running a masking operation during the first AES calculation when content protection is turned on
During the first AES calculation, the BlackBerry® device performs the following actions if you or a user turned on content
protection:
1. runs a masking operation by performing the following actions:
a. creates a mask table (M), where each table entry is a random value
b. creates a masked version of the S-Box table (S') that is used within AES
c. periodically and randomly changes the order of all table entries
2. runs the result of step 1 as the input through both M and S'
3. combines the output of step 2 from M and S'
4. deletes the mask and produces the AES output
Process flow: Running a masking operation during subsequent AES calculations when content protection is turned
on
A BlackBerry® device performs the following actions:
1. performs the masking operation by periodically and randomly permuting all table entries in every calculation
2. runs the input through both M and S'
3. combines the output from M and S'
4. deletes the mask and produces the AES output
Process flow: Running a masking operation when a BlackBerry device does not use content protection
If you or a user did not turn on content protection, aBlackBerry® device performs the following actions during an AES calculation:
1. masks the output from the round key
2. masks the AES S-Box input
3. masks the AES S-Box output
How the AES algorithm creates S-Box tables and uses round keys and masks
A BlackBerry® device permutes each AES S-Box entry at random and masks each entry with a random value.
Security Technical Overview
Algorithms that the BlackBerry Enterprise Solution uses to encrypt data
30