User guide
BlackBerry Smart Card Reader Security 23
Appendix E: Examples of attacks that the BlackBerry Smart Card Reader
security protocols are designed to prevent
Eavesdropping
An eavesdropping event occurs when the attacker listens to the communication between the BlackBerry Smart
Card Reader and the BlackBerry device or computer. The goal of the attacker is to determine the shared master
encryption key on the BlackBerry Smart Card Reader and the BlackBerry device or computer, given only xS and
yS.
The initial key establishment protocol and the connection key establishment protocol are designed so that the
attacker can only compute the master encryption key by solving the ECDH problem. This calculation is
equivalent to solving the DH problem, which is computationally infeasible.
Impersonating a BlackBerry device or computer
An impersonation of the BlackBerry Smart Card Reader occurs when the attacker sends messages to the
BlackBerry device or computer so that the BlackBerry device or computer believes it is communicating with the
BlackBerry Smart Card Reader. The attacker must send X = xP, instead of xS to the BlackBerry Smart Card
Reader. An attacker might attempt this because the attacker does not know the secure pairing key.
The initial key establishment protocol is designed so that the BlackBerry Smart Card Reader calculates K = yX =
yxP. To calculate the same key, the attacker must determine y from Y. This problem is considered to be
computationally infeasible.
The connection key establishment protocol is designed so that
• the attacker can only guess the secure pairing key
• the attacker can only compute the master encryption key by solving the discrete log problem, which is
computationally infeasible, to try to determine the secret private key on the BlackBerry device or computer
Impersonating a BlackBerry Smart Card Reader
An impersonation of the BlackBerry Smart Card Reader occurs when the attacker sends messages to the
BlackBerry device or computer so that the BlackBerry device or computer believes it is communicating with the
BlackBerry Smart Card Reader.
The connection key establishment protocol is designed so that
• the attacker can only guess the secure pairing key
• the attacker can only compute the master encryption key by solving the discrete log problem, which is
computationally infeasible, to try to determine the secret private key on the BlackBerry device or computer
Man-in-the-middle attack
A man-in-the-middle attack occurs when the attacker intercepts and modifies messages in transit between the
BlackBerry Smart Card Reader and the BlackBerry device or computer. A successful man-in-the-middle attack
results in each party not knowing that the attacker is sitting between them monitoring and changing traffic.
The attacker must remain in the middle (between the BlackBerry device or computer and the BlackBerry Smart
Card Reader) forever, not just for the duration of the key establishment protocol, for a man-in-the-middle attack
to occur. For an attacker to successfully start a man-in-the-middle attack, the attacker must know the secure
pairing key.
The initial key establishment protocol is designed to use ECDH and the shared master encryption key to prevent
a man-in-the-middle attack. If an attacker learns the secure pairing key
• after the initial key establishment protocol is complete, the mathematical hardness of the discrete log
problem protects the master encryption key. To determine the master encryption key, an attacker must
determine one of x or y.
• before the initial key establishment protocol begins and passively watches the protocol cannot gain
knowledge of the master encryption key. The secure pairing key must remain secret until the initial key
establishment protocol completes successfully.
www.blackberry.com