Manualshelf

User guide

ManualsBrandsBlackberry ManualsComputer equipmentENTERPRISE SOLUTION SECURITY - SECURITY FOR DEVICES WITH BLUETOOTH WIRELESS TECHNOLOGY - TECHNICAL
71727374757677787980
To perform either of these impersonation attacks, the potentially malicious user must send the device transport key value
(also known as s) to the BlackBerry Enterprise Server or device, which requires the potentially malicious user to solve the
discrete log problem to determine s or the hash of s.
How the BlackBerry Router protocol uses the Schnorr
identification scheme to open an authenticated
connection
The implementation of the Schnorr identification scheme in the BlackBerry Router protocol uses a group of large prime
order, which is the additive group of elliptic curve points for a prime p.
The BlackBerry Router protocol is designed to perform the following actions:
use the NIST recommended 521-bit elliptic curve group
verify that the points supplied by the parties involved in the communication are members of the elliptic curve group
verify that R
D
does not equal R
B
, to prevent the recovery of h by a potentially malicious user
verify that e does not equal 0, to prevent the recovery of h by a potentially malicious user
verify that R does not equal the point at infinity, to verify that R is a valid public key
verify that R does not equal the point at infinity, to verify that R is a valid public key
reset any corrupted data that it finds to a random value so that the BlackBerry Router protocol can proceed past the
point that it detects corrupted data
Because the BlackBerry Router protocol can proceed past the point that it detects corrupted data, the BlackBerry Router
protocol is unsuccessful at completion only. This measure is designed to prevent various timing attacks.
Data flow: Using the BlackBerry Router protocol to
open an authenticated connection
1. The BlackBerry device and BlackBerry Enterprise Server hash the current device transport key using SHA-512.
2. The device performs the following actions:
a selects a random value r
D,
where 1 < r
D
< p - 1 and calculates R
D
= r
D
P
b sends R
D
and a device transport key identifier (KeyID) to the BlackBerry Enterprise Server
3. The BlackBerry Router performs the following actions:
a observes the data that the device sends and verifies that the value R
D
is not the point at infinity
b if R
D
is the point at infinity, the BlackBerry Router configures R
D
to a random value
Security Technical Overview Protecting communication with a device
79