Blackberry ENTERPRISE SOLUTION SECURITY - SECURITY FOR DEVICES WITH BLUETOOTH WIRELESS TECHNOLOGY - TECHNICAL Bedienungsanleitung PDF herunterladen (Seite 47)

• from the time the BlackBerry Enterprise Server receives a message to the time when the user opens the decrypted message

on the BlackBerry device

Before the BlackBerry device sends a message, it compresses the message and then encrypts the message using the master

encryption key, which is unique to that BlackBerry device. The BlackBerry device does not use the master encryption key in the

compression process.

When the BlackBerry Enterprise Server receives the message from the BlackBerry device, the BlackBerry Dispatcher decrypts the

message using the master encryption key of the BlackBerry device, and then decompresses the message.

How the BlackBerry Enterprise Server uses a Triple DES encryption algorithm

The BlackBerry® Enterprise Solution uses a two-key Triple DES encryption algorithm to create message keys and master

encryption keys. In each of three iterations of the DES algorithm, the first of two 56-bit keys in outer CBC mode encrypts the

data, the second key decrypts the data, and then the first key encrypts the data again. For more information, see Federal

Information Processing Standard - FIPS PUB 81 [3].

The BlackBerry Enterprise Solution stores the message keys and master encryption keys as 128-bit long binary strings, with each

parity bit in the least significant bit of each of the 8 bytes of key data. The message keys and master encryption keys have overall

key lengths of 112 bits and include 16 bits of parity data.

How the BlackBerry Enterprise Solution uses an AES encryption algorithm

The BlackBerry® Enterprise Solution uses an AES algorithm in CBC mode to create message keys and master encryption keys

that contain 256 bits of key data.

The way that BlackBerry devices implement AES is designed to protect user data and encryption keys on BlackBerry devices from

traditional attacks and side-channel attacks. Side-channel attacks can occur in the form of power analysis readings or

electromagnetic radiation emissions.

BlackBerry devices implement AES in a way that uses countermeasures (for example, masking operations, table splitting, and

applications of random masks) to hide the true operations taking place on the BlackBerry device. These countermeasures are

designed to help protect the cryptographic keys and plain-text data against potential side-channel attacks at all points during

the AES encryption and decryption operations so that the attacks do not reveal data that can expose the encryption key.

Options for extending messaging security

When a user sends a message from the BlackBerry® device, by default, the BlackBerry® Enterprise Server does not encrypt the

message when it forwards the message to the message recipient. To extend the messaging security that standard BlackBerry

encryption provides, the user must install additional secure messaging technology on the BlackBerry device, and you must set

the BlackBerry device to use that secure messaging technology.

Feature and Technical Overview

BlackBerry Enterprise Solution security

1 2 ... 42 43 44 45 46 47 48 49 50 51 52 ... 113 114

Keine Kommentare

Blackberry ENTERPRISE SOLUTION SECURITY - SECURITY FOR DEVICES WITH BLUETOOTH WIRELESS TECHNOLOGY - TECHNICAL Bedienungsanleitung Seite 47