As Director of BlackBerry Security at Research In Motion Limited, Herb Little’s role is to ensure that BlackBerry is as secure as possible. In his presentation “The Use of Public-Key Cryptography within BlackBerry”, Little discussed why only public-key cryptography, and more specifically ECC, was used to solve the issues that RIM faced to secure BlackBerry.
For those unfamiliar with the BlackBerry, this handheld device acts as an extension of a user’s desktop. Users have access to a number of applications, including calendar and real-time email in a small, portable device that can also be used as a mobile phone. The handheld is extensible by third party application developers. The development environment is freely available on RIM’s website and includes a full featured crypto API that can be used to develop secure applications for a variety of verticals, including healthcare and financial. Currently, there are over two million BlackBerry users worldwide.
In earlier versions of the BlackBerry, the master key, which encrypts all the wireless transmissions, was created at the user’s desktop computer and injected into the BlackBerry Enterprise Server (BES)—which pushes the user’s email out—and the handheld via USB or the serial port. With the latest version of BlackBerry 4.0, however, the desktop application was made optional to simplify the product. This left BlackBerry developers with the challenge of how to get the handheld and server to agree on a master key without the help of a desktop.
RIM decided on a mechanism that could bootstrap from a small shared secret, i.e. a password, to a cryptographically strong key, all the while immune to offline dictionary attacks. For RIM, the use of public-key cryptography was the only viable solution in order to be able to manage the number of required keys. RIM chose the Simple Password Exponential Key Exchange (SPEKE). (For the mathematically inclined, SPEKE is the same as the regular Diffie-Hellman key agreement protocol, except that the hash of the password is used as the generator of the group.)
Market demands and the need for stronger security in BlackBerry 4.0 also drove the switch to 256-bit AES from 3DES. AES is the symmetric-key encryption algorithm recommended by NIST, and 256-bit is the current recommendation for classified government communications. This necessitated a change in the matching public key algorithm, and it was here that the choice of ECC really shined.
The National Institute of Standards in Technology (NIST) recommends that the security level of key management should match the level of the bulk cipher. For Little and his team, who recognized this as well, the options were 512 bit ECDH (Elliptic Curve Diffie-Hellman), 15360-bit RSA, or 15360-bit Diffie-Hellman.
This issue of Code & Cipher reviews the first annual Certicom ECC Conference and summarizes some of the key discussions at the event.