Security Technical Overview

Local Navigation

Opening a direct connection between a device and a BlackBerry Router

A BlackBerry® device can use the BlackBerry Router protocol to bypass the SRP-authenticated connection to the BlackBerry® Infrastructure and open a direct connection to a BlackBerry Router. The device can open a direct connection to the BlackBerry Router if a BlackBerry device user connects the device to a computer that hosts the BlackBerry® Device Manager. A device can also open a direct connection to the BlackBerry Router over an enterprise Wi-Fi® network using port 4101. A direct connection between the BlackBerry Router and device is referred to as least-cost routing because it eliminates the cost of using the BlackBerry Infrastructure.

Before the BlackBerry® Enterprise Server and device can send any data to each other, the device must authenticate with the BlackBerry Enterprise Server by verifying the device transport key. The device opens an authenticated connection to the BlackBerry Router after the device authenticates with the BlackBerry Enterprise Server. The BlackBerry Router does not know the value of the device transport key that the BlackBerry Enterprise Server and device share.

If the device connects to the BlackBerry Router over the enterprise Wi-Fi network, after the BlackBerry Router opens an authenticated connection, the BlackBerry Router communicates with the device over the enterprise Wi-Fi network using port 4101. If you do not configure the BlackBerry Router to connect only to a Wi-Fi network, the BlackBerry Router verifies that the PIN belongs to a device that is registered with the BlackBerry Infrastructure.

If you want the BlackBerry Router and device to use the BlackBerry Router protocol, you can consider installing the BlackBerry Router on a computer that is separate from the computer that hosts the BlackBerry Enterprise Server to prevent a potentially malicious attacker from having direct access to the computer that hosts the BlackBerry Enterprise Server. If the BlackBerry Router is placed in the DMZ, you must open port 4101 on the internal-facing firewall to permit communication between the BlackBerry Device Manager and BlackBerry Router.

Advantages of using the BlackBerry Router protocol

You can use the BlackBerry® Router protocol to experience the following advantages:

  • You or a BlackBerry device user can connect multiple BlackBerry devices to a single computer that hosts a BlackBerry® Device Manager.
  • The BlackBerry Router rejects connections from devices that the BlackBerry® Enterprise Server has not authenticated.
  • A device can provide all email messaging services and data services using the BlackBerry Router protocol except for activation over the wireless network. After a user starts the activation process over the wireless network, the user can connect the device to a computer that hosts the BlackBerry Device Manager to complete the activation process.
Back To Top

Process flow: Authenticating a device with the BlackBerry Enterprise Server using the BlackBerry Router protocol

  1. A user connects a BlackBerry® device to a computer that hosts the BlackBerry® Device Manager or connects a device to an enterprise Wi-Fi® network.
  2. The BlackBerry® Enterprise Server and device use the BlackBerry Router protocol to verify that the device knows the device transport key.

    The BlackBerry Router protocol uses two runs of the elliptic curve version of the Schnorr identification scheme to provide mutual authentication between the BlackBerry Enterprise Server and device.

  3. The BlackBerry Router opens an authenticated connection.
Back To Top

Closing a direct connection between a device and BlackBerry Router

If a user disconnects a BlackBerry® device from a computer that hosts the BlackBerry® Device Manager, closes the BlackBerry Device Manager, or disconnects the device from an enterprise Wi-Fi® network, the device restores the connection to the BlackBerry® Infrastructure over the wireless network automatically. The BlackBerry® Enterprise Server and BlackBerry Router use the BlackBerry Router protocol to close the authenticated connection to the device. The BlackBerry Router protocol is designed to permit only an authenticated party to close the connection. The BlackBerry Router uses a single execution of the Schnorr identification scheme to authenticate the close command that the BlackBerry Enterprise Server sends to the BlackBerry Router.

Back To Top

Impersonation attacks that the BlackBerry Router protocol is designed to prevent

The BlackBerry® Router protocol is designed to prevent a potentially malicious user from impersonating a BlackBerry device or a BlackBerry® Enterprise Server.

To impersonate the device, the potentially malicious user sends messages to the BlackBerry Enterprise Server so that the BlackBerry Enterprise Server believes it is communicating with the device. To impersonate the BlackBerry Enterprise Server, the potentially malicious user sends messages to the device so that the device believes it is communicating with the BlackBerry Enterprise Server.

To perform either of these impersonation attacks, the potentially malicious user must send the device transport key value (also known as s) to the BlackBerry Enterprise Server or device, which requires the potentially malicious user to solve the discrete log problem to determine s or the hash of s.

Back To Top

How the BlackBerry Router protocol uses the Schnorr identification scheme to open an authenticated connection

The implementation of the Schnorr identification scheme in the BlackBerry® Router protocol uses a group of large prime order, which is the additive group of elliptic curve points for a prime p.

The BlackBerry Router protocol is designed to perform the following actions:
  • use the NIST recommended 521-bit elliptic curve group
  • verify that the points supplied by the parties involved in the communication are members of the elliptic curve group
  • verify that RD does not equal RB , to prevent the recovery of h by a potentially malicious user
  • verify that e does not equal 0, to prevent the recovery of h by a potentially malicious user
  • verify that R does not equal the point at infinity, to verify that R is a valid public key
  • verify that R does not equal the point at infinity, to verify that R is a valid public key
  • reset any corrupted data that it finds to a random value so that the BlackBerry Router protocol can proceed past the point that it detects corrupted data

Because the BlackBerry Router protocol can proceed past the point that it detects corrupted data, the BlackBerry Router protocol is unsuccessful at completion only. This measure is designed to prevent various timing attacks.

Back To Top

Process flow: Using the BlackBerry Router protocol to open an authenticated connection

  1. The BlackBerry® device and BlackBerry® Enterprise Server hash the current device transport key using SHA-512.
  2. The device performs the following actions:
    1. selects a random value rD, where 1 < rD < p - 1 and calculates RD = rDP
    2. sends RD and a device transport key identifier (KeyID) to the BlackBerry Enterprise Server
  3. The BlackBerry Router performs the following actions:
    1. observes the data that the device sends and verifies that the value RD is not the point at infinity
    2. if RD is the point at infinity, the BlackBerry Router configures RD to a random value
    3. sends RD and KeyID to the BlackBerry Enterprise Server
  4. The BlackBerry Enterprise Server performs the following actions:
    1. calculates that as RD approaches the point at infinity, RD is random
    2. selects a random value rB , where 1 < rB < p - 1 and calculates RB = rBP
    3. if RD = RB , calculates another value of RB
    4. selects a random value eD , where 1 < eD < p - 1
    5. sends RB , eD , and KeyID to the device
  5. The BlackBerry Router performs the following actions:
    1. observes the data that the BlackBerry Enterprise Server sends
    2. verifies that the value RB is random when the value RB approaches the point at infinity or when RD = RB
    3. verifies that the value eD is random when the value eD = 0
    4. sends RB , eD , and KeyID to the device
  6. The device performs the following actions:
    1. verifies that the value RB is random when the value RB approaches the point at infinity or when RD = RB
    2. verifies that the value eD is random when the value eD = 0
    3. calculates yD = h - eDrD mod p
    4. selects a random value eB , where 1 < eB < p - 1
    5. sends yD and eB to the BlackBerry Enterprise Server
  7. The BlackBerry Router performs the following actions:
    1. observes the data that the device sends
    2. verifies that the value eB is random if e B = 0 or eB = eD
    3. forwards yD and eB to the BlackBerry Enterprise Server
  8. The BlackBerry Enterprise Server performs the following actions:
    1. verifies that the value eB is random when the value eD = eB
    2. verifies that the value eD is random when the value eD = 0
    3. computes yB = h - eBrB (mod p)
    4. sends yB to the device
  9. One of the following actions occurs:
    • The BlackBerry Enterprise Server and device open an authenticated connection to each other if the device accepts yB.
    • The device does not accept the connection request, and the BlackBerry Enterprise Server and device do not open an authenticated connection to each other, if the device calculates the following:
      yBP + eBRBhP
    • The BlackBerry Router does not accept the connection request if the BlackBerry Router calculates the following:
      yBP + eBRByDP + eDRD
    • The BlackBerry Enterprise Server does not accept the connection request if the BlackBerry Enterprise Server calculates the following:
      yDP + eDRDhP
    • The BlackBerry Router stores RD , RB , yDP + eDRD , eD , and eB if the device accepts yB .
  10. The BlackBerry Enterprise Server stores RD , RB , eD , eB , and h.
  11. The BlackBerry Router overwrites yB and yD in memory with zeroes.
  12. The BlackBerry Enterprise Server overwrites yB , yD , and rB in memory with zeroes.
  13. The device overwrites yB , yD , and rD in memory with zeroes.
Back To Top

Process flow: Using the BlackBerry Router protocol to close an authenticated connection

  1. The BlackBerry® Enterprise Server performs the following actions:
    1. selects a random value rC , where 1 < rc < p - 1
    2. calculates RC = rCP
    3. calculates another RC value if RC = RB , or RC = RD
    4. sends the value RC to the BlackBerry Router
  2. The BlackBerry Router performs the following actions:
    1. verifies that the value RC is random when the value RC approaches the point at infinity
    2. verifies that the value RC is random when the value RC = RB , or RC = RD
    3. selects a random value eC , where 1 < ec < p - 1
    4. calculates another eC value if eC = eD , or ec = eB
    5. sends the value eC to the BlackBerry Enterprise Server
  3. The BlackBerry Enterprise Server performs the following actions:
    1. verifies that the value eC is random when the value eC = 0
    2. verifies that the value eC is random when the value eC = eB , or eC = eD
    3. calculates yC = h - eCrC mod p
    4. sends the value yC to the BlackBerry Router
  4. The BlackBerry Router performs one of the following actions:
    • The BlackBerry Router closes the authenticated connection to the BlackBerry device on behalf of the BlackBerry Enterprise Server if the BlackBerry Router accepts yC.
    • The BlackBerry Router does not close the authenticated connection to the device if the BlackBerry Router calculates the following:
      yCP + eCRCyDP + eDRD
Back To Top

Cryptosystem parameters that the BlackBerry Router protocol uses

The BlackBerry® Router, BlackBerry® Enterprise Server, and BlackBerry device are designed to share the following cryptosystem parameters when they use the BlackBerry Router protocol.

Parameter

Description

E(Fq)

This parameter represents the NIST approved 521-bit random elliptic curve over Fq, which has a cofactor of 1. The BlackBerry Router protocol does all math operations in the groups E(Fq) and Zp.

Fq

This parameter represents a finite field of prime order q.

P

This parameter represents a point of E that generates a prime subgroup of E(Fq) of order p.

xR

This parameter represents the elliptic curve scalar multiplication, where x is the scalar and R is a point on E(Fq).

s

This parameter represents the value of the device transport key.

h

This parameter represents the SHA-512 hash of s.

Back To Top

Was this information helpful? Send us your comments.