Key exchange process
The
BBM Enterprise
key exchange process is protected by an EC-SPEKE passphrase. Protecting the exchange of public identity keys with a passphrase is a unique property of BBM Enterprise
. The main purpose of this approach is provide a strong cryptographic promise between the initiator and the recipient of a key exchange so that BBM Enterprise
users can be sure that they have the true, trusted keys for other users. With trusted identity keys, users can trust that only intended recipients can join chats and receive messages.- Automatic passphrase exchange: Automatic passphrase is a default feature ofBBM Enterprisethat allows users to exchange the required passphrase for key exchange using an in-band mechanism instead of an out-of-band mechanism. The passphrase that users exchange is generated automatically. The passphrase is shared in-band, using aBBM Enterprisemessage and requires no user interaction to set it up. The sender’sBBM Enterpriseapp automatically generates a passphrase and sends it to the recipient to use as the passphrase. With automatic passphrase,BBM Enterpriseseamlessly initiates key exchanges when first communicating with other users. The messages carrying the passphrase are transient. This method provides a convenient and fast chat setup process while giving users the option to verify keys later using a manual passphrase key exchange or manual key verification.
- Manual passphrase exchange: With a manual passphrase exchange, the user who initiates the process sends the passphrase using an out-of-band mechanism, such as in person, using SMS, or by email. The shared secret can be a user-defined passphrase or it can be an auto-generated passphrase suggested byBBM Enterprise. An attacker would have to compromise the shared secret exchange, which is made more difficult because the attacker doesn’t know when or how the secret will be shared. Because the secret is shared out-of-band, in order to compromise the identity key exchange, an attacker intending to spoof the identity would need to intercept both the connection through theBlackBerry Infrastructureand the out-of-band channel outside ofBlackBerry Infrastructurethat theBBM Enterpriseusers use to exchange the shared secret. Without the correct passphrase, an attacker cannot complete the EC-SPEKE exchange and therefore cannot read or modify theBBM Enterprisetraffic. To enable this option for all users, turn on an IT policy in theBBM Enterpriseuser management console. Additionally, users withBBM Enterpriseversion 1.8 can, at any time, use the "Share Passphrase" option in a 1:1 chat to start a manual passphrase key exchange with the chat participant, irrespective of the IT policy settings.
- Manual key verification: Starting inBBM Enterpriseversion 1.8, a manual key verification security measure is available toBBM Enterpriseusers at all times. When the user manually verifies the fingerprint or scans the QR code directly from the other user's client in-person or via other secure means,BBM Enterprisemarks the user's copy of the keys as manually verified. Users can examine the manual key verification state of all other users, and users receive notifications when new keys are exchanged. When keys are exchanged using a manual passphrase exchange,BBM Enterprisewill automatically mark the keys as manually verified. Under an automatic passphrase exchange policy, users can manually verify each other's keys by a QR code scan or visual comparison of their key fingerprint.
Regardless of which mechanisms are used,
BBM Enterprise
reports updates in its Feeds list whenever new, different identity keys are exchanged with an automatic passphrase or when identity keys are manually verified. Users can also inspect the manual verification state of another known user's public keys at any time. Thus, users are always kept apprised of important identity key life cycle events and state.