aalharth (1)
advertisement
Black Berry Security Ahmed Alharthi CS691 Black Berry Security • • • • • • • Introduction. Statistics O.S.Features BlackBerry Messenger BlackBerry Enterprise Server Government Approvals Reference Quote • "I want to be able to have voices, other than the people who are immediately working for me, be able to reach out and send me a message about what's happening in America.” "It's not just the flow of information "I mean, I can get somebody to print out clips for me, and I can read newspapers. What it has to do with is having mechanisms where you are interacting with people who are outside of the White House in a meaningful way. And I've got to look for every opportunity to do that--ways that aren't scripted, ways that aren't controlled, ways where, you know, people aren't just complimenting you or standing up when you enter into a room, ways of staying grounded." President Obama Who are using the BB • Airbus • NATO • British Police • Obama and Half million Federal Government • US National Weather Service • General Motors • IBM • Hyundai - Korea • Major hospitals and Law firms Black Berry Security • • • • RIM Research In Motion Canadian company, Waterloo, Ontario, Canada Founder Lindsay Burger Co-founders Mike Lazaridis, Jim Baslsillie Founded in 1984. • A global leader in wireless innovation, revolutionized the mobile industry Statistics • Over 150 million BBM device sold, 14 million in last Q 2011. •October 2011, there were seventy million subscribers worldwide to Blackberry •250,000 Black Berry servers • Covered in 175 Countries and 595 carrier • Over 2 million new users a month Over 370,000 registered Developers • The company worth $14.35 billion 2011 – 7.8 billion (May 2012) • New York Times July 25, 2011 – “With BlackBerry in Decline, RIM WillShed2,000 Jobs” they did it • BlackBerry Users… •– 83% Check Email on vacation •– 59% Check Email the second it arrives •– 53% Check Email in the bathroom •– 59% Check Email in bed •– 37% Check Email while driving •– 12% Check Email while in Church O.S.Features • Blackberry OS is proprietary •The operating system used by BlackBerry devices is a proprietary multitasking environment developed by RIM. •Phone – The Blackberry is a full featured phone system. You can use a BlackBerry as your standard cell phone combined with its other PDA (personal digital assistant)functions. •Contacts – The contact manager is full featured allowing you to store a business and home address, up to 8 phone numbers, web and email information as well as up to 4 items of your choosing. •Internet – There are two internet browsers provided, one from your carrier) and one from BlackBerry. I have found the BlackBerry browser is the worse in security, but each browser has its own pros and cons. The browser allows you to access most non--‐SSL encrypted (unsecured) Web sites on the internet. •BlackBerry device protects its operating system and the BlackBerry Device Software •components on the BlackBerry device automatically check the authenticity of the operating system and the integrity of the BlackBerry Device Software. OS Software must pass these security tests before users can run the software on the BlackBerry device and wireless software upgrades can update the software successfully. O.S.Features • • • • • • • • • • • BlackBerry Internet Service allows POP3 and IMAP email Integrate for an individual personal user. 10 email accounts( includes Gmail, Hotmail, Yahoo and AOL) push capabilities of BIS such as the Instant Messaging clients, Google Talk, ICQ, Windows Live Messenger and Yahoo Messenger Social Networks Facebook, MySpace and Twiver's notification-on system is accessed through BIS, allowing for push notification for them. BlackBerry Push Service Proprietary messaging service available only on BB devices. End--‐to--‐end encrypted message . Routed (encrypted) through RIM servers BlackBerry Messenger Features • BlackBerry PIN is an eight character hexadecimal identification number assigned to each BlackBerry device “PIN: 2689FE30” • Send and receive messages with unlimited length. • Choose a personal BBM display picture and status. • Real-time confirmations when messages are delivered and read. • Share photos, videos and more with multiple contacts at once. • Add contacts by scanning QR Codes or sharing PINs. • Send music files. • Create and join groups where you can share and discuss lists, photos etc. BlackBerry Messenger Menus • Main menu • Application menu BlackBerry® Enterprise Server • BlackBerry Enterprise Server Robust software that acts as the centralized link between wireless devices, wireless networks and enterprise applications. The server integrates with enterprise messaging and collaboration systems to provide mobile users with access to email, enterprise instant messaging and personal information management tools. All data between applications and BlackBerry smartphones flows centrally through the server. BlackBerry servers integration with: • IBM® Lotus® Domino® and IBM Lotus Same time • Microsoft® Exchange and Microsoft Office Live Communications Server 2005 • Novell® GroupWise® and Novell GroupWise Messenger BlackBerry Enterprise Architecture BlackBerry Enterprise Architecture • End-to-end Encryption AES or Triple 3DES • RSA SecurID Authentication Data Access • HTTPS • Proxy Mode: SSL/TLS connection End-to-End Mode BlackBerry Enterprise Architecture Process flow: Sending an email message to a device using BlackBerry transport layer encryption 1. A sender sends an email message to a BlackBerry® device user. 2. The BlackBerry® Enterprise Server performs the following actions: a. compresses the email message b. encrypts the email message using the message key c. encrypts the message key using the device transport key of the device d. sends the encrypted email message and encrypted message key to the device 3. The BlackBerry device user clicks on the email message on the device to open it. 4. The device performs the following actions: a. decrypts the message key using the device transport key b. decrypts the email message using the message key Security Technical Overview Process flow: Sending an email message to a device using BlackBerry transport layer encryption c. decompresses the email message d. displays the email message to the user Process flow: Sending an email message from a device using BlackBerry transport layer encryption • 1. A sender sends an email message from a BlackBerry® device to a recipient. • 2. The device performs the following actions: a. compresses the email message b. encrypts the compressed email message using the message key c. encrypts the message key using the device transport key of the device d. sends the encrypted message key and encrypted email message to the BlackBerry® Enterprise Server 3. The BlackBerry Enterprise Server performs the following actions: a. decrypts the message key using the device transport key b. decrypts the email message using the message key c. decompresses the email message d. forwards the email message to the recipient Message attachment viewing security features • view Microsoft® PowerPoint® slide shows, including those in .pps file format • view .bmp, .jpg, .jpeg, .gif, .png, .tif, .tiff, and .wmf file formats • view .doc, .dot, .txt .html, .htm, .pdf, .xls, .wpd, and .ppt documents in a browser • open .zip files and then open any content files of supported formats • open .wav files • enlarge images in .tiff format (such as scanned documents or faxes) • access inline thumbnail images for attachments that are embedded in messages Viewing attachments in PGP encrypted or S/MIME-encrypted messages • • • • • • • • • The BlackBerry device sends the message key and a request for the attachment header data to the BlackBerry Enterprise Server. The BlackBerry Enterprise Server uses the message key to decrypt the message and access the attachment header data. The BlackBerry Enterprise Server sends the attachment header data to the BlackBerry device. The BlackBerry device processes the attachment header data with the message and displays the associated attachment information so that the user can select the attachment for viewing. When the user tries to view an attachment that is encrypted using S/MIME, PGP/MIME, or OpenPGP on the BlackBerry device, the following actions occur: The BlackBerry device sends the message key and a request for the attachment data to the BlackBerry Enterprise Server. The BlackBerry Enterprise Server uses the message key to decrypt the message and access the attachment data that corresponds to the attachment header data. The BlackBerry Enterprise Server decrypts the attachment and sends the rendered attachment data to the BlackBerry device. The BlackBerry device displays the attachment. Advanced Security Features for Government • • • • • • • • • • • • BlackBerry Smartphones embedded encryption technology. met the Department of Defense requirements for S/MIME (Secure/Multipurpose Internet Mail Extensions) and PKI (Public Key Infrastructure). BlackBerry smartphones also include password protection functionality. To secure information stored on devices, password authentication can be made mandatory through the customizable IT policies of the BlackBerry® Enterprise Server. End-to-End Encryption Using Advanced Encryption Standard (AES) or (Triple DES)* encryption, email and other data remain encrypted at all points between the mobile professional's BlackBerry smartphone and the BlackBerry Enterprise Server. And with optional support for S/MIME**, data is protected along the complete path between the sender and the recipient. S/MIME Support Package for BlackBerry BlackBerry with the S/MIME Support Package increases the already high level of security provided by the BlackBerry solution. Leveraging existing S/MIME capabilities, it enables BlackBerry users to store and retrieve private and public keys so they can read, sign and encrypt S/MIME messages on the go. Read more about the S/MIME Support Package for BlackBerry. PGP Support Package for the BlackBerry Enterprise Solution The PGP® Support Package is designed to increase the level of security provided by the BlackBerry Enterprise Solution. The PGP Support Package is third party software for BlackBerry smartphones that adds PGP Desktop and PGP Universal support. This support allows companies with existing PGP infrastructure in place to extend this infrastructure wirelessly using BlackBerry smartphones. BlackBerry Smart Card Reader The BlackBerry® Smart Card Reader allows organizations using smart cards to add additional security features to the already robust BlackBerry Enterprise Solution security architecture. It communicates wirelessly with Bluetooth® enabled BlackBerry smartphones using AES-256 encryption on the transport layer, creating a secure, two factor authenticated environment for granting access to BlackBerry and PKI applications. Government Approvals Nation Organization Maximum Classification Level Canada Communications Security Establishment PROTECTED B United Kingdom CESG RESTRICTED / IL3 Austria Center for Secure Information Technology Not specified Australia Defense Signals Directorate RESTRICTED New Zealand Government Communications Security Bureau RESTRICTED United States National Institute of Standards and Technology Sensitive But Unclassified Turkey Turkish Standards Institute Not specified . ATTCKS TECHNEIQ • • • • • Memory dump. Physical attach (Jtag) Cellar communication Browser ( java Script) OS permission PC connect BB, channel Reference • http://docs.blackberry.com/en/admin/deliverables/4133/BB_ Ent_Soln_Security_4.1.6_STO.pdf • http://docs.blackberry.com/en/admin/deliverables/4133/BB_ Ent_Soln_Security_4.1.6_STO.pdfglance/security/ • http://us.blackberry.com/ataglance/solutions/architecture.js p • http://garryowen.csisdmz.ul.ie/~cs5212/resources/oth4.pdf
