Blackberry ENTERPRISE SOLUTION SECURITY - ENTERPRISE SOLUTION - SECURITY TECHNICAL Instrukcja Użytkownika Pobierz pdf (Strona 36)

How the BlackBerry Enterprise Solution uses a Triple DES encryption algorithm

The BlackBerry® Enterprise Solution uses a two-key Triple DES encryption algorithm to create message keys and master

encryption keys. In each of three iterations of the DES algorithm, the first of two 56-bit keys in outer CBC mode encrypts

the data, the second key decrypts the data, and then the first key encrypts the data again. For more information, see Federal

Information Processing Standard - FIPS PUB 81 [3].

The BlackBerry Enterprise Solution stores the message keys and master encryption keys, which have overall key lengths of

112 bits and include 16 bits of parity data, as 128-bit long binary strings, with each parity bit in the least significant bit of

each of the 8 bytes of key data.

How the BlackBerry Enterprise Solution uses an AES encryption algorithm

The BlackBerry® Enterprise Solution uses an AES algorithm in CBC mode to create message keys and master encryption

keys that contain 256 bits of key data.

The way that the BlackBerry device implements AES is designed to protect user data and encryption keys on the BlackBerry

device from traditional attacks and side-channel attacks. Side-channel attacks can occur in the form of power analysis

readings or electromagnetic radiation emissions.

The BlackBerry device implements AES in a way that uses countermeasures (a masking operation, table splitting, and

applications of random masks) to hide the true operations taking place on the BlackBerry device. These countermeasures

are designed to help protect the cryptographic keys and plain-text data against potential side-channel attacks at all points

during the AES encryption and decryption operations so that the attacks do not reveal data that can expose the encryption

key.

Options for extending messaging security

When a user sends a message from the BlackBerry® device, by default, the BlackBerry® Enterprise Server does not encrypt

the message when it forwards the message to the message recipient. To extend the messaging security that standard

BlackBerry encryption provides, the user must install additional secure messaging technology on the BlackBerry device, and

you must set the BlackBerry device to use that secure messaging technology.

To offer an additional layer of messaging security between the sender and recipient of an email message or PIN message,

you can turn on S/MIME technology or PGP® technology for BlackBerry devices. When you use either one of these

technologies, you allow sender-to-recipient authentication and confidentiality. These technologies also help to maintain

the integrity and privacy of the data from the time that a BlackBerry device user sends a message from the BlackBerry device

to when the message recipient decrypts and opens the message.

Feature and Technical Overview

BlackBerry Enterprise Solution security

1 2 ... 31 32 33 34 35 36 37 38 39 40 41 ... 74 75

Brak uwag

Blackberry ENTERPRISE SOLUTION SECURITY - ENTERPRISE SOLUTION - SECURITY TECHNICAL Instrukcja Użytkownika Strona 36