Security Technical Overview
•
The tablet and smartphone use AES-256 encryption to encrypt and decrypt data that is sent between each other.
The tablet and smartphone use SHA-256 to authenticate the connection between each other.
•
The smartphone prompts the user each time a Bluetooth device tries to connect to the smartphone.
The BlackBerry Bridge pairing key
The first time that a BlackBerry PlayBook tablet connects to a BlackBerry smartphone, the tablet connects with the
smartphone using Bluetooth technology and generates a BlackBerry Bridge pairing key. The BlackBerry Bridge
pairing key is designed to protect data as it travels between the tablet and smartphone.
A BlackBerry PlayBook tablet user can connect a tablet and smartphone by scanning a barcode or manually
configuring the connection. When the user connects a tablet and smartphone, the connection creates a shared
secret to use in the key agreement protocol. The shared secret contains 128 bits of randomness when the user
scans a barcode and 32 bits of randomness when the user manually configures the connection. To discover the
shared secret by eavesdropping during the key agreement protocol, a potentially malicious user must perform an
online dictionary attack. The tablet is designed to prevent an online dictionary attack by permitting the potentially
malicious user only one guess at the shared secret. If the guess is incorrect, the user must restart the pairing
process, which then creates a new shared secret.
The BlackBerry Bridge uses the shared secret and ECDH with a 521-bit Random Curve to perform a password-
authenticated key agreement and create an initial pairing key. The BlackBerry Bridge uses the initial pairing key to
generate the BlackBerry Bridge pairing key. The BlackBerry Bridge uses the BlackBerry Bridge pairing key and
AES-256 encryption to encrypt and decrypt data that is sent between the tablet and the smartphone. The
BlackBerry Bridge uses the BlackBerry Bridge pairing key and SHA-256 to authenticate the connection between the
tablet and smartphone.
Generating an initial pairing key during the BlackBerry
Bridge pairing process
The initial key establishment protocol uses ECDH with the 521-bit Random Curve and the SPEKE authentication
method with the shared secret (the shared secret parameter is "s") to generate a long-term symmetric initial
pairing key. The BlackBerry Bridge pairing key establishment protocol uses the initial pairing key to generate the
BlackBerry Bridge pairing key.
If you delete a BlackBerry PlayBook tablet and BlackBerry smartphone connection in the Bluetooth settings on a
tablet, the next time you connect the tablet to the smartphone, the BlackBerry Bridge pairing process uses the
initial key establishment protocol to create a new initial pairing key.
The initial key establishment protocol negotiates algorithms and parameters that are used in subsequent
BlackBerry Bridge pairing key exchanges, including the following:
•
Elliptic curve used by future ECDH exchanges
•
Encryption algorithm and hash algorithm used by the BlackBerry Bridge
The BlackBerry Bridge pairing key
9