Blackberry PlayBook Tablet Panoramica tecnica sulla sicurezza - Pagina 38

Sfoglia online o scarica il pdf Panoramica tecnica sulla sicurezza per Tavoletta Blackberry PlayBook Tablet. Blackberry PlayBook Tablet 46. Tablet
Anche per Blackberry PlayBook Tablet: Specifiche tecniche (21 pagine), Specificazioni (21 pagine), Manuale d'uso (48 pagine), Informazioni sulla sicurezza e sul prodotto (19 pagine), Manuale d'uso (42 pagine), Manuale di avvio rapido (2 pagine), Ui Manuallines (39 pagine), Manuale d'uso (34 pagine)

Stampa la pagina
Blackberry PlayBook Tablet Panoramica tecnica sulla sicurezza
Security Technical Overview

Impersonating a smartphone

An impersonation event against a BlackBerry PlayBook tablet occurs when a potentially malicious user sends data
to a tablet so that the tablet believes it is communicating with a BlackBerry smartphone. A potentially malicious
user must know the BlackBerry Bridge pairing key to impersonate a smartphone.
Because the BlackBerry Bridge uses the ECDH algorithm to generate the BlackBerry Bridge pairing key, a
potentially malicious user must solve the ECDH problem to compute the key. Solving this problem is equivalent to
solving the DH problem, which is considered computationally infeasible.

Man-in-the-middle attack

A man-in-the-middle attack occurs when a potentially malicious user intercepts and changes messages that are in
transit between a BlackBerry PlayBook tablet and BlackBerry smartphone. When a potentially malicious user
makes a successful man-in-the-middle attack, the BlackBerry PlayBook tablet user does not know that the user is
monitoring and changing data traffic.
For a man-in-the-middle attack to occur, the potentially malicious user must link the flow of data between the
tablet and the smartphone permanently, not just for the duration of the key agreement protocol. For a potentially
malicious user to start a man-in-the-middle attack, the potentially malicious user must know either the BlackBerry
Bridge pairing key or the shared secret between the tablet and smartphone.
Because BlackBerry Bridge uses the ECDH algorithm to generate the BlackBerry Bridge pairing key, a potentially
malicious user must solve the ECDH problem to compute the key. Solving this problem is equivalent to solving the
DH problem, which is considered computationally infeasible.
The ECDH protocol only permits the potentially malicious user to guess the shared secret one time. If the guess is
incorrect, the BlackBerry PlayBook tablet user must restart the pairing process, which creates a new shared secret
before the potentially malicious user can guess again.

Small subgroup attack

A small subgroup attack occurs when a potentially malicious user tries to limit the key agreement protocol
between the BlackBerry PlayBook tablet and BlackBerry smartphone to generate BlackBerry Bridge pairing keys
from a small subset of keys. If the BlackBerry Bridge pairing key is generated from a small subset of keys, it is
easier for the potentially malicious user to guess the BlackBerry Bridge pairing key.
The BlackBerry PlayBook security protocols are designed to use ECDH operations to prevent a small subgroup
attack.
36
Impersonating a smartphone