August 2011

The BlackBerry Riots

The BlackBerry Riots

London and other parts of the UK were ravaged by community protests in August that overnight turned into what can only be viewed as the worst riots in living memory. It is not for us to analyse the cause of these riots but only to look at the technology that many have cited as the catalyst for the extent of these riots. It has been suggested by many that core to this technology is the RIM BlackBerry mobile phones that allow messages between users to be encrypted thereby enabling people to be incited to action in a collective way that cannot be easily monitored by the appropriate authorities. We will ignore for this discussion other technologies such as Twitter and FaceBook that were also clearly used during these riots.

NFC World Congress 2011

So the question is can people communicate with their Blackberry mobile phones in a way that cannot be monitored by the regulators? There are three concepts we need to understand in order to answer this question,

1) The Blackberry Messenger service (BBM)

2) The Blackberry Internet Service (BIS)

3) The Blackberry Enterprise Service (BES)

The BlackBerry Messenger Service is something that RIM are very proud of because it provides a flexible instant messaging service to users that does not incur any additional charges like SMS assuming of course that the consumer has a Blackberry data service with their Network Operator. Such data services are usually much cheaper than the full internet services attached to other smart phone contracts such as the iPhone. It is based on the RIM PIN to PIN instant messaging service. Every Blackberry phone has a PIN identifier, this is not a security access device but purely a reference identity for that BlackBerry phone. What this means is that one BlackBerry user can send messages to another if they know the PIN of their correspondent's Blackberry device. Equally the service allows users to set up groups by storing a set of PINs so that they can broadcast messages to the group.

bbr diagram 1

The BBM message goes from the originator's BlackBerry phone through the connected mobile network to the local (or nearest wherever that might be) RIM relay Server. The RIM relay server knows where the BlackBerry phone of the receiver(s) is located and passes the message to the relevant wireless network(s). These messages are encrypted using Triple DES but with a system wide global key in every phone. RIM does not disguise this fact and tells people that they should look on the security of the BBM service as more akin to scrambling than encryption. I must confess the logic of this terminology escapes me but what we might assume is that one day this global key will become public knowledge and then you might argue that the security property of confidentiality has been breached. However for the moment if the authorities want to decode BBM messages then they can,

1. Use a captured phone that is in the broadcast group of PINs (is this legal?). Please also note that this PIN remains the same for the life of the phone, so if you pass it on the new owner might get some unintended BBM messages.

2. Intercept the relevant BBM message and get a BlackBerry phone to decrypt them (there is no check on the PIN correctness)

3. Issue a legal request to RIM to provide either the Global Key or a copy of the decoded message which has passed through the RIM relay.

The BIS and BES services are the way that eMail messages work on the RIM network. BIS is intended for non corporate users while BES is for the corporate which was the original target for RIM's marketing of the BlackBerry phone.


How BIS works:

On setup, the mobile phone user provides BlackBerry (RIM) with the email addresses, connection details & credentials for each email account he/she would like to receive on their mobile phone. BlackBerry currently allows up to 10 sets of Email credentials.

BlackBerry uses the details provided to login and establish a connection on the user's behalf to their Email server's mailbox. BlackBerry monitors the mailboxes, and when it sees new Email, it retrieves (pulls) a copy and then pushes it to the BlackBerry handheld device over the wireless network.

bbr diagram 2

Encryption is used on data travelling between each entity. The wireless network will typically use one of GSM's family of A5 stream ciphers and if configured, BlackBerry will use a SSL session over the Internet to the E-mail server.

Although Encryption is used, it is under the control of the Network operators. BlackBerry applies compression and optimization making Email little more secure than SMS messaging. BlackBerry's official line is: "Email messages and instant messages that are sent between the BlackBerry Internet Service and your BlackBerry device use the security features of the wireless network. Messages that are sent between your messaging server and the BlackBerry Internet Service are automatically encrypted if the server supports SSL encryption."

How BES works:

First you must have a BlackBerry phone from the carrier on a business plan. The carrier will often lock-out the BES setup icon from a phone on a personal plan.

In this scenario the BlackBerry mobile phone user will often receive his/her phone from their company. The user is provided an activation password by the companies IT department. The next step is to launch the enterprise activation program on the BlackBerry phone and provide the activation password. The password is used to ensure the phone user is authentic and then the Enterprise Server and BlackBerry device negotiate a device transport key using following the Diffie-Hellman key agreement protocol.

So here we have it,

The RIM BlackBerry Messenger Service is based on the use of a Global key for Triple DES encryption where RIM can easily decode the messages, The BlackBerry Internet Service for eMail is based on the standard encryption algorithms used by the mobile network operators which the Network Operators can easily decode while the Blackberry Enterprise Service for eMail uses AES or Triple DES encryption entirely under the control of the corporate who can decode the messages as required.

bbr diagram 3

The device transport key is held on both the device and server, used to encrypt subsequent communication traffic (Application, Email & Messaging and Voice using additional BlackBerry Mobile Voice Server) using either Triple DES or AES encryption algorithms.

One final note worth mentioning regarding the BES solution is that it is possible to pay to have your BES server hosted by a 3rd party.

bbr diagram 4

By Dr. David Everett, Smartcard & Identity News

ID World International Congress 2011


Unable to open RSS Feed with error SSL certificate problem: certificate has expired, exiting

Video Interviews

Tim Jones talks on the wealth of networks

Christophe Dolique of Gemplus talks about ·SIM

Dominique Brule of Philips Semiconductors talks about Near Field Communication