BlackBerry Data Sec...
 
Notifications
Clear all

BlackBerry Data Security - Practical Concerns

13 Posts
3 Users
0 Likes
629 Views
(@astro)
Posts: 33
Eminent Member
Topic starter
 

Greetings. I am trying to strike a balance between security and convenience. Specifically, I am trying to understand just how important password length is in securing the data stored on a password locked, fully encrypted BlackBerry. Handheld specifics are as follows

1. BlackBerry Bold 9650
2. BlackBerry OS 6

RIM/BlackBerry has provided the following information in its manuals

"When you set up encryption of your BlackBerry® device data using the content protection feature, your BlackBerry device is designed to be protected against users with malicious intent who could attempt to steal your data directly from the internal hardware. No one can read your encrypted data without your device password.

In the Security Options, you can set the Content Protection Strength level. The BlackBerry device then encrypts your data (for example, messages, contact entries, and tasks). The Content Protection Strength level optimizes either the encryption strength or the decryption time. When your BlackBerry device decrypts a message that it received while locked, the BlackBerry device uses an encryption key. More encryption strength means a longer decryption process.

If you set the content protection strength to Stronger, use a minimum length of 12 characters for the BlackBerry device password. If you set the content protection strength to Strongest, use a minimum length of 21 characters. These password lengths maximize the encryption strength that these settings are designed to provide."

and

"When the content-protected BlackBerry device decrypts a message that it received while locked, the BlackBerry device uses the ECC private key in the decryption operation. The longer the ECC key, the more time the ECC decryption operation adds to the BlackBerry device decryption process. Choose a content protection strength level that optimizes either the ECC encryption strength or the decryption time.

If you set the content protection strength to Stronger (to use a 283-bit ECC key) or to Strongest (to use a 571-bit ECC key), consider setting the Minimum Password Length IT policy rule to enforce a minimum BlackBerry device password length of 12 characters or 21 characters, respectively. These password lengths maximize the encryption strength that the longer ECC keys are designed to provide. The BlackBerry device uses the BlackBerry device password to generate the ephemeral 256-bit AES encryption key that the BlackBerry device uses to encrypt the content protection key and the ECC private key. A weak password produces a weak ephemeral key."

Now, to my practical concerns. The Bold's security settings are currently as follows

1. 30 character complex password (supports up to 32 characters) with 10 maximum attempts and a one hour security timeout
2. Encryption set to the "Strongest" setting (Options are "Strong," "Stronger," and "Strongest.")
3. Media card encrypted using the "Device Password & Device Key" mode (Because of the device key, the Elcomsoft media card vulnerability is not a factor.)

I'm considering the ramifications of changing the settings to the following

1. 5 character complex password with 4 maximum attempts and a one minute security timeout
2. Encryption set to the weakest setting ("Strong")
3. Media card encryption mode same as before

The new setting would be more convenient because of the shorter password, and it would offer more security against the opportunistic finder or thief because of the one minute password lock security timeout. But in order to ascertain just how effective these settings would be against a determined attacker, I need to understand the methods of attack and costs involved. Assume the BlackBerry in either case is locked and the password is not known.

1. From Cellebrite's site I've learned that its UFED can extract encrypted data from a BlackBerry if the BlackBerry is unlocked, the password is known, or there is no password. Has anything changed since that information was published? Can the Cellebrite UFED circumvent a BlackBerry's password and access its encrypted data? How effective is Cellebrite's UFED against a BlackBerry that has undergone a security wipe and, as a result, is unlocked?

2. If the chipoff method is used successfully, can a forensic lab make sense of the BlackBerry's encrypted device data? If yes, how much bearing does password length have on the lab's ability to decrypt the data? If no, does password length have any practical bearing at all on BlackBerry security given that even a five character password is too long when one only has four tries before the device is wiped?

3. How costly is the chipoff method and associated decryption of data (if available)? A few thousand dollars? Tens of thousands of dollars or more? (This, also, will help me decide on whether to apply the newer settings as I will be able to take a likely attacker's resources into consideration.)

TIA for your thoughts and experience,

Tony

 
Posted : 07/05/2013 2:50 am
(@astro)
Posts: 33
Eminent Member
Topic starter
 

No one wants to help little Tony with this? |

 
Posted : 12/05/2013 11:20 pm
(@trewmte)
Posts: 1877
Noble Member
 

Astro, it might be you haven't received response/s to your questions because a search of this forum contains answers to chip off and decryption questions.

Broaden your search to include Elcom, XRY, and so on. Read about the experiences examiners have been exposed to when dealing with Blackberry. See if you get the answers you are seeking.

Just some observations.

 
Posted : 13/05/2013 12:08 am
(@astro)
Posts: 33
Eminent Member
Topic starter
 

Well, I have done a bunch of reading on this site and elsewhere and haven't found the information I'm looking for. For example, I've learned that chipoff when it comes to BlackBerry is a painstaking process, but no one has divulged what this process costs. Its just been a bunch of secretive "pm sent" replies when it come to that. I'm well aware of Elcomsoft and its password cracking capabilities when the micro sd card is encrypted using the "Device Password" mode, and I even mention it in my post above. I stated that I'm trying to strike a balance between security and convenience shorter password & weaker encryption vs longer password and stronger encryption. In order to do that, I need to know how much chipoff costs (so I can consider a likely attacker's resources) and whether the top chipoff service providers can decrypt/decode encrypted data obtained from a BlackBerry's memory chip as easily as Elcomsoft can extrapolate a BlackBerry's password from a media card when the card's encryption mode is set to Device Password. Personally, I think gleaning any useful data from a BlackBerry with security settings as prescribed in setting one in post #1 above is a daunting, maybe even impossible task, but that's why I posted. I want to know. I want to know a) if I'm right ab that, and b) whether reducing my settings to the second (weaker) setting mentioned in post # 1 above will give an attacker a significant advantage if a chipoff is done on my BlackBerry. But okay, thanks anyway for the "google is your friend" answer.

 
Posted : 13/05/2013 12:40 am
(@trewmte)
Posts: 1877
Noble Member
 

But okay, thanks anyway for the "google is your friend" answer.

That wasn't my point Astro, particularly as you only mentioned UFED in your original post and I was pointing to other systems you might not have known about that are mentioned at Forensic Focus. However, since you brought Google into the discussion, yes, infact, you can learn alot when searching. Perhaps start with the chip off query you raised about chip off difficulty and cost

Found on a Google search https://www.mobileforensicscentral.com/tt3/documents/2013TeelTechChip-offClassatICDDFS.pdf

 
Posted : 13/05/2013 6:10 am
(@astro)
Posts: 33
Eminent Member
Topic starter
 

Thanks, trewmte, for your reply and link. I did mention chipoff in my first post, and it's my understanding that UFED will not extract the data from a password locked, encrypted BlackBerry Bold 9650 running BlackBerry 6. It's also my understanding that when a forensics lab removes the proper chip from this BlackBerry, it can obtain the encrypted raw data off the chip. I'll try to be more specific with my questions.

1. If an attacker takes possession of my BlackBerry Bold 9650 which is password locked with a 32 character password and encrypted with BlackBerry's "Strongest" level of encryption, how much (roughly) would it cost to do a chipoff and obtain the raw data off the memory chip?

2. BlackBerry uses the AES. It's my understanding, and I'm not sure if I understand correctly, that once raw data is obtained from my Blackberry with these configurations in place, the AES would have to be attacked using the brute force method, because the password is instrumental in encrypting the data. If this is true, how long would it take for the lab to brute force a complex 32 character password and decrypt (decode?) my data? How long to do the same with a complex 7 character password? Does what I'm saying even make sense? If not, why not?

I'm going to make a Bold (pun intended) statement

With today's technology, it is not possible for a forensic lab to make meaningful sense of raw data obtained from a BlackBerry Bold 9650 on which a 32 character complex password and BlackBerry's "Strongest" level of encryption have been used to encrypt the data. This is not because no one knows how, rather it's a time limitation issue. A 32 character AES password simply can't be cracked in less than ten years. When it comes to this described BlackBerry, the lab would still have to attack the AES once a successful chipoff and raw data extraction has been performed.

Someone, please tell me if I'm right about this. If I'm wrong, please tell me, but please also tell me why I'm wrong. I think I'm right, but I don't want a false sense of security.

 
Posted : 13/05/2013 6:56 am
jaclaz
(@jaclaz)
Posts: 5133
Illustrious Member
 

1. If an attacker takes possession of my BlackBerry Bold 9650 which is password locked with a 32 character password and encrypted with BlackBerry's "Strongest" level of encryption, how much (roughly) would it cost to do a chipoff and obtain the raw data off the memory chip?

Anything from 100 US$ to several thousands are needed for the hardware and soft, examples (low to high)
http//spritesmods.com/?art=ftdinand
http//www.flash-extractor.com/shop/
http//www.acelaboratory.com/pc3000.flash.php

If you know where your towel is, you can do a chip-off (unsoldering) with both a hot air gun you can buy at the hardware store around the corner for some US$ 30 and with a professional hot air soldering station worth a couple thousands.

And in some cases you can well use the chip "as is"
http//hackaday.com/2010/12/24/reading-nand-flash-chips-without-removing-them/

I would say that reading the RAW data is not an issue (or not an issue if the flash contains anything of actual value).

jaclaz

 
Posted : 13/05/2013 1:33 pm
(@astro)
Posts: 33
Eminent Member
Topic starter
 

Thank you, Jaclaz. This sounds good for the investigator, bad for the one who is trying to secure his data. It makes a strong case for a) encryption in the first place, b) strong encryption, and c) a long, complex password. I might have to stick with "Strongest" level of encryption available and the 32 character, complex password. ?

 
Posted : 13/05/2013 4:24 pm
(@astro)
Posts: 33
Eminent Member
Topic starter
 

An interesting link

Password Recovery Speeds

 
Posted : 13/05/2013 4:52 pm
jaclaz
(@jaclaz)
Posts: 5133
Illustrious Member
 

This sounds good for the investigator, bad for the one who is trying to secure his data.

Well, the real issue is not usually getting the RAW data, but rather to decrypt it.

Actually you posed your questions in a (IMHO) very correct way, the analysis of costs vs. benefits (and nuisance to the users). D

The link you gave for "times" needed are (understandably) very "variable", and "generic".

You should be looking more in the theory (before getting back to practice).
Generally speaking, i.e. not limited to brute-forcing, what is relevant is the entropy of the password
http//en.wikipedia.org/wiki/Password_strength
http//en.wikipedia.org/wiki/Password_strength#Entropy_as_a_measure_of_password_strength

If you check the above you will see how (example) a "common password", case insensitive allphanumeric, rather surprisingly does not get a much better entropy if you add CaSe SeNsItIvEnEsS.

You may want to think a bit about the considerations made here (besides the quick laugh wink )
http//xkcd.com/936/

Some further (personal) considerations are made here
http//reboot.pro/topic/18110-ridiculous-password-rules/
Reboot.pro has some issues lately, if it doesn't load don't worry and try later)

References in the above are to these two (IMHO interesting) blog posts
http//blogs.securiteam.com/index.php/archives/1068
http//blogs.securiteam.com/index.php/archives/1906

jaclaz

 
Posted : 13/05/2013 8:54 pm
Page 1 / 2
Share: