Greetings. I am trying to strike a balance between security and convenience. Specifically, I am trying to understand just how important password length is in securing the data stored on a password locked, fully encrypted BlackBerry. Handheld specifics are as follows:
1. BlackBerry Bold 9650
2. BlackBerry OS 6
RIM/BlackBerry has provided the following information in its manuals:
"When you set up encryption of your BlackBerry® device data using the content protection feature, your BlackBerry device is designed to be protected against users with malicious intent who could attempt to steal your data directly from the internal hardware. No one can read your encrypted data without your device password.
In the Security Options, you can set the Content Protection Strength level. The BlackBerry device then encrypts your data (for example, messages, contact entries, and tasks). The Content Protection Strength level optimizes either the encryption strength or the decryption time. When your BlackBerry device decrypts a message that it received while locked, the BlackBerry device uses an encryption key. More encryption strength means a longer decryption process.
If you set the content protection strength to Stronger, use a minimum length of 12 characters for the BlackBerry device password. If you set the content protection strength to Strongest, use a minimum length of 21 characters. These password lengths maximize the encryption strength that these settings are designed to provide."
and:
"When the content-protected BlackBerry device decrypts a message that it received while locked, the BlackBerry device uses the ECC private key in the decryption operation. The longer the ECC key, the more time the ECC decryption operation adds to the BlackBerry device decryption process. Choose a content protection strength level that optimizes either the ECC encryption strength or the decryption time.
If you set the content protection strength to Stronger (to use a 283-bit ECC key) or to Strongest (to use a 571-bit ECC key), consider setting the Minimum Password Length IT policy rule to enforce a minimum BlackBerry device password length of 12 characters or 21 characters, respectively. These password lengths maximize the encryption strength that the longer ECC keys are designed to provide. The BlackBerry device uses the BlackBerry device password to generate the ephemeral 256-bit AES encryption key that the BlackBerry device uses to encrypt the content protection key and the ECC private key. A weak password produces a weak ephemeral key."
Now, to my practical concerns. The Bold's security settings are currently as follows:
1. 30 character complex password (supports up to 32 characters) with 10 maximum attempts and a one hour security timeout
2. Encryption set to the "Strongest" setting (Options are "Strong,""Stronger," and "Strongest.")
3. Media card encrypted using the "Device Password & Device Key" mode (Because of the device key, the Elcomsoft media card vulnerability is not a factor.)
I'm considering the ramifications of changing the settings to the following:
1. 5 character complex password with 4 maximum attempts and a one minute security timeout
2. Encryption set to the weakest setting ("Strong")
3. Media card encryption mode same as before
The new setting would be more convenient because of the shorter password, and it would offer more security against the opportunistic finder or thief because of the one minute password lock security timeout. But in order to ascertain just how effective these settings would be against a determined attacker, I need to understand the methods of attack and costs involved. Assume the BlackBerry in either case is locked and the password is not known.
1. From Cellebrite's site I've learned that its UFED can extract encrypted data from a BlackBerry if the BlackBerry is unlocked, the password is known, or there is no password. Has anything changed since that information was published? Can the Cellebrite UFED circumvent a BlackBerry's password and access its encrypted data? How effective is Cellebrite's UFED against a BlackBerry that has undergone a security wipe and, as a result, is unlocked?
2. If the chipoff method is used successfully, can a forensic lab make sense of the BlackBerry's encrypted device data? If yes, how much bearing does password length have on the lab's ability to decrypt the data? If no, does password length have any practical bearing at all on BlackBerry security given that even a five character password is too long when one only has four tries before the device is wiped?
3. How costly is the chipoff method and associated decryption of data (if available)? A few thousand dollars? Tens of thousands of dollars or more? (This, also, will help me decide on whether to apply the newer settings as I will be able to take a likely attacker's resources into consideration.)
TIA for your thoughts and experience,
Tony
↧