Blackbe;rry PlayBook Tablet Guida all'installazione
BlackBerry PlayBook Tablet
Version: 1.0
Security Technical Overview
Published: 2011-09-08
SWD-1674396-0316050254-001
Contents
1 Revision history................................................................................................................................................. 4
2 Tablet security features.................................................................................................................................... 6
3System requirements: tablet............................................................................................................................ 7
4Opening an encrypted and authenticated connection between a tablet and smartphone............................. 8
The Bluetooth pairing process.......................................................................................................................... 8
The BlackBerry Bridge pairing key.................................................................................................................... 9
Generating an initial pairing key during the BlackBerry Bridge pairing process............................................... 9
Process flow: Generating an initial pairing key.......................................................................................... 10
Cryptosystem parameters that the BlackBerry Bridge pairing process uses to generate an initial
pairing key................................................................................................................................................. 11
Generating a BlackBerry Bridge pairing key during the BlackBerry Bridge pairing process............................. 11
Process flow: Generating a BlackBerry Bridge pairing key........................................................................ 12
Connecting a tablet to a smartphone that is activated on the BlackBerry Enterprise Server or BlackBerry
Internet Service................................................................................................................................................. 13
Process flow: Generating a BlackBerry Bridge work key........................................................................... 13
Reconnecting a tablet to a smartphone........................................................................................................... 13
Deleting a tablet and smartphone connection................................................................................................. 13
Bluetooth security features on the tablet and smartphone............................................................................. 14
Using IT policy rules to manage Bluetooth technology on smartphones......................................................... 15
Specifying Bluetooth connections that third-party applications can access.................................................... 16
Bluetooth profiles that the tablet supports...................................................................................................... 17
5 Securing tablets in your organization’s environment for work use.................................................................. 18
How a tablet distinguishes between work data and personal data.................................................................. 18
How a tablet protects work data............................................................................................................... 19
What happens when a user updates or creates work files on a tablet..................................................... 20
How a tablet controls whether an application is a work application or a personal application....................... 20
Determining which applications are work applications or personal applications..................................... 20
Comparison of work applications and personal applications.................................................................... 21
Access rights for work data and personal data that the BlackBerry Tablet OS grants to applications...... 22
Using the Bridge Browser.......................................................................................................................... 22
Running the Files application in work mode............................................................................................. 23
Taking screen shots on a tablet................................................................................................................. 23
When a tablet prevents a user from accessing work data or work applications.............................................. 23
Connecting a tablet to an enterprise Wi-Fi network........................................................................................ 24
IT policy rules that apply to a tablet................................................................................................................. 24
6 The BlackBerry Tablet OS.................................................................................................................................. 25
The tablet file system........................................................................................................................................ 25
How the BlackBerry Tablet OS uses sandboxing to protect application data................................................... 26
How the BlackBerry Tablet OS manages the resources on the tablet.............................................................. 26
How the tablet manages permissions for applications..................................................................................... 26
How the tablet verifies the boot ROM code..................................................................................................... 27
How the tablet manages software updates...................................................................................................... 27
7 Protecting user information............................................................................................................................. 28
Using the smartphone password to help protect access to the tablet............................................................. 28
Using the tablet password................................................................................................................................ 28
Deleting data from the tablet memory............................................................................................................. 29
What happens to work data on the tablet when it is connected to a smartphone that deletes all
smartphone data.............................................................................................................................................. 29
8 Cryptographic algorithms, codes, protocols, and APIs that the tablet supports.............................................. 31
Symmetric encryption algorithms..................................................................................................................... 31
Asymmetric encryption algorithms.................................................................................................................. 31
Hash algorithms................................................................................................................................................ 32
Message authentication codes......................................................................................................................... 32
Signature scheme algorithms........................................................................................................................... 32
Key agreement schemes................................................................................................................................... 32
Cryptographic protocols................................................................................................................................... 33
Cryptographic APIs............................................................................................................................................ 33
VPN cryptographic support............................................................................................................................... 33
Wi-Fi cryptographic support............................................................................................................................. 33
9 Attacks that the BlackBerry Bridge pairing process is designed to prevent..................................................... 35
Brute-force attack............................................................................................................................................. 35
Online dictionary attack.................................................................................................................................... 35
Eavesdropping.................................................................................................................................................. 35
Impersonating a smartphone........................................................................................................................... 36
Man-in-the-middle attack................................................................................................................................. 36
Small subgroup attack...................................................................................................................................... 36
10 Glossary............................................................................................................................................................ 37
11 Provide feedback.............................................................................................................................................. 41
12 Legal notice....................................................................................................................................................... 42
Revision history 1
Date Description
15 July 2011 Added the following topics:
• The Bluetooth pairing process
• Generating an initial pairing key during the BlackBerry Bridge pairing
process
• Process flow: Generating an initial pairing key
• Cryptosystem parameters that the BlackBerry Bridge pairing process
uses to generate an initial pairing key
• Generating a BlackBerry Bridge pairing key during the BlackBerry
Bridge pairing process
• Process flow: Generating a BlackBerry Bridge pairing key
• Process flow: Generating a BlackBerry Bridge work key
• Bluetooth security features on the tablet and smartphone
• Using IT policy rules to manage Bluetooth technology on smartphones
• Specifying Bluetooth connections that third-party applications can
access
• Bluetooth profiles that the tablet supports
• Taking screen shots on a tablet
• What happens to work data on the tablet when it is connected to a
smartphone that deletes all smartphone data
Updated the following topics:
• Tablet security features
• Opening an encrypted and authenticated connection between a tablet
and smartphone
• The BlackBerry Bridge pairing key
• Connecting a tablet to a smartphone that is activated on the BlackBerry
Enterprise Server or BlackBerry Internet Service
• Reconnecting a tablet to a smartphone
• How a tablet distinguishes between work data and personal data
• How a tablet protects work data
• Determining which applications are work applications or personal
applications
• Running the web browser in work mode (changed to "Using the Bridge
Browser")
• Running the Files application in work mode
• When a tablet prevents a user from accessing work data or work
application
Security Technical Overview Revision history
4
Date Description
• Using the tablet password
• The tablet file system
• Using the smartphone password to help protect access to the tablet
• Deleting data from the tablet memory
• Symmetric encryption algorithms
4 April 2011 Initial version
Security Technical Overview Revision history
5
Tablet security features 2
Feature Description
Encrypted and authenticated
connection between a BlackBerry
PlayBook tablet and BlackBerry
smartphone
• A tablet and smartphone perform two pairing processes to open an
encrypted and authenticated connection between each other: a
Bluetooth pairing process and a BlackBerry Bridge pairing process that
is designed to enhance the level of encryption for the connection.
• The BlackBerry Bridge uses the ECDH algorithm to negotiate a key and
AES-256 to encrypt the connection.
Protection of work data on a tablet • The tablet is designed to isolate the work file system and work
applications from the personal file system and personal applications.
• The tablet classifies applications as work applications and allows them
to access work data.
• The tablet helps protect work data using XTS-AES-256 encryption.
• The tablet does not store local copies of work data permanently, the
tablet uses the BlackBerry smartphone file system to store work data.
Protection of BlackBerry PlayBook
tablet user information
The tablet is designed to allow a user to delete all user information and
application data from the tablet memory.
Protection of BlackBerry Tablet OS • When the BlackBerry Tablet OS starts, it completes integrity tests to
detect damage to the kernel.
• The BlackBerry Tablet OS can restart a process that stops responding
without negatively affecting other processes.
• The BlackBerry Tablet OS validates requests that applications make for
resources on the tablet.
Protection of the user spaces that
applications run in
The BlackBerry Tablet OS runs each process in a user space on the tablet.
To help protect a user space, the BlackBerry Tablet OS is designed to
evaluate the requests that processes make for memory outside of the user
space. The BlackBerry Tablet OS is designed to permit a process to access
only the memory that it has permissions for at a specific time.
Protection of resources The BlackBerry Tablet OS uses adaptive partitioning to allocate resources
that are not used by applications during typical operating conditions and to
make sure that resources are available to applications during times of peak
operating conditions.
Management of permissions to
access capabilities
The BlackBerry Tablet OS evaluates every request that an application makes
to access a capability on the tablet.
Verification of the boot ROM code The tablet verifies that the boot ROM code is permitted to run on the tablet.
Security Technical Overview Tablet security features
6
System requirements: tablet 3
Item Requirement
BlackBerry Enterprise Server version To use IT policy rules to control settings for the BlackBerry Bridge and
BlackBerry PlayBook tablet, your organization's environment must include
BlackBerry Enterprise Server 4.0 or later and the IT policy rules included in
KB26294 imported into the BlackBerry Enterprise Server.
For more information about importing the IT policy rules to control settings
for the BlackBerry Bridge and tablet, visit www.blackberry.com/go/kbhelp
to read KB26294.
smartphone BlackBerry PlayBook tablet users who want to use the BlackBerry Bridge
must have a BlackBerry smartphone that is running one of the following:
• BlackBerry Device Software 5.0
• BlackBerry 6
• BlackBerry 7
Users whose smartphones are running BlackBerry Device Software 5.0 and
BlackBerry 6, must install BlackBerry Bridge from the BlackBerry App World
storefront. The BlackBerry Bridge is pre-installed on smartphones that are
running BlackBerry 7.
operating system Users who want to install and run BlackBerry Desktop Software to manage
the tablet using their computers must have one of the following operating
systems running on a computer:
• Windows XP SP3 or later
• Windows Vista
• Windows 7
• Mac OS X 10.5.7 or later
BlackBerry Desktop Software Users who want to manage the tablet using their computers must install
one of the following:
• BlackBerry Desktop Software (Windows) 6.0.2 or later
• BlackBerry Desktop Software (Mac) 2.0.0 or later
Security Technical Overview System requirements: tablet
7
Opening an encrypted and authenticated
connection between a tablet and smartphone
4
A BlackBerry PlayBook tablet and BlackBerry smartphone perform two pairing processes to open an encrypted and
authenticated connection between each other:
• Bluetooth pairing process to open a Bluetooth connection
• BlackBerry Bridge pairing process to provide a level of security that is greater than what the Bluetooth pairing
process provides
During the Bluetooth pairing process, the tablet and smartphone share a Bluetooth key to encrypt and decrypt
data that is sent between the tablet and smartphone.
During the BlackBerry Bridge pairing process, the tablet and smartphone share a BlackBerry Bridge pairing key to
authenticate the connection and encrypt and decrypt data that is sent between the tablet and smartphone.
During the BlackBerry Bridge pairing process, the tablet and smartphone also share the BlackBerry Bridge work
key if the smartphone was activated on a BlackBerry Enterprise Server. The tablet uses the 512-bit BlackBerry
Bridge work key and XTS-AES-256 to encrypt the keys that encrypt and decrypt the work data that the tablet
stores.
A user can start a Bluetooth pairing process and BlackBerry Bridge pairing process on a tablet or smartphone in
one step. To start the pairing processes, the user can add a smartphone in the Paired Device options on the tablet
or in the BlackBerry Bridge application on the device.
If the BlackBerry PlayBook tablet user presses and holds the power key to reset the tablet, the tablet erases the
BlackBerry Bridge work key from memory.
The Bluetooth pairing process
Bluetooth technology permits a BlackBerry PlayBook tablet and a BlackBerry smartphone to open a wireless
connection between each other.
Bluetooth profiles on the tablet and smartphone specify how Bluetooth enabled applications can connect and run.
The Bluetooth Serial Port Profile that is on the tablet and smartphone specifies how the tablet and smartphone
can open a serial connection between each other using a virtual serial port.
By default, a tablet and smartphone include the following Bluetooth security features:
• A user can turn off the Bluetooth technology for the tablet or smartphone. You can turn off the Bluetooth
technology for the smartphone using IT policies.
• A user must request a connection, or pairing, between the tablet and smartphone. A user can connect a tablet
and smartphone by scanning a barcode or manually configuring the connection (and typing a shared secret to
complete the pairing).
• If a user connects or reconnects a tablet to a smartphone that requires a password, the user must type the
smartphone password on the tablet.
• A user can delete a Bluetooth connection between a tablet and smartphone in the Bluetooth settings on a tablet.
Security Technical Overview Opening an encrypted and authenticated connection between a tablet and smartphone
8
Altri manuali per PlayBook Tablet
11
Indice
Altri manuali Blackbe;rry Tavoletta
Blackbe;rry
Blackbe;rry PlayBook Tablet Manuale utente
Blackbe;rry
Blackbe;rry PlayBook Tablet Manuale utente
Blackbe;rry
Blackbe;rry 4G LTE Playbook Manuale
Blackbe;rry
Blackbe;rry PlayBook Tablet Manuale utente
Blackbe;rry
Blackbe;rry PlayBook Tablet Manuale utente
Blackbe;rry
Blackbe;rry PlayBook Tablet Manuale di istruzioni
Blackbe;rry
Blackbe;rry Playbook 16GB Tab Manuale utente
Blackbe;rry
Blackbe;rry PlayBook Tablet Manuale utente
Blackbe;rry
Blackbe;rry PlayBook Tablet Manuale utente
Blackbe;rry
Blackbe;rry PlayBook Tablet Manuale utente
