Blackbe;rry Playbook tablet Installation guide

BlackBerry PlayBook Tablet

Version: 1.0

Security Technical Overview

Published: 2011-09-08

SWD-1674396-0316050254-001

Contents

1 Revision history................................................................................................................................................. 4

2 Tablet security features.................................................................................................................................... 6

3System requirements: tablet............................................................................................................................ 7

4Opening an encrypted and authenticated connection between a tablet and smartphone............................. 8

The Bluetooth pairing process.......................................................................................................................... 8

The BlackBerry Bridge pairing key.................................................................................................................... 9

Generating an initial pairing key during the BlackBerry Bridge pairing process............................................... 9

Process flow: Generating an initial pairing key.......................................................................................... 10

Cryptosystem parameters that the BlackBerry Bridge pairing process uses to generate an initial

pairing key................................................................................................................................................. 11

Generating a BlackBerry Bridge pairing key during the BlackBerry Bridge pairing process............................. 11

Process flow: Generating a BlackBerry Bridge pairing key........................................................................ 12

Connecting a tablet to a smartphone that is activated on the BlackBerry Enterprise Server or BlackBerry

Internet Service................................................................................................................................................. 13

Process flow: Generating a BlackBerry Bridge work key........................................................................... 13

Reconnecting a tablet to a smartphone........................................................................................................... 13

Deleting a tablet and smartphone connection................................................................................................. 13

Bluetooth security features on the tablet and smartphone............................................................................. 14

Using IT policy rules to manage Bluetooth technology on smartphones......................................................... 15

Specifying Bluetooth connections that third-party applications can access.................................................... 16

Bluetooth profiles that the tablet supports...................................................................................................... 17

5 Securing tablets in your organization’s environment for work use.................................................................. 18

How a tablet distinguishes between work data and personal data.................................................................. 18

How a tablet protects work data............................................................................................................... 19

What happens when a user updates or creates work files on a tablet..................................................... 20

How a tablet controls whether an application is a work application or a personal application....................... 20

Determining which applications are work applications or personal applications..................................... 20

Comparison of work applications and personal applications.................................................................... 21

Access rights for work data and personal data that the BlackBerry Tablet OS grants to applications...... 22

Using the Bridge Browser.......................................................................................................................... 22

Running the Files application in work mode............................................................................................. 23

Taking screen shots on a tablet................................................................................................................. 23

When a tablet prevents a user from accessing work data or work applications.............................................. 23

Connecting a tablet to an enterprise Wi-Fi network........................................................................................ 24

IT policy rules that apply to a tablet................................................................................................................. 24

6 The BlackBerry Tablet OS.................................................................................................................................. 25

The tablet file system........................................................................................................................................ 25

How the BlackBerry Tablet OS uses sandboxing to protect application data................................................... 26

How the BlackBerry Tablet OS manages the resources on the tablet.............................................................. 26

How the tablet manages permissions for applications..................................................................................... 26

How the tablet verifies the boot ROM code..................................................................................................... 27

How the tablet manages software updates...................................................................................................... 27

7 Protecting user information............................................................................................................................. 28

Using the smartphone password to help protect access to the tablet............................................................. 28

Using the tablet password................................................................................................................................ 28

Deleting data from the tablet memory............................................................................................................. 29

What happens to work data on the tablet when it is connected to a smartphone that deletes all

smartphone data.............................................................................................................................................. 29

8 Cryptographic algorithms, codes, protocols, and APIs that the tablet supports.............................................. 31

Symmetric encryption algorithms..................................................................................................................... 31

Asymmetric encryption algorithms.................................................................................................................. 31

Hash algorithms................................................................................................................................................ 32

Message authentication codes......................................................................................................................... 32

Signature scheme algorithms........................................................................................................................... 32

Key agreement schemes................................................................................................................................... 32

Cryptographic protocols................................................................................................................................... 33

Cryptographic APIs............................................................................................................................................ 33

VPN cryptographic support............................................................................................................................... 33

Wi-Fi cryptographic support............................................................................................................................. 33

9 Attacks that the BlackBerry Bridge pairing process is designed to prevent..................................................... 35

Brute-force attack............................................................................................................................................. 35

Online dictionary attack.................................................................................................................................... 35

Eavesdropping.................................................................................................................................................. 35

Impersonating a smartphone........................................................................................................................... 36

Man-in-the-middle attack................................................................................................................................. 36

Small subgroup attack...................................................................................................................................... 36

10 Glossary............................................................................................................................................................ 37

11 Provide feedback.............................................................................................................................................. 41

12 Legal notice....................................................................................................................................................... 42

Revision history 1

Date Description

15 July 2011 Added the following topics:

• The Bluetooth pairing process

• Generating an initial pairing key during the BlackBerry Bridge pairing

process

• Process flow: Generating an initial pairing key

• Cryptosystem parameters that the BlackBerry Bridge pairing process

uses to generate an initial pairing key

• Generating a BlackBerry Bridge pairing key during the BlackBerry

Bridge pairing process

• Process flow: Generating a BlackBerry Bridge pairing key

• Process flow: Generating a BlackBerry Bridge work key

• Bluetooth security features on the tablet and smartphone

• Using IT policy rules to manage Bluetooth technology on smartphones

• Specifying Bluetooth connections that third-party applications can

access

• Bluetooth profiles that the tablet supports

• Taking screen shots on a tablet

• What happens to work data on the tablet when it is connected to a

smartphone that deletes all smartphone data

Updated the following topics:

• Tablet security features

• Opening an encrypted and authenticated connection between a tablet

and smartphone

• The BlackBerry Bridge pairing key

• Connecting a tablet to a smartphone that is activated on the BlackBerry

Enterprise Server or BlackBerry Internet Service

• Reconnecting a tablet to a smartphone

• How a tablet distinguishes between work data and personal data

• How a tablet protects work data

• Determining which applications are work applications or personal

applications

• Running the web browser in work mode (changed to "Using the Bridge

Browser")

• Running the Files application in work mode

• When a tablet prevents a user from accessing work data or work

application

Security Technical Overview Revision history

Date Description

• Using the tablet password

• The tablet file system

• Using the smartphone password to help protect access to the tablet

• Deleting data from the tablet memory

• Symmetric encryption algorithms

4 April 2011 Initial version

Security Technical Overview Revision history

Tablet security features 2

Feature Description

Encrypted and authenticated

connection between a BlackBerry

PlayBook tablet and BlackBerry

smartphone

• A tablet and smartphone perform two pairing processes to open an

encrypted and authenticated connection between each other: a

Bluetooth pairing process and a BlackBerry Bridge pairing process that

is designed to enhance the level of encryption for the connection.

• The BlackBerry Bridge uses the ECDH algorithm to negotiate a key and

AES-256 to encrypt the connection.

Protection of work data on a tablet • The tablet is designed to isolate the work file system and work

applications from the personal file system and personal applications.

• The tablet classifies applications as work applications and allows them

to access work data.

• The tablet helps protect work data using XTS-AES-256 encryption.

• The tablet does not store local copies of work data permanently, the

tablet uses the BlackBerry smartphone file system to store work data.

Protection of BlackBerry PlayBook

tablet user information

The tablet is designed to allow a user to delete all user information and

application data from the tablet memory.

Protection of BlackBerry Tablet OS • When the BlackBerry Tablet OS starts, it completes integrity tests to

detect damage to the kernel.

• The BlackBerry Tablet OS can restart a process that stops responding

without negatively affecting other processes.

• The BlackBerry Tablet OS validates requests that applications make for

resources on the tablet.

Protection of the user spaces that

applications run in

The BlackBerry Tablet OS runs each process in a user space on the tablet.

To help protect a user space, the BlackBerry Tablet OS is designed to

evaluate the requests that processes make for memory outside of the user

space. The BlackBerry Tablet OS is designed to permit a process to access

only the memory that it has permissions for at a specific time.

Protection of resources The BlackBerry Tablet OS uses adaptive partitioning to allocate resources

that are not used by applications during typical operating conditions and to

make sure that resources are available to applications during times of peak

operating conditions.

Management of permissions to

access capabilities

The BlackBerry Tablet OS evaluates every request that an application makes

to access a capability on the tablet.

Verification of the boot ROM code The tablet verifies that the boot ROM code is permitted to run on the tablet.

Security Technical Overview Tablet security features

System requirements: tablet 3

Item Requirement

BlackBerry Enterprise Server version To use IT policy rules to control settings for the BlackBerry Bridge and

BlackBerry PlayBook tablet, your organization's environment must include

BlackBerry Enterprise Server 4.0 or later and the IT policy rules included in

KB26294 imported into the BlackBerry Enterprise Server.

For more information about importing the IT policy rules to control settings

for the BlackBerry Bridge and tablet, visit www.blackberry.com/go/kbhelp

to read KB26294.

smartphone BlackBerry PlayBook tablet users who want to use the BlackBerry Bridge

must have a BlackBerry smartphone that is running one of the following:

• BlackBerry Device Software 5.0

• BlackBerry 6

• BlackBerry 7

Users whose smartphones are running BlackBerry Device Software 5.0 and

BlackBerry 6, must install BlackBerry Bridge from the BlackBerry App World

storefront. The BlackBerry Bridge is pre-installed on smartphones that are

running BlackBerry 7.

operating system Users who want to install and run BlackBerry Desktop Software to manage

the tablet using their computers must have one of the following operating

systems running on a computer:

• Windows XP SP3 or later

• Windows Vista

• Windows 7

• Mac OS X 10.5.7 or later

BlackBerry Desktop Software Users who want to manage the tablet using their computers must install

one of the following:

• BlackBerry Desktop Software (Windows) 6.0.2 or later

• BlackBerry Desktop Software (Mac) 2.0.0 or later

Security Technical Overview System requirements: tablet

Opening an encrypted and authenticated

connection between a tablet and smartphone

A BlackBerry PlayBook tablet and BlackBerry smartphone perform two pairing processes to open an encrypted and

authenticated connection between each other:

• Bluetooth pairing process to open a Bluetooth connection

• BlackBerry Bridge pairing process to provide a level of security that is greater than what the Bluetooth pairing

process provides

During the Bluetooth pairing process, the tablet and smartphone share a Bluetooth key to encrypt and decrypt

data that is sent between the tablet and smartphone.

During the BlackBerry Bridge pairing process, the tablet and smartphone share a BlackBerry Bridge pairing key to

authenticate the connection and encrypt and decrypt data that is sent between the tablet and smartphone.

During the BlackBerry Bridge pairing process, the tablet and smartphone also share the BlackBerry Bridge work

key if the smartphone was activated on a BlackBerry Enterprise Server. The tablet uses the 512-bit BlackBerry

Bridge work key and XTS-AES-256 to encrypt the keys that encrypt and decrypt the work data that the tablet

stores.

A user can start a Bluetooth pairing process and BlackBerry Bridge pairing process on a tablet or smartphone in

one step. To start the pairing processes, the user can add a smartphone in the Paired Device options on the tablet

or in the BlackBerry Bridge application on the device.

If the BlackBerry PlayBook tablet user presses and holds the power key to reset the tablet, the tablet erases the

BlackBerry Bridge work key from memory.

The Bluetooth pairing process

Bluetooth technology permits a BlackBerry PlayBook tablet and a BlackBerry smartphone to open a wireless

connection between each other.

Bluetooth profiles on the tablet and smartphone specify how Bluetooth enabled applications can connect and run.

The Bluetooth Serial Port Profile that is on the tablet and smartphone specifies how the tablet and smartphone

can open a serial connection between each other using a virtual serial port.

By default, a tablet and smartphone include the following Bluetooth security features:

• A user can turn off the Bluetooth technology for the tablet or smartphone. You can turn off the Bluetooth

technology for the smartphone using IT policies.

• A user must request a connection, or pairing, between the tablet and smartphone. A user can connect a tablet

and smartphone by scanning a barcode or manually configuring the connection (and typing a shared secret to

complete the pairing).

• If a user connects or reconnects a tablet to a smartphone that requires a password, the user must type the

smartphone password on the tablet.

• A user can delete a Bluetooth connection between a tablet and smartphone in the Bluetooth settings on a tablet.

Security Technical Overview Opening an encrypted and authenticated connection between a tablet and smartphone

Other manuals for PlayBook Tablet

Table of contents

Other Blackbe;rry Tablet manuals

Blackbe;rry

Blackbe;rry PlayBook Tablet User manual

Blackbe;rry

Blackbe;rry PlayBook Tablet User manual

Blackbe;rry

Blackbe;rry PlayBook Tablet User manual

Blackbe;rry

Blackbe;rry PlayBook Tablet User manual

Blackbe;rry

Blackbe;rry Playbook 16GB Tab User manual

Blackbe;rry

Blackbe;rry PlayBook Tablet User manual

Blackbe;rry

Blackbe;rry PlayBook Tablet User manual

Blackbe;rry

Blackbe;rry PlayBook Tablet User manual

Blackbe;rry

Blackbe;rry 4G LTE Playbook Manual

Blackbe;rry

Blackbe;rry Playbook 16GB User manual

Blackbe;rry

Blackbe;rry PlayBook Tablet Instruction Manual

Blackbe;rry

Blackbe;rry PlayBook Tablet User manual

Blackbe;rry

Blackbe;rry PlayBook Tablet User manual

Blackbe;rry

Blackbe;rry PlayBook Tablet User manual

Popular Tablet manuals by other brands

Fujitsu

Fujitsu Stylistic ST5021D Specifications

Samsung

Samsung Galaxy Tab S2 user manual

Venstar

Venstar 4050 user manual

TabLines

TabLines TWE Mounting instructions

Fujitsu

Fujitsu LifeBook T902 user guide

Coby

Coby Kyros MID1042 Series quick start guide

Porto

Porto S908ET quick guide

Samsung

Samsung Galaxy Tab A user manual

Laser

Laser MID-1060 Quick operation guide

MUNBYN

MUNBYN IRT09J Easy setup guide

Motorola

Motorola MC3090R - Win CE 5.0 Professional 520 MHz quick start guide

Dell

Dell Latitude ST Setup and features information

Samsung

Samsung Galaxy Tab S2 user manual

Samsung

Samsung GT-P8510 user manual

Venturer

Venturer WT9L11 quick start guide

EDUGEAR

EDUGEAR UnoBook user guide

Zeki

Zeki TBDB763B user guide

TwinMOS

TwinMOS TwinTAB-T102D1 user guide

Blackbe;rry PlayBook Tablet Installation guide

Popular Tablet manuals by other brands