next up previous contents
Next: The Business Case for Up: Operation WhiteBerry Creation of Previous: Initial Development Framework   Contents

Subsections


Mobile Messaging Security

We claim in this article that WhiteBerry meets or exceeds the entire functionality of BlackBerry. There is one possible objection that could be made to this statement: that, as described, WhiteBerry does not match BlackBerry's claimed security functionality.


BlackBerry Security

In their promotional literature, BlackBerry claims to provide ``end-to-end'' security using Triple DES encryption technology. A casual reading of this would lead one to believe that BlackBerry provides full message encryption all the way from the sending mail application to the receiving mail application - i.e. all the way from the point of origin to the point of delivery. In the Internet world, this is conventionally what ``end-to-end'' means.

In fact, the BlackBerry system only provides encryption between the BlackBerry handheld and the corporate e-mail account. This provides security only for messages originating in or being delivered to the in-house corporate e-mail system. In the case of generic e-mails, which may be transmitted to/from any point on the Internet, BlackBerry provides no security whatsoever beyond the point of relay at the corporate system.

In other words, one of the ends being referred to in BlackBerry's claim of ``end-to-end'' security is not the ultimate user mail application, but the corporate account. BlackBerry thus only provides security over part of the transmission route from sender to recipient. This is rather like going out to do battle wearing a suit of armor that only offers protection from the waist down - it is only slightly better than no armor at all.

Therefore BlackBerry does not provide true End-to-End security, and RIM's use of this term is disingenuous and misleading. The claimed security is limited and superficial, providing only a degree of psychological reassurance to the user - it is more of a security blanket than genuine security.

Furthermore, since the BlackBerry system is closed, details of the actual security implementation are unknown, and have not been subjected to external review. RIM's description of its security method may be adequate for marketing purposes, but this does not provide sufficient information for a formal engineering validation.

In general, e-mail users can achieve true End-to-End security by means of the existing PGP [16] or Secure MIME (S/MIME) [9], [10] technologies. These are the two methods most commonly used for e-mail security today. However, if these technologies are to provide true End-to-End security, they must be implemented at both ends - i.e. at both the sending and receiving e-mail applications. But since the BlackBerry devices are closed, it is not possible for a BlackBerry user to make use of these or any other independent security mechanisms.

Therefore not only does the BlackBerry system not provide genuine End-to-End security, its closed nature also precludes implementation of genuine End-to-End security by any other means.


WhiteBerry Security

There is no doubt that security is of major importance in the e-mail domain. However, the basic Internet e-mail protocols (SMTP, POP and IMAP) were originally designed without adequate consideration for the security issues. Because of this, and because of certain flaws in the implementation of these protocols, the Internet e-mail structure of today includes serious security compromises.

Nevertheless, the existence of the above security compromises has not prevented the widespread adoption and usage of Internet e-mail. Today, much of the daily e-mail traffic still takes place without any formal security protection. In the case of those messages which do require secure transmission, additional security mechanisms are typically applied.

There is a perception that there is a greater need for security in the wireless world than in the wired world, because of the far greater ease of physical access to the wireless communication channel. However, most modern IP-based networks already provide a confidential data link at Layer 2, often obviating the need for additional over-the-air, point-to-point confidentiality mechanisms.

Things have changed a great deal since the early days of Internet e-mail, and today's security expectations and requirements exceed the capabilities of existing protocols.

Mobile Messaging must be a seamless and consistent extension of the existing Internet e-mail structure. Likewise, in order to provide true end-to-end security over both the wired and wireless Internet, the security mechanisms for Mobile Messaging must be an integral part of the overall Internet e-mail structure. Since WhiteBerry is designed as a natural extension of Internet e-mail, it provides the same or better level of security as the existing SMTP protocols.

Also, the WhiteBerry paradigm fully supports the implementation of existing Internet e-mail security mechanisms such as PGP or S/MIME. For those e-mail applications that require it, true End-to-End security can readily be implemented in the context of WhiteBerry by means of these technologies.

However, the currently available implementations of PGP and S/MIME are not the ideal solution for the Mobile Messaging domain. The major factor that is genuinely different in the wireless world is the set of constraints imposed by device miniaturization. For this reason, and in contrast to the wired world, there is a crucial need for efficiency. The currently available implementations of PGP and S/MIME impose undesirably heavy computational demands on the CPU-limited mobile devices, and also impose undesirable message transmission overhead on the bandwidth-limited wireless networks.

Therefore the long-term solution to the need for security in the wireless domain is to provide mainstream security mechanisms such as PGP and S/MIME, but based on more efficient public key algorithms and mechanisms such as elliptic curve cryptography. This is the WhiteBerry approach to security, and one of the planned future tasks will be to extend the LEAP protocols to provide efficient security mechanisms. It is anticipated that this work will take place at EMSD.org.

In addition, generalized security services (in particular authentication and confidentiality) can be provided by establishing a Secure Short Remote Operations (SSRO) layer on top of ESRO. It is anticipated that work related to SSRO will take place at ESRO.org.

Meanwhile, the existing WhiteBerry security mechanisms are adequate for most wireless e-mail traffic, and where necessary they can be augmented by conventional End-to-End security mechanisms.


next up previous contents
Next: The Business Case for Up: Operation WhiteBerry Creation of Previous: Initial Development Framework   Contents