BlackBerry Forums Support Community               

Closed Thread
 
LinkBack Thread Tools
Old 09-23-2005, 01:20 AM   #1 (permalink)
Talking BlackBerry Encyclopedia
 
Join Date: Feb 2005
Location: Alberta
Model: 8300
Carrier: Rogers
Posts: 350
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default Removable Memory [100% secure]

Please Login to Remove!

Apparently RIM is working on getting approval on removable memory without losing their security standings with privacy and security regulators. they may find a work around (such as encrypted removable memory), if they do then we will see a bb with memory cards!

Thoughts?
Offline  
Old 09-23-2005, 05:03 AM   #2 (permalink)
Talking BlackBerry Encyclopedia
 
Join Date: Aug 2004
Posts: 232
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Clearly its not something that is going to come anytime soon, not until they bring out a more multimedia orientated device, since there just isn't the need for it yet.

It's bound to happen eventually, but don't hold your breath waiting for it.
Offline  
Old 09-23-2005, 05:34 AM   #3 (permalink)
No longer Registered.
 
Dawg's Avatar
 
Join Date: Mar 2005
Location: Atlanta
Model: 8330
OS: 4.5.0.138
PIN: 31a6c9c9
Carrier: Verizon BIS
Posts: 13,963
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

i agree skive
Offline  
Old 09-23-2005, 09:07 AM   #4 (permalink)
Thumbs Must Hurt
 
pierre626's Avatar
 
Join Date: Apr 2005
Location: Sunderland,United Kingdom
Model: 7290
Carrier: Vodafone UK
Posts: 53
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

I don't agree with you's.With removable memory you could save allsorts of stuff.Important emails,Pictures,Attachment and you could even backup your BB.

Pierre626
__________________
Why is it that BlackBerry's are Black,They Should be blue.
Offline  
Old 09-23-2005, 10:26 AM   #5 (permalink)
Grumpy Moderator
 
NJBlackBerry's Avatar
 
Join Date: Aug 2004
Location: Somewhere in the swamps of Jersey
Model: i5s
Carrier: AT&T
Posts: 27,796
Post Thanks: 33
Thanked 441 Times in 381 Posts
Default



Which you will lose or will be stolen.

A bad idea...

Last edited by Mark Rejhon : 09-25-2005 at 09:09 PM. Reason: Oops - Edited the wrong message. (No modifications made)
Offline  
Old 09-23-2005, 11:44 AM   #6 (permalink)
BlackBerry God
 
jibi's Avatar
 
Join Date: Oct 2004
Location: Jibi's Secret Place
Model: 8900
OS: 4.6.1.174
Carrier: AT&T
Posts: 11,310
Post Thanks: 0
Thanked 1 Time in 1 Post
Default

i think a big plus of removeable memory, in conjunction with EDGE or EVDO, would be the ability to do OTA OS installations... just my opinion. not that i'd actually want to make a user sit through that, but it'd be somewhat fun to play with once or twice before it was yesterday's news. i would assume, in coordination with security policies, there will most likely be some sort of content encryption enabled on the card that would only allow it to be read by that device - or something similar. i don't see it being a mobile way of transporting data (maybe it is) but rather added memory to the device.
__________________
In the beginning the Universe was created. This has made a lot of people very angry and is widely regarded as a bad move.
Offline  
Old 09-23-2005, 10:53 PM   #7 (permalink)
Talking BlackBerry Encyclopedia
 
Join Date: Feb 2005
Location: Alberta
Model: 8300
Carrier: Rogers
Posts: 350
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

No one heard anything else regarding this? I see it having a purpose especially when document storage. But wont happen unless there is some sort of encrypted data algorithm
Offline  
Old 09-24-2005, 08:36 AM   #8 (permalink)
BlackBerry God
 
jibi's Avatar
 
Join Date: Oct 2004
Location: Jibi's Secret Place
Model: 8900
OS: 4.6.1.174
Carrier: AT&T
Posts: 11,310
Post Thanks: 0
Thanked 1 Time in 1 Post
Default

well, obviously it won't be out in time for the 8700, and i'd say the same for the 7130 next year. so this is looking like it may be a late 2006 or 2007 feature (assuming they will be releasing a new handheld at that time, which should be the case), if it is to come about.
__________________
In the beginning the Universe was created. This has made a lot of people very angry and is widely regarded as a bad move.
Offline  
Old 09-24-2005, 11:28 AM   #9 (permalink)
CrackBerry Addict
 
T-Roy's Avatar
 
Join Date: Jan 2005
Model: 8800
Carrier: Darth Vader
Posts: 704
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Where will it be, under the battery, on the side?
Offline  
Old 09-24-2005, 11:45 AM   #10 (permalink)
BlackBerry God
 
jibi's Avatar
 
Join Date: Oct 2004
Location: Jibi's Secret Place
Model: 8900
OS: 4.6.1.174
Carrier: AT&T
Posts: 11,310
Post Thanks: 0
Thanked 1 Time in 1 Post
Default

hehe. mini-usb port connection?

but seriously, in future handhelds of next year or the year after or whenever the post-8700 handhelds will be released, i could see it as being a considered option. current handhelds, i could only see mini-usb connected external memory. obviously, data can be transported to/from the handheld via the mini-usb port, so its a viable option.
__________________
In the beginning the Universe was created. This has made a lot of people very angry and is widely regarded as a bad move.
Offline  
Old 09-24-2005, 03:40 PM   #11 (permalink)
Thumbs Must Hurt
 
pierre626's Avatar
 
Join Date: Apr 2005
Location: Sunderland,United Kingdom
Model: 7290
Carrier: Vodafone UK
Posts: 53
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Use some form of Encryption so its locked to your BlackBerry!!!
__________________
Why is it that BlackBerry's are Black,They Should be blue.
Offline  
Old 09-25-2005, 08:36 PM   #12 (permalink)
Retired BBF Moderator
 
Mark Rejhon's Avatar
 
Join Date: Aug 2004
Location: Ottawa, Ontario, Canada
Model: Bold
Carrier: Rogers
Posts: 4,870
Post Thanks: 1
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by Skive
Clearly its not something that is going to come anytime soon, not until they bring out a more multimedia orientated device, since there just isn't the need for it yet.
The 7100 is slightly more multimedia oriented, and I bet future devices would be even more multimedia oriented, so there appears to be a gradual evolution in that direction. Just as long as it doesn't compromise RIM's core business.

But I think this is a kinda necessary direction to go in. Real business examples. Real estates. Brokerages. Doctor databases. Construction GPS mapping. Video tours. You name it. (obviously, spinoffs such as MP3 and regular video playback will occur too as a side benefit to consumers, in the implementation of future faster BlackBerries and the ability to upgrade the BlackBerry flash memory). You need oodles of flash memory for these applications. Some of them had to go TREO solely due to memory reasons. Not yet, I agree with you Skive, but - bingo - even you seem to imply that it will be necessary in the future. ;)

A compromise is semi-permanent removable memory like RS-MMC or MicroSD. It's more treated like a memory upgrade module for a cellphone, put in like a SIM card. I never remove the card from my iPaq anyway, so a semi-permanent flash upgrade slot hidden behind the battery like a SIM card, is definitely feasible, and simply could be encrypted to function only on that BlackBerry. Remove it and put it in another BlackBerry, no workie. RIM security problem solved. All it behaves is acts like a memory upgrade, and the existing Content Encryption algorithm used for the builtin flash, could be extended to this semi-permanent memory card. I'd be perfectly happy with this. It'd only function as an upgrade for main flash memory, for extra programs and content you would otherwise put in flash.

Imagine:
Options->Status->"File Free: 516,882,680 Bytes"

And, completely as safe as the main flash memory because the flash card would simply be treated as a secure non-portable "memory upgrade" (content scrambled)

I have no knowledge of memory card plans, but from a geek perspective, I make a wild guess of the above, since it makes total sense for RIM to do this eventually, if viewed from this particular angle -- at least from a 2006 perspective. Competition will ensure that RIM is forced to provide at least a secure memory upgrade route.

Remember... Memory cards are NOT necessarily insecure temporary removable cards that can be plugged into a card reader. There is already a "upgradeable semipermanent memory module format" called RS-MMC and MicroSD for cellphones -- these should essentially really be considered memory upgrades rather than memory cards.

It is simply user-installable flash memory. That's it. Think this way and you will agree with me that it's not a real security problem. It is possible to make these removable cards 100% as secure as the main flash memory -- According to an old post on this forum, the CIA has already opened up BlackBerries and tried to read the built-in main flash memory, to no success. It would be no different for user-installable flash memory, just easier to remove, that's it -- but no easier to encrypt or decode the data -- as in a stolen BlackBerry, for example.

All RIM needs to do is simply present this "user-installable upgrade memory" angle / point of view to the appropriate certification agencies and it shouldn't be that difficult. Don't think of it as a "memory card" - it's not a flash media on a traditional "digicam" point of view - because of the way it would be implemented. Make users happy, make administrators happy. BES could be programmed to disallow it, so users couldn't install an upgrade. Memory upgrades could easily be cryptographically "signed" for a specific PIN code, so that only that particular flash module and that module, can function properly in that particular, specific BlackBerry. Portability between BlackBerries is not a feature that most power users want anyway (not me either). For switching BlackBerries, moving from one BlackBerry to another, would just be identical to the procedure for the builtin nonremovable flash memory -- restore everything through BlackBerry Desktop. No different procedure. The user installable flash memory would be just an extension of the main memory, treated exactly the same by the end user and system administrators.

I'd bet, 2006, I don't see a problem with RIM introducing user-installable flash modules (either in RS-MMC or MicroSD format which is smaller than a SIM card!)

Bottom line:
Memory upgrade modules ("flash media" used instead as a "memory upgrade module" using existing memory content encryption) for BlackBerry would be 100% safe. Absolutely zilch, zero, nada, NO SECURITY ISSUE, guaranteed - if implemented properly.
__________________
Thanks,
Mark Rejhon
Author of XMPP extension XEP-0301:
www.xmpp.org/extensions/xep-0301.html - specification
www.realjabber.org - open source

Last edited by Mark Rejhon : 09-25-2005 at 09:27 PM.
Offline  
Old 09-25-2005, 09:09 PM   #13 (permalink)
Retired BBF Moderator
 
Mark Rejhon's Avatar
 
Join Date: Aug 2004
Location: Ottawa, Ontario, Canada
Model: Bold
Carrier: Rogers
Posts: 4,870
Post Thanks: 1
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by pierre626
I don't agree with you's.With removable memory you could save allsorts of stuff.Important emails,Pictures,Attachment and you could even backup your BB.
Wrong. Memory cards can be made 100% safe and secure in a BlackBerry. Just simply treat the card as a memory upgrade module instead ("File Free: 500,000,000+") and use the existing memory "Content Protection" system found in Options->Security. Makes it impossible to steal data.

A specific memory card would be signed to work only with that particular BlackBerry, and be uncrackable even by CIA, just like when CIA removed the built-in flash chips to try to crack the memory. The removable flash card would apply identical encryption, it'd just be easier to remove -- but equally hard to crack.

In addition, SIM-card style memory called MicroSD are "semi-permanently" affixed behind the battery (like SIM card), making losing the card a total non-issue. For more information, read my previous article above.


Quote:
Originally Posted by NJBlackBerry
Which you will lose or will be stolen.

A bad idea...
Wrong. A total nonissue. Read the above.

Repeat after me....
"MEMORY UPGRADE MODULE", not "FLASH MEDIA"
"MEMORY UPGRADE MODULE", not "FLASH MEDIA"
"MEMORY UPGRADE MODULE", not "FLASH MEDIA"


100% secure, 100% encrypted, 100% safe in a BlackBerry, and since it's put semipermanently inside the BlackBerry just like a SIM card, loss is a nonissue.

Quote:
Originally Posted by MobileRC
No one heard anything else regarding this? I see it having a purpose especially when document storage. But wont happen unless there is some sort of encrypted data algorithm
The "encrypted data algorithm" is already on your BlackBerry. Just go to Options->Security->Content Protection and turn it on. Your builtin flash memory is now encrypted. Same algorithm could easily be applied to a removable flash memory, which would automatically force it to only function in that particular BlackBerry. Nothing new really needs to be invented.

The main complexity going forward is simply red tape (inertia of introduction to a security-adverse market and squeamish executives), addition of a SIM-like memory card slot (ie MicroSD), and upgraded software to support the extended flash memory (which could potentially be made completely invisible to the applications).
__________________
Thanks,
Mark Rejhon
Author of XMPP extension XEP-0301:
www.xmpp.org/extensions/xep-0301.html - specification
www.realjabber.org - open source

Last edited by Mark Rejhon : 09-25-2005 at 09:42 PM.
Offline  
Old 09-25-2005, 10:53 PM   #14 (permalink)
BlackBerry Extraordinaire
 
barjohn's Avatar
 
Join Date: Sep 2004
Location: Riverside, CA
Model: 8700
Carrier: AT&T
Posts: 1,068
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Anyone that believes that you can't crack the memory cards doesn't understand encryption. (Sorry Mark but I must disagree and don't take such nonsense as the CIA couldn't crack [try NSA]).
I used to own a company that produced a product called UnLock. Back when it was legal to remove copy protection I reverse engineered more copy protection schemes that were supposedly unbreakable than I care to count. All used some form of encryption. All one needs today is a good hardware CPU emulator (I did it the hardway with just MS debug and later Black Ice). The encryption.decryption algorithm exists in the hardware and even if it is encrypted, it must be decrypted to execute. Typically, blocks of code are decrypted just prior to execution. With a hardware emulator you can stop the process just after decryption and dump the code for examination. If the key is stored in the unit it becomes easy to find the key and decrypt anything you want afterwards. Since the Blackberry has you generate a key for storage on the device, I think we can presume the key is contained on the device. Given the low power CPU the encryption algorithm can't be too complex or it would slow the unit down to an unacceptable level.

Some of you may even remember the system created and patented by a Westlake Village Company called Vault Corporation. It used a spot burned by a laser on the floppy disk and thus they claimed it was impossible to break their copy protection scheme. It was the first system I broke and I didn't even know the assembler when I started. It did take me 30 days using MS Debug to painfully capture and dissasemble the code, find the key and remove the copy protection by writing code that circumvented it!
__________________
John

For more information see barJohn Reviews It
Active PIN 203A5535
Offline  
Old 09-26-2005, 12:37 AM   #15 (permalink)
Retired BBF Moderator
 
Mark Rejhon's Avatar
 
Join Date: Aug 2004
Location: Ottawa, Ontario, Canada
Model: Bold
Carrier: Rogers
Posts: 4,870
Post Thanks: 1
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by barjohn
Anyone that believes that you can't crack the memory cards doesn't understand encryption. (Sorry Mark but I must disagree and don't take such nonsense as the CIA couldn't crack [try NSA]).
You may be confusing the use of a flash card filesystem (not the intended usage here) with the use of using the card like flat linear memory, much like the soldered-in flash memory chip. Basically using the card as virtual memory, same purpose as the flash chips soldered inside the BlackBerry.

It would all be the same bytes and data, using the same Content Protection algorithms.

i.e. if it was possible to crack the data in the built-in flash chip, then it would equally be possible. The cryptographic considerations would be pretty much identical. If there's a security hole cracking the cryptographic code on the removable flash chip, there's the same security hole cracking the same cryptographic code on the non-removable flash chip.

For the purposes of this article, pretend the built-in flash chip is removable.

As for the CIA stuff, that was quoted from another article found on this BlackBerryForums site, so that may be hearsay. If it is proven that the builtin flash chip in the BlackBerry is crackable, then I believe you. BUT the bottom line, the point is, the cryptographic security can be made identical between the removable and non-removable flash chips. Cryptographic security strength can be made identical on both the nonremovable and removable chips. That's indisputable. That's the primary thing here. (Just pretend the non-removable chip is actually removable - but store the same bytes into it - when we are talking about byte-level cryptography (like software based cryptography, or external cryptographic hardware generating data to be stored in any arbitrary bitbucket). If BlackBerry security depends on the 'architecture' of the chip (i.e. depending on thermal noise of the flash chip), then I don't currently know about it.

Years, I did learn public key cryptography in first year University Algebra, so I do have a "basic" understanding of public key here, but I don't work with them. You know more than I do about the various intricacies of cryptography, but I think you know the point where I am coming at, even if you were trying to disprove my 100% figure which you may be right at (My point is that security can, in theory, be made identical between removable and nonremovable flash)

I do, however, agree with you that if the internal flash chip(s) (Such as the 32 megabytes worth on the motherboard of the 7290) is proven to not be 100% secure from today's cracking technology (that I don't know, and you may have inside information on top secret agencies doings with BlackBerries), then removable memory would not be 100% secure either. Perhaps you may be right here on the "100%" figure.

Now, to expand on the point of this thread here that security can be made identical regardless whether the flash chip is removable (the card) or nonremovable (the soldered chip). This is on the basis of treating both equally as a data bitbucket with the same data formats, etc. Only that the removable flash is simply easier to physically access for the casual cracker, but for all pratical purposes, anybody determined can equally access either the normally-removable and normally-nonremovable flash. Thus, security implication would be identical. If BlackBerry can be "trusted" to the encryption of its nonremovable flash, then BlackBerry can be "trusted" equally in the encryption of its removable flash (if it has one), assuming the same cryptography is used on both. i.e. can be made pretty secure.

If you know inside information or about whether Content Protection is so weak as to allow cracking simply by transplant of the chip from one BlackBerry to another, or easily cracked from a byte-by-byte dump into computer (easily-broken weak software encryption in the dump), then that would pose a serious problem (That seems like security by obscurity - not revealing how weak Content Protection is - that data can easily be cracked off the builtin flash chip). I'd imagine that the government would not be happy about that. But it is my understanding that Content Protection is pretty strong once the BlackBerry has password locked itself, or lobotomized itself. Consequently, it is my impression it would be equally strong on a removable flash, with identical security strength for both non-removable and removable flash. That means a bad password would still be poor security, but the poor security would just equally affect both the removable and nonremovable flash.
__________________
Thanks,
Mark Rejhon
Author of XMPP extension XEP-0301:
www.xmpp.org/extensions/xep-0301.html - specification
www.realjabber.org - open source

Last edited by Mark Rejhon : 09-26-2005 at 01:08 AM.
Offline  
Old 09-26-2005, 08:11 AM   #16 (permalink)
BlackBerry Extraordinaire
 
barjohn's Avatar
 
Join Date: Sep 2004
Location: Riverside, CA
Model: 8700
Carrier: AT&T
Posts: 1,068
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Actually, the removable memory would be more secure than main memory, even if secured using the same encryption system because you need physical access to the memory in the Blackberry to get the encryption algorithm and key. Without it, it would take breaking the encryption via a brute force method or a more sophisticated attack that would be beyond that available to most people. However, if the encryption method is weak and relies on the fact that access to the chip requires special skills as part of the security this would not be true.
__________________
John

For more information see barJohn Reviews It
Active PIN 203A5535
Offline  
Old 09-29-2005, 03:12 PM   #17 (permalink)
Knows Where the Search Button Is
 
Join Date: Sep 2005
Location: Chicago, IL
Model: 7280
Posts: 27
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Just to point out, the decryption key requires a password to unlock. If RIM has been smart with their implementation, only brute force techniques can be used to unlock the key. So if the user has a decent password, decrypting the data on the flash memory is going to be very difficult - it won't be easily cracked. Without the resources of a large government, it is most likely impossible to decrypt the data on the BB's flash rom if the user has a good password. The same would apply to any BB encrypted removable storage.

Also, it's wrong to assume that heavy CPU time = good encryption. The best encryption techniques used for secure connections on the web require very little CPU processing (private/public key systems - SSL, RSA, DSA, etc.).

Last edited by JamesR : 09-29-2005 at 03:18 PM.
Offline  
Old 09-29-2005, 10:27 PM   #18 (permalink)
BlackBerry Extraordinaire
 
barjohn's Avatar
 
Join Date: Sep 2004
Location: Riverside, CA
Model: 8700
Carrier: AT&T
Posts: 1,068
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

This is only true if the user locks the unit. Most users don't bother because it slows down being able to answer a call. Furthermore, if you have acces to the hardware you really don't need to use a brute force approach. Think about it. What does the computer have to do when you enter a password? It must either apply the password to a decryption algorihm (not the common approach) or verify the password (authenticate the password and user ID as valid) the more common approach. Think of how it might do this, apply the same technicques used to create a comparison value to the input key and compare the generated key to the stored one way hash. If the comparison matches go to next step. How does this happen in the CPU? Subtract value in register A from value in register B is the result 0, if so go to next step. Now suppose I tell fool the cpu by ensuring that the result of the subtraction is 0, what do you think happens next? Match! Exactly! I could go on giving you lessons on cracking systems but that is not my intent and what I have shared here is the fundamental easy stuff. It gets interesting the more complex and diffiuclt the technique. I remeber once a company from Chicago sent me a hardware based security system for a PC that they said was very secure, it took me less than an hour to break it.

Maybe, RIM has employed some very sophisticated methods (I hold a patent on combining public key and private key methods for securing financial transactions) however, I never claimed it was unbreakable, only htat the cost to break it outweighed the financial gain derived from breaking it due to the fragamentation method used (i.e if you broke one key you were limited in what you could do an dthe effort required to break the next key was equally costly).

The government does not consider a good password more than minimal protection. You will not find SECRET or TOP SECRET data secured by a mere "good" password. CPU time is generally related to key length because technicques like RSA and Diffie Hellman rely on computational difficulty for security.. RSA has been cracked, Diffie Hellmand has been cracked and since SSL isbaed on RSA for key exchange you can consider that it has been cracked. Rivest and Shamir have published info on their systems and new and better technicques for factoring primes are being developed every day, hence the need for greater and greater key lengths. Tables of precomputed primes reduce the time further. (It seems some people have nothing better to do with their computer time) The only theoretically unbreakable encryption system is the one time pad. It isn't practical for most communications but it is very secure. Other systems based on known mathamatical processes to generate psuedo random keys where the key sequence does not repeat for thousands of years are also employed. However, such systems depend on the secrecy fo the process (unlike public key or DES (triple, double or single) where the algoithm is known) and they are basically block cyphers.
__________________
John

For more information see barJohn Reviews It
Active PIN 203A5535
Offline  
Old 10-13-2005, 04:29 PM   #19 (permalink)
New Member
 
Join Date: Oct 2005
Location: Dallas
Model: 8800
Carrier: AT&T
Posts: 5
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

There is no such thing as 100% secure yet, I wish.

dblAdagio
__________________
DTT ITS Professional
Dallas-Ross
Offline  
Old 10-13-2005, 04:56 PM   #20 (permalink)
BlackBerry Extraordinaire
 
barjohn's Avatar
 
Join Date: Sep 2004
Location: Riverside, CA
Model: 8700
Carrier: AT&T
Posts: 1,068
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

By the way, thought you all might be interested to know that the government doesn't consider Blackberry's Bluetooth secure enough so they don't allow it and shut off the feature via the policy settings. So much for that was why RIM only implimented the headset profile.
__________________
John

For more information see barJohn Reviews It
Active PIN 203A5535
Offline  
Closed Thread


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On





Copyright 2004-2014 BlackBerryForums.com.
The names RIM and BlackBerry are registered Trademarks of BlackBerry Inc.