[ISN] Canadian military, U.S. agencies launch BlackBerry security project

From: InfoSec News (isn@private)
Date: Wed Mar 02 2005 - 09:24:23 PST


http://www.canada.com/national/nationalpost/news/story.html?id=a1b84641-4ddf-4db0-b462-d8ce4597e9f0

Stephen Thorne 
Canadian Press 
March 01, 2005

OTTAWA (CP) - The Canadian military and U.S. security agencies have
launched a joint effort to make BlackBerry portable communications
devices more secure, hoping to one day use them to exchange top secret
information.

Defence Research and Development Canada, the Canadian Communications
Security Establishment and the U.S. National Security Agency are among
those involved in the year-long trial.

The two countries will develop improved security on the hand-held
personal data assistant designed by Research in Motion of Waterloo,
Ont.

With its cell phone, e-mail, calendars and contact lists, the
BlackBerry is considered a blessing and a curse by users because it
never allows them peace.

But it has become a must-have for business, defence and security
officials alike.

"This BlackBerry technology . . . allows decision-makers to have their
information right in the palm of their hands and to make decisions
while they're away from their offices," said the military's chief
scientist for the project, Mazda Salmanian.

"You can see how important that would be for (the military)."

The security of such tools came under scrutiny last month when hackers
accessed private files from a similar device, called a Sidekick II,
owned by Paris Hilton.

They obtained more than 500 celebrity phone numbers, e-mail addresses
and topless photos of the hotel heiress and TV personality.

It was the most publicized in a series of breaches of the wireless
carrier T-Mobile, a unit of Deutsche Telekom, during which hackers
stole files from a U.S. Secret Service agent who used his Sidekick to
do agency work.

The Canadian defence project director, Matthew Kellett, says
government and corporate BlackBerrys are resistant to similar breaches
because they use so-called enterprise servers - in-house, protected
e-mail networks.

The Sidekick II uses a commercial online server to store some
information, including phone numbers.

Contacted Monday through a New York-based public relations agent,
Research in Motion said it was not aware of the defence security
project.

The primary focus of the defence project is security of transmissions.

"In a crisis situation, you really don't want to have the movements of
your emergency people known, especially if it's a terrorist
situation," said Kellett. "We're trying to protect communications
between agencies.

"It's mostly towards the terrorist angle, but there's also the
relative sensitivity of the information we're passing."

In government circles, BlackBerrys are now cleared to Protected A,
which means bureaucrats cannot exchange much beyond names and phone
numbers.

Some agencies can go to Protected B, which allows exchange of
encrypted personal information such as addresses, salaries and
employment records.

But defence officials want to be able to send more secure information
continent-wide by e-mail during a crisis.

U.S. researchers are developing test scenarios where the two countries
would interact and co-operate in public safety and emergency
preparedness exercises, said Kellett.

One exercise will be the mock crash of a U.S. surveillance aircraft on
Canadian soil. It will involve attempts to establish whether the crash
was an accident or the result of terrorism threatening national
security.

Would-be rescuers will e-mail data from a remote location, likely
using more dependable and accessible satellites instead of traditional
cells with their sometimes spotty coverage.

Under other scenarios, the coast guard will transmit information about
suspicious activities off the coast of North America, out of
cell-phone range, and border officials would manage a terrorist
bombing.

"The BlackBerry will have another radio access," said Salmanian, an
electrical engineer. "Right now it's on cellular networks; it will
have access to the satellite networks.

"That will involve new ways of integrating technology."

They also hope to develop encryption enhancements that could allow
more secure information to be transmitted.

The project will be the first time the specific encryption technology,
known as public key infrastructure, will be used, along with other
technologies, in an international context, researchers said.

While the trials will take about a year, the data processing and
subsequent research could continue for two more, said Salmanian.

Initially, researchers will look at data transfer - e-mails - but
could develop voice encryption later on, he said. The priority has
been placed on e-mails because written information is more verifiable,
more easily subject to analysis and in emergencies is better
transmitted and archived.

The research results could ultimately be commercially available, with
some proceeds going back to the research and development arm of
defence.



_________________________________________
Bellua Cyber Security Asia 2005 -
http://www.bellua.com/bcs2005



This archive was generated by hypermail 2.1.3 : Wed Mar 02 2005 - 11:34:55 PST