http://www.canada.com/national/nationalpost/news/story.html?id=a1b84641-4ddf-4db0-b462-d8ce4597e9f0 Stephen Thorne Canadian Press March 01, 2005 OTTAWA (CP) - The Canadian military and U.S. security agencies have launched a joint effort to make BlackBerry portable communications devices more secure, hoping to one day use them to exchange top secret information. Defence Research and Development Canada, the Canadian Communications Security Establishment and the U.S. National Security Agency are among those involved in the year-long trial. The two countries will develop improved security on the hand-held personal data assistant designed by Research in Motion of Waterloo, Ont. With its cell phone, e-mail, calendars and contact lists, the BlackBerry is considered a blessing and a curse by users because it never allows them peace. But it has become a must-have for business, defence and security officials alike. "This BlackBerry technology . . . allows decision-makers to have their information right in the palm of their hands and to make decisions while they're away from their offices," said the military's chief scientist for the project, Mazda Salmanian. "You can see how important that would be for (the military)." The security of such tools came under scrutiny last month when hackers accessed private files from a similar device, called a Sidekick II, owned by Paris Hilton. They obtained more than 500 celebrity phone numbers, e-mail addresses and topless photos of the hotel heiress and TV personality. It was the most publicized in a series of breaches of the wireless carrier T-Mobile, a unit of Deutsche Telekom, during which hackers stole files from a U.S. Secret Service agent who used his Sidekick to do agency work. The Canadian defence project director, Matthew Kellett, says government and corporate BlackBerrys are resistant to similar breaches because they use so-called enterprise servers - in-house, protected e-mail networks. The Sidekick II uses a commercial online server to store some information, including phone numbers. Contacted Monday through a New York-based public relations agent, Research in Motion said it was not aware of the defence security project. The primary focus of the defence project is security of transmissions. "In a crisis situation, you really don't want to have the movements of your emergency people known, especially if it's a terrorist situation," said Kellett. "We're trying to protect communications between agencies. "It's mostly towards the terrorist angle, but there's also the relative sensitivity of the information we're passing." In government circles, BlackBerrys are now cleared to Protected A, which means bureaucrats cannot exchange much beyond names and phone numbers. Some agencies can go to Protected B, which allows exchange of encrypted personal information such as addresses, salaries and employment records. But defence officials want to be able to send more secure information continent-wide by e-mail during a crisis. U.S. researchers are developing test scenarios where the two countries would interact and co-operate in public safety and emergency preparedness exercises, said Kellett. One exercise will be the mock crash of a U.S. surveillance aircraft on Canadian soil. It will involve attempts to establish whether the crash was an accident or the result of terrorism threatening national security. Would-be rescuers will e-mail data from a remote location, likely using more dependable and accessible satellites instead of traditional cells with their sometimes spotty coverage. Under other scenarios, the coast guard will transmit information about suspicious activities off the coast of North America, out of cell-phone range, and border officials would manage a terrorist bombing. "The BlackBerry will have another radio access," said Salmanian, an electrical engineer. "Right now it's on cellular networks; it will have access to the satellite networks. "That will involve new ways of integrating technology." They also hope to develop encryption enhancements that could allow more secure information to be transmitted. The project will be the first time the specific encryption technology, known as public key infrastructure, will be used, along with other technologies, in an international context, researchers said. While the trials will take about a year, the data processing and subsequent research could continue for two more, said Salmanian. Initially, researchers will look at data transfer - e-mails - but could develop voice encryption later on, he said. The priority has been placed on e-mails because written information is more verifiable, more easily subject to analysis and in emergencies is better transmitted and archived. The research results could ultimately be commercially available, with some proceeds going back to the research and development arm of defence. _________________________________________ Bellua Cyber Security Asia 2005 - http://www.bellua.com/bcs2005
This archive was generated by hypermail 2.1.3 : Wed Mar 02 2005 - 11:34:55 PST