Sunday, 8 December 2013

How Secure is Obama's BlackBerry

A few months ago (Dec 2013) there was an avalanche of news articles around the globe telling how President Obama's said he wasn't allowed to use an iPhone for security reasons.  While it is clear to anyone who actually read what he said that he was trying to draw another strained analogy between and phone bills It has prompted a lot of speculation about the reasons why the only phone he is cleared to use is a legacy Blackberry.

Cast you mind back to January 20th 2009 when Barack Obama was inaugurated to the office of President of the United States.  At the time there was a lot of media attention about the fact that he was asked to give up his BlackBerry because it was considered to be a security risk.  But he insisted and the Secret Service, The White House Communications Agency (WHCA) and the National Security Agency (NSA) went looking for a solution.

So what was changed to allow Obama to keep his BlackBerry? What encryption software and security measures were required to allow him to become the first US President to access email from a smartphone.
Sectéra Edge
Obama was initially offered a Sectéra Edge, a highly secured PDA, which is produced by General Dynamics for the US military. But the Sectéra Edge is quite big, heavy (340 grams) and bulky and therefore hardly convenient for someone used to a BlackBerry. This solution would also require everyone that Obama would like to communicate with to have an Sectéra Edge . Secure communications are only possible if both ends use the same (or compatible) encryption devices.

The Sectéra Edge, manufactured by General Dynamics

The Sectéra Edge was not a solution preferred by POTUS therefore a software solution was sought to encrypt phone calls and text and email messages.

For this purpose, the security agencies choose the 
SecurVoice application, which was developed by The Genesis Key, Inc. in cooperation with engineers from BlackBerry manufacturer then called Research In Motion. Not to be confused with SecuSUITE, the German company used for securing the smart phone of the German government.

After NSA did all the necessary tests and checking to make sure the software met federal standards like 
FIPS 140-2, the highly secured BlackBerry was delivered to the president somewhere in May or June 2009. He also gave up his old e-mail address and switched to a new one, which is kept secret.

The secure BlackBerry was also distributed to a small group of people with whom he likes to stay in close contact with. This is because it's only possible to have secure communications if both ends are using the same encryption method. This limited Obama's goal of keeping in touch with the outside world: encryption means exclusion.

The number of people able to message and call the president is probably only between ten and twenty. Included are the Vice-president, Obama's chief of staff and some of his top advisers, his press secretary, first lady Michelle Obama, a few other family members, and a small group of personal friends from Chicago.

On October 30, 2013, Obama's press secretary Jay Carney 
said that the president will continue to use his secured BlackBerry, despite concerns about eavesdropping which came up after it was revealed that NSA intercepted the communications of 35 world leaders.  Presumably because the NSA who know a thing or two about eavesdropping still considered the Blackberry solution to be secure.

The Genesis Key

The SecurVoice software for the presidential BlackBerry was developed for a small company called 
The Genesis Key, Inc., based in Washington DC. This company was founded in October 2008 by W. Steven Garrett, who took the name from an item used in the 1986 computer game The Legend of Zelda.

The software was developed in the previous four years, apparently for one of the projects of 
Steve I. Cooper, a former special assistant to the president, senior director for information integration, and CIO (Chief Information Officer) for the Office of Homeland Security. He is now a member of the advisory board of SecurDigital, Inc., a firm founded in October 2009 by Bruce Macgown and Steven Garrett to distribute the SecurVoice software applications.


The Genesis Key 
released the SecurVoice software in December 2008, claiming this to be the world's first completely secure voice and data encryption solution. Although there were already a number of other hardware and software encryption solutions, the SecurVoice application should be able to protect global voice connections between and within all types of cell, satellite, PBX, SDR and VOIP phones and phone systems.

SecurVoice is 100% Java based, which should make it device- and carrier-independent, but according to the website, the software is currently only operational on the Blackberry operating system version 4.5 and up. Software porting for other operating systems, like Symbian, Brew, Windows Mobile, Google, and iPhone is said to be underway.

With SecurVoice, each phone can be loaded with up to three levels of security, each one accessible through a separate icon and recognizable by a different ringtone. When dialling a number and this number has a cryptographic key associated with it, then the call is automatically placed as a secured call. If a phone number has no cryptographic key associated with it, then the cell phone operates normally and the call is placed unencrypted.

The SecurVoice software comes in two versions:
Phone-to-Phone (P2P), where secure calls are made directly from one cell phone to another. The price for government users is $1795 per application.
Phone-to-Server (P2S), where secure calls are routed from the phone to an enterprise server and back. The price of a server license is reportedly between $2500 and $25.000 USD.

It's likely, that for Obama the server solution was chosen. This allows a centralized key management, monitoring of all secure calls and record keeping of the messages. One
source says the president may have to wait up to several minutes for an e-mail reply as the system actively sniffs out incoming messages for viruses or Trojan horses.
 Sometimes one Blackberry is just not enough
The SecurVoice software features a dual-layered, or hybrid encryption scheme which means it combines symmetrical and asymmetrical encryption algorithms. It performs the voice encryption in real time by using a fast symmetric cipher, using a strong key. This key is then encrypted with a public-key or asymmetrical cryptosystem, like RSA or ECC, and transmitted together with the encrypted message. This is also how the vast majority of present-day communications encryption works.

The SecurVoice symmetric encryption uses a 256-bit session (conversation) key, which replaces the encryption every second with non-reoccurring numbers. This session key is a combination (
salted hash) of the sender Base Secure Key (stored in the recipient key store) and a random session key. According to the manufacturer, SecurVoice uses classified Type 1 encryption algorithms, which are restricted to government and military users. For corporate users, public crypto algorithms like AES are used.

In case of a SecurVoice enterprise server, the software converts voice into encrypted data, which is then sent over the carrier network to the SecurVoice Enterprise Server where it is decrypted. It is then re-encrypted and sent back over the carrier network to the receiving phone, where it is decrypted and converted back to voice. It's also possible to select different encryption algorithms, so that, for example, encryption from a cell phone to the enterprise server may be the AES algorithm with a 128-bit, while from the server to the receiving phone this may be done by using Elliptic Curve Cryptography (ECC).
Security risks
The security solution on Obama’s Blackberry is software only. This leaves the tiny risk of compromised hardware or hacking by means of social engineering however the devices are rigorously tested and Obama seems to be a sensible chap so I don't think there is much concern in that area.

To minimize risks the secured BlackBerrys prevent forwarding e-mail messages from the president and sending him attachments. His secret e-mail address is likely to be changed regularly as well and Obama's friends and staff members were lectured about these security issues.

Another risk of the president using a BlackBerry, like a cell phone in general, is that enemies can try to track the president's location in real-time, even when GPS is disabled. Every cell phone regularly transmits it's IMEI-number to the cell tower, and this can be intercepted by devices like a Triggerfish. It has also been reported in the book “BlackBerry Planet: The Story of Research in Motion and the Little Device” that the presidential BlackBerry can only connect to a secure base station, which can be used to hide the IMEI-number of the device and thus prevent tracking it. This means the White House Communications Agency carry a secure base station wherever the president goes.

There will also be a secure base station inside the presidential limousines and aircraft.  Because using a cell phone network would be a big security risk, and also because the limousine is most likely constructed like a Faraday cage, and therefore a BlackBerry could only be used if there's a base station in the car or aeroplane itself. The secure base station is connected to a secure satellite link with Washington.

Pre-presidential freedom

The most powerful man in the world, the President of the United States of America, Barack Obama got to keep his BlackBerry, after it was secured!
Nonetheless, this ad hoc solution for the President marks the beginning of an era in which top level mobile communications will no longer be secured with dedicated hardware, but by using software applications for regular commercial smartphones.

Sources and Links
Obama Getting Super-Secure BlackBerry
- New York Times: 
Symbol of Elite Access: E-Mail to the Chief
- Washington Times: Obama soon to get secure BlackBerry
- The Telegraph: 
Barack Obama's BlackBerry 'no fun'
- September 2010: 
The X-Change Corporation Acquires Genesis Key, Inc.
- Radio interview about SecurVoice: 
Telecom Junkies - Secret Agent Phone
- Interview with Steven Garrett: Wireless Technology Risks and Enterprise Security
- See also: