Help: GSM/GPRS Encryption

[Deenem]

I've just been presented with the statement:
"Sending an email from a Blackberry is more secure than using another PDA (in this case an iMate) because it (the Blackberry) has security built in, whereas the others don't."

My male cow manure detector went off straight away because I was under the assumption (now confirmed) that all GSM trafffic (voice & data) is encrypted on the device before being sent.

Can anyone out there point me to some web resources with some hard evidence that I can use to prove my point?

TIA.

 

[vodacom3g]

There are various levels of security and encryption on the Network.

The first is the GSM A5/1 encryption on the air interface, this part of the GSM specification for security.

The second is the physical security that we ensure by using point to point links (albeit provided by Telkom).

Then as far as Blackberry goes, there is additional security. (please see below, which is an extract from the Blackberry Feature and Technical Overview.)

So, to get back to your query, yes it seems that the statement is technically correct. Just by the fact that Blackberry does encryption over and above what we do on the Network, it would be (even) more secure.

---------------------------------
BB Security

The BlackBerry solution enables users to send and receive email and access corporate data wirelessly, while seamlessly protecting data against attack. The BlackBerry Enterprise Solution uses Triple Data Encryption Standard (Triple DES) or Advanced Encryption Standard (AES) encryption to encrypt data in transit. Data remains encrypted during transit and is never decrypted between the BlackBerry Enterprise Server and the handheld.

Encryption

Encryption is the scrambling of data based on a key. An encryption algorithm is designed so that only the parties that know the secret key can decrypt the encrypted data or ciphertext.

27 2: Features

Triple-DES

BlackBerry uses three iterations of the Data Encryption Standard (DES) algorithm with three 56-bit keys, in cipher block chaining (CBC) mode for an overall key length of 168 bits. The encryption procedure is the same as regular DES, but it is repeated three times. With Triple DES, the data is encrypted with the first key, decrypted with the second key, and finally encrypted again with the first key.

Advanced Encryption Standard

AES was developed to replace DES. AES provides a better combination of security and performance than DES or Triple DES. AES provides greater security against brute-force attacks by offering a larger key size. BlackBerry uses 256 bit keys in CBC mode to encrypt data that is sent between the BlackBerry Enterprise Server and the handheld.