Encryption On Palm OS Devices

Home

You want to keep your PDA data private.

One method to do this is to encrypt/scramble/hash/encode the data.

There are 4 broad ways to do this:

Encrypt all (or most of) the device's data when the device is locked.
Encrypt all (or most of) the device's data except when specific data is needed.
Use a program that encrypts specifically marked text.
Use a specialized secure storage program that maintains its own encrypted database.

Each of these ways of doing encryption has drawbacks:

The 1st way may make your device slow to turn off and on.
The 2nd way may make your device too slow at all times.
Both the 1st and 2nd ways may cause serious operational problems - data loss and program crashes.
The 3rd way is likely to suffer from "leakage".
And the 4th way may simply not fit your needs.

With all of these ways to encrypt data, here are some questions to ask:

How long is my password?

How many "bits" of encryption are used?

Does the encryption logic "leak"?

What about "trojan" programs?

Can lock programs use encryption?

Why doesn't OnlyMe use encryption?

What about using a program designed specifically to secure my data?

What do I watch out for in a secure storage program?

What can I do to test an encryption system?

How long is my password?

Modern computers can generally "break" encryption using a password of less than 8 totally random characters.

Rule of thumb: double the password length (to 16) if you use a password that is relatively easy to remember. By "totally random", we mean a password generated for you by a program especially built to do so.

How many "bits" of encryption are used?

The "128 bits" or "256 bits" numbers that you may often read are not particularly helpful. These "bits" numbers tell you, in essence, the maximum effective password length. Your password may be shorter, but it cannot not be longer than whatever number of "bits" are mentioned. A password of 8 totally random characters is in the neighborhood of about 50 to 60 "bits". A password using two words separated by a symbol character is in the neighborhood of 25 to 35 "bits".

Generally speaking (depending upon encryption method, etc.) "128 bits" or higher will be adaquate until an unexpected computing breakthrough has been made, or until a hole is found in the particular encryption method used.

Does the encryption logic "leak"?

"Leaking" data is what a program does when it leaves copies of the unencrypted data in memory somewhere. Unfortunately, you cannnot check for leakage without sophisticated debugging tools.

While you edit text on Palm devices, the OS normally makes many copies of the text data. A properly implemented secure storage program must stop this from happening. This copying is not easy to stop. For example, normal Palm programs lose direct control of the text "field" when the on-screen keyboard is popped-up.
During normal operation, the Palm OS copies data around in memory to help in memory allocation logic. This can happen, especially, when one program "alarms" over another. Properly implemented secure storage programs must handle this logic.

A popular "leak" is the text clipboard (used for copy/paste operations)!

What about "trojan" programs?

In this case, a "trojan" is a program that secretly watches what you are doing on your PDA. Specifically, a trojan would record what password(s) you enter.

Depending upon your "threat", the possibility of a trojan requires that, even if you use a secure storage program, you must lock your device, too. The lock program keeps others from loading their trojans on to the device.

Can lock programs use encryption?

Yes, many do.

Why doesn't OnlyMe use encryption?

Secure encryption requires a long password. Few people use a long password for their lock. Even fewer people do so for very long.

Too, encryption requires that the data be decrypted to be read or used. There are two times when this can (or must) be done:

When the device is unlocked.
When the data is needed.

Crypto takes time. There can be long delays if your data is decrypted when the device is unlocked (and encrypted when the device is locked). One way to minimize this delay is to selectively choose databases to encrypt. But program alarms and data leakage problems will probably erase the value of this extra selectivity.

Decrypted data may be needed by programs that cause alarms. (Note: a program does not need to make a sound, or even to turn on the screen, when it "alarms".) Either the lock program must stop programs' alarms or the information needed to decrypt the data must be available while the device is locked. The former causes a lot of problems with the device. The latter defeats the purpose of encryption. The latter is the equivalent of leaving your house keys under the front door mat.

What about using a program designed specifically to secure my data?

You may especially want to do this in three cases:

You want the data encrypted on your HotSync PC.
You want the data encrypted on a memory card.
You perceive a very serious threat to your privacy.

There are many secure storage programs available for Palm devices.

What do I watch out for in a secure storage program?

Make sure that the program uses a modern encryption method (AES, BlowFish, IDEA, 3DES, etc.).
Stay clear of simple "XOR" schemes. XOR (exclusive OR) logic is a fundamental component of many encryption methods, but easily broken when used alone. Properly implemented, any modern encryption method gives you more security than you will need. If you use a long password to encrypt your data using any of these modern methods, someone who wants your data will need to find another hole in your security.
If the secure storage program encrypts data at times when you are not using your device (e.g. in the middle of the night), ensure that it uses a "public/private key" mechanism. This mechanism allows the program to encrypt the data without knowing how to decrypt the data. If the program were to know the information needed to decrypt the data, then any person who can unlock the device and/or read the device's memory would be able to obtain that same decryption information.
History may find public/private key encryption to be one of the most important inventions of the 20th century.
Short description of public/private key encryption:
Data is encrypted and decrypted using two different "keys" (passwords, in effect). One key is known to the public - to everyone. Anyone may encrypt data at any time. The other key is private. Only those who know the private key can read the unencrypted data.
When a program needs to encrypt data while you are sleeping, it encrypts the data using the public key. If it were to use a normal single key/password, then that key/password would be easily readable by anyone in control of the device. Again, it "leaves the house key under the door mat".
Make sure that the secure storage program can generate truly random numbers. Since encryption program producers often document technical features or their programs, you will likely find notes about this in the program's documentation.
Often (and always in the case of public/private key encryption), encryption is actually done using a truly random "key". The password is used only to keep the "key" secret.
It has been historically common for programs to correctly use strong encryption methods, but to use an easily guessed "key". This mistake is the equivalent of using a good, strong safe with a combination lock that only has a few possible combinations.
Run the program under the Palm Emulator program, POSE. Use a debug ROM, if possible.
Many people do this with any program before running the program on their own device.
POSE reports many questionable behaviors from programs. It is normal for certain programs (especially "hack" type programs) to use such questionable behavior. Unless you are a programmer, the various reported behaviors will not make much sense to you. But ...
... POSE stops many programs with serious logical errors from running at all! It is these programs that you want to keep off of your device. And, such programs quite definitely should not be secure data storage programs. If there is a bug in a secure storage program, you may lose your data - forever. In fact, this author has lost data because of bugs in programs outside a secure storage program. (Another program deleted some of the data because the other program thought that an encrypted database "field" was too long.)

What can I do to test an encryption system?

There are people who love to "break in" to secure data. It's a fun game. You probably do not feel this, yourself. Because of this, you won't discover tricky holes in security programs. But you can try some tests.

For most tests you will need to be able to view the encrypted data. There are several Palm OS programs that can be used for this. Examples include:

So, here are some tests you can try:

Test a long password. The program should not limit your password length. You may test this by encrypting some data using, say, "1234567890123456" as a password and then attempting to decrypt the data using "1234567890123452". (Note the different final digits.) The data should not be decrypted properly.
Encrypt text that is a single character repeated many times. View the encrypted data. You should not see patterns in the encrypted data.
Though you may not see patterns, a computer may "see" them. A very simple example of this is that a computer can count all uses of each character. In general, each character should be used in the encrypted data about as often as each other character.
Your eye can be fooled. For instance, your eye will notice pairs and runs of the same character. Random data may include more runs/repeats than your eye may expect to see.
Note whether the program's encrypted version of a single character repeated many times takes less space than the program's encrypted version of gobbligook. If it does, the program probably compresses the data before encrypting it. That is good. It indicates a program whose design has been given some thought.
Encrypt the same text twice in two different data areas (two different "records").
Is the encrypted data the same in both places? This is not good.
Check whether you can recover after a catastrophic device failure.
On an extra device that uses a different HotSync user name than your own device:
- Install the secure storage program and enter some information.
- HotSync.
- Cold reset the device.
  Hold the power key in while poking the "reset" hole with the end of a paper clip. When you release the power key, the device asks you to push the "up" key to erase all memory. Do so.
- HotSync to recover the data.
- Verify that you can read the securily stored data.

Tranzoa, Co.
P.O. Box 911
Maple Valley, WA 98038 U.S.A
+1 (425) 432-3532
Email: encrypt_info@tranzoa.com

encryption.htm :
Last modified October 18, 2002