AIX > Administrator > Security

Tokenized Encryption: Real-Time System Control

Encryption
 

Step 3: Rename Data Stores and Re-encrypt Sensitive Data.
Once breach detection and emergency procedures have been executed (if necessary), the next priority is to re-secure the data. Since WZRD had auto-ops capability, this could be performed completely via WZRD, overseen by the security coordinator or other recovery team members.

  • First, record the active encryption key (1-6). Then switch to a different key and update the encryption key file with the change.
  • Disconnect sensitive data from any batch programs by abnormally terminating them. In almost every instance these programs were read-only, making the restart easy when the sensitive data was rebuilt. Batch programs with update intent always took a full token file backup before updating; in this case the backup was used to rebuild the file.
  • The third step to re-secure the sensitive data entailed submission of a recryption job which had three job steps: job step one issued a CICS TS CLOSE command on the token file. Job step two executed a program that decrypted the data using the old key and encrypted it with the new key. Then job step three OPENed the file to CICS TS.
  • Assuming the breach was contained, the coordinator took appropriate steps to resume normal operations.


Step 4: Run Audit and Diagnostic Reports.
WZRD provided selections that generated numerous troubleshooting reports:

  • Traces that show sequences of events like file accesses, related file operations (reads, updates, deletes, etc.), sign-ons, sign-on durations and security violations by UserID.
  • Audit reports showing sign-on and file security violations with associated UserIDs.
  • Listings of online UserIDs and related user names at breach time, and invalid UserIDs.
  • Exception reports based on number and frequency of data accesses, time of data accesses, duration of accesses, size of downloads, etc.
  • Ad hoc reports by search criteria to narrow down number and location of breaches.

Other Functions

WZRD usage was extremely limited, a quality also necessary for certain functions not breach-related:

  • Manual encryption of sensitive data – e.g., a credit card change to an order – could only be performed using WZRD. Only an “order investigation” unit was authorized for this function.
  • Decryption was limited to WZRD. There were instances when investigating an order that it was necessary to see the cleartext version of CHD or CAD.
  • Two different encryption products were used, one to exploit a cryptographic coprocessor, the other to perform cryptography when the coprocessor was unavailable, primarily for disaster recovery. WZRD provided both inquiry and switching functions.
  • WZRD could locate and display a specific token record in cleartext, identifying each record field.
  • WZRD could also be used to submit a various jobs to produce CAD or CHD reports useful for investigating orders or exceptions, routing the output to a specified user.

Security

Only a select handful of individuals (5-7) were authorized to use WZRD, but it could also be accessed via a “hot ID” UserID that could be checked out for 24 hours after an extensive identification validation. The power of WZRD had to be limited to only qualified individuals based on justifiable need.

Mitigating the Damage, Solving Security Issues

The WZRD transaction provides the most infrequently used yet profoundly vital capabilities of the entire cryptographic interface that enabled PCI Compliance and sensitive data protection. WZRD provided a solid foundation for dealing with a data breach, enabled a flexible disaster recovery strategy and provided investigative and data manipulation capabilities that closed the circle of a robust, tailorable and usable cryptographic capability for business organizations.

 

Jim Schesvold is a technical editor for IBM Systems Magazine. Jim can be reached at jschesvold@mainframehelp.com.



Like what you just read? To receive technical tips and articles directly in your inbox twice per month, sign up for the EXTRA e-newsletter here.



Advertisement

Advertisement

2017 Solutions Edition

A Comprehensive Online Buyer's Guide to Solutions, Services and Education.

Hardening the Cloud

Security considerations to protect your organization

Verify System Integrity

AIX 6.1 and Trusted Execution help ensure secure systems

A Bankable Solution

AIX Cryptographic Services improves security while simplifying administration

IBM Systems Magazine Subscribe Box Read Now Link Subscribe Now Link iPad App Google Play Store
AIX News Sign Up Today! Past News Letters