MAINFRAME > Administrator > Security

Pervasive Encryption Features Include Integrated Crypto Hardware, Key Management and Secure Service Container Support

pervasive encryption


The pervasive encryption journey began in 1974 when IBM Research invented the Lucifer cipher, which became the first standardized encryption algorithm, the Data Encryption Standard. Today, IBM continues to provide new breakthroughs in cryptography and security.

An example of a recent breakthrough is the IBM z14* platform, which offers up to 170 cores. Each chip contains 10 cores and 6.1 billion transistors for which IBM invested in new cryptography instructions and circuits, achieving up to a 7x raw hardware performance improvement in the cryptography algorithms used for z/OS* data set encryption and Transport Layer Security operations. This means more encryption, in less time, with less CPU consumption, for lower cost on IBM z14.

CPACF For Speed

Pervasive encryption hinges on speed and throughput. IBM Z* processors have Central Processor Assist for Cryptographic Function (CPACF) for high-speed cryptography. CPACF is one of the underlying crypto engines for Java*, SSL, VPNs, Kerberos, Db2*, IMS* and more. It supports encryption, decryption, hashing, message authentication and random number generation.

Keys (i.e., key material or key values) can be created from random numbers. Keys provided to CPACF must be unencrypted (i.e., clear) or encrypted using a CPACF wrapping key (i.e., protected). A unique capability for IBM Z, protected keys ensure sensitive key material can’t be easily exposed or used outside of the LPAR where they were created.

z14 CPACF has been enhanced for the following advanced encryption standard modes:

  • AES-GCM: Used for network encryption, can be configured as a stream cipher in the list of preferred suites for z/OS Communications Server and System SSL. AES-GCM raw hardware performance is 4x to 6x faster on z14 than on IBM z13*.
  • AES-XTS: Used for z/OS data set encryption, raw hardware performance is up to 7x faster on z14 than z13
  • AES-CBC: Used for bulk symmetric encryption, raw hardware performance is up to 4x faster on z14 than z13

Crypto Express Adapters

Crypto Express adapters are tamper sensing and responding hardware security modules that can store master keys. Master keys encrypt and decrypt keys used in cryptographic operations such as z/OS data set and Coupling Facility encryption.

In addition to protecting cryptographic keys, Crypto Express adapters perform sensitive cryptographic operations and provide custom cryptographic functions, offering a more extensive set of crypto operations than CPACF, including both symmetric and asymmetric cryptographic functions.

Crypto Express adapters support logically separate cryptographic domains to virtualize physical coprocessors and enable cross-LPAR sharing of adapters. Each domain can contain one or more master keys that encrypt and protect other cryptographic keys in use in that domain. A key encrypted by a master key (i.e., secure key) in one domain can’t be used in a domain with a different master key.

Cryptographic Key Management

Cryptographic keys and algorithms are the heart of pervasive encryption. Cryptographic algorithms are public and standardized; therefore, the security of any encryption operation lies in the security of its keys. Thus, key management is among the most important considerations for pervasive encryption.

Consider what happens if:

  • A key is accidentally deleted: Do you have a backup?
  • A key is compromised: Do you need to re-encrypt the data? Can you locate every place that key is used?
  • The entire key repository is exposed: Were the keys stored in the clear or encrypted?
  • Keys are needed for disaster recovery: Are master keys available (preferably under lock and key)? Do you have copies of key stores?
  • A Crypto Express adapter needs to be taken offline: Do you have hardware redundancy? Are those adapters loaded with the current master key?
  • The master key is forgotten: Do you have a process for master key rotation?

Key management includes the entire lifecycle from creation to archival or deletion. Think of it in terms of master key and operational key management:

  • Master keys reside in Crypto Express adapters and are used only to encrypt and decrypt operational keys. Master key management includes assigning multiple custodians (ensuring no one person has an entire master key), generating material, loading material onto Crypto Express adapters and changing master keys periodically.
  • Operational keys don’t reside in Crypto Express adapters and are used in various cryptographic operations. Operational key management includes generating, exporting and importing key material, archiving keys, expiring keys and more.

The z/OS Integrated Cryptographic Services Facility (ICSF) provides basic key management capability for both operational key and master key management. Advanced tools include:

  • The Trusted Key Entry Workstation, which provides the most secure, hardware-based master key management including dual control, master key loading with smart cards and smart card reader functions
  • Enterprise Key Management Foundation, which provides extensive operational key management capability including a GUI-based browser, key templates and key distribution to a variety of platforms
  • Security Key Lifecycle Manager, which provides operational key management for self-encrypted devices including key generation, import, export and key serving

Encrypting Data at Rest

Pervasive encryption includes capabilities such as disk and tape encryption, data set and file encryption, database encryption and application encryption. These technologies can be layered to ensure broad coverage and protect data from different attack vectors (see Figure 1).

Full disk and tape encryption forms the broadest level. With 100 percent of the data encrypted, it helps protect data from physical removal. If disk or tape is physically lost or stolen (e.g., removed from the data center), data can’t be easily recovered without the key.

File and data set level encryption provides the next broadest level of protection. z/OS V2.3 (and z/OS V2.2 with PTFs), supports policy-based, application-transparent data set encryption. Typically, ICSF administrators generate secure keys identified with key labels, storing them in the Cryptographic Key Data Sets. Security administrators can now add key labels to DATASET profiles used for data sets to be encrypted. Security administrators grant access to key labels to data owners. Data owners allocate and write to data sets, which are encrypted. When data owners with access to the keys read data from these data sets, it appears in the clear. Storage administrators can manage the data sets, but without access to the keys, they can’t read the data.

Database encryption is next, using Guardium Data Encryption (GDE) for Db2 and IMS. Narrower in scope, it provides database encryption in memory and on disk. If Db2 dumps encrypted with GDE are sent to IBM for analysis, sensitive fields remain encrypted. Application encryption, the top level, which is the narrowest and most complex, requires applications to use IBM Z crypto libraries to perform crypto operations. Application developers control whether operations use CPACF or Crypto Express adapters. Data encrypted at the application level can remain encrypted in memory and at rest.

Each level provides a different scope and type of protection; they may be layered to help ensure sensitive data is protected. Layering means some data may be multiple-encrypted. However, this is business as usual. Compression before encryption can reduce encrypted data sizes. Take advantage of the reduced cost of encryption on IBM z14 to layer security and data protection.

Pervasive encryption includes Linux* on z Systems* and LinuxONE*, where transparent volume encryption is now available. It uses CPACF protected keys to ensure clear key material isn’t exposed to software. When configured to use AES-XTS, which is recommended, volume encryption enjoys the same CPACF performance benefits on z14.

z/VM* V6.4 now supports encrypted paging using CPACF to prevent access to sensitive data on volumes.

Encrypting Data in Transit

End-to-end encryption, which includes encryption of data in transit outside and within the network, is a best practice for data protection. Encryption of data at rest at application, database and data set levels is performed on the host; thus, data flowing over the SANs is encrypted.

For external communications, z/OS applications can use either SSL/TLS directly or Application Transparent TLS (AT-TLS) to encrypt network traffic by policy. VPNs are supported for node-to-node application-transparent encryption using Internet Protocol Security and Internet Key Exchange. Secure Shell using z/OS OpenSSH is supported for secure FTP and secure terminal access.

z/OS 2.3 Communications Server introduces the z/OS Encryption Readiness Technology (zERT), for monitoring traffic and auditing cryptographic algorithms and key sizes negotiated for connections. zERT can help identify users affected by cryptographic vulnerabilities through new SMF Type 119 Subtype 11 records, which include information about user IDs, address spaces, crypto protocols, job names, IP addresses, ports, negotiated cipher suites and algorithms.

Data on IBM Z also flows through coupling facilities (CFs), which allow shared, serialized access across LPARs. z/OS 2.3 allows CFs to encrypt list and cache structures to prevent sensitive data leakage. When enabled, CFs invoke ICSF to generate a secure key and transform the key into a protected key for use with CPACF. CF encryption is entirely host-based, so encrypted data remains encrypted through CF links and in CFs.

Secure Service Containers

Pervasive encryption includes cryptographic capability for all IBM Z OSes. IBM Secure Service Containers are packaged appliances residing in their own LPARs, isolated from other LPARs, with firmware, OS and software necessary for specific solutions.

Secure Service Containers use a secure boot process, including a bootloader with signature verification that detects changes. During the boot process, disk encryption keys must be provided to load software images and data. Secure Service Containers automatically encrypt data and code at-rest and in-flight.

Administration of the Secure Service Container runtime environment is limited by design, with no direct access to the OS. User interfaces are provided through REST APIs and web administrative tools. Secure Service Containers are intended to provide simple and fast deployment of package solutions, currently including Blockchain High Security Business Network, IBM z Advanced Workload Analysis Reporter and z/VSE* Network Appliance.

Administration, Auditing and Compliance

Regulatory compliance is a significant driver of pervasive encryption. IBM zSecure* and QRadar* offerings have been enhanced to support new features of pervasive encryption. The zSecure solution supports easy administration of System Authorization Facility policies for z/OS data set encryption with ISPF panels. Using zSecure, you can list the key labels defined to RACF* as well as data sets protected by a key. With the QRadar solution, you can run reports on which data sets were encrypted at data set creation.

The Journey Continues

Pervasive encryption is a journey. With each release of IBM Z, IBM invests in technologies and capabilities to help you ensure sensitive data is protected, auditing information is available and workloads run faster. Are you ready?

Eysha Powers is a cryptographic software designer and developer for the z/OS Integrated Cryptographic Services Facility.



Advertisement

Advertisement

2018 Solutions Edition

A Comprehensive Online Buyer's Guide to Solutions, Services and Education.

A Perfect Union

New encryption facility for z/OS strengthens mainframe bond.

Avoiding Security by Obscurity

Data security is not just an IT department issue.

IBM Systems Magazine Subscribe Box Read Now Link Subscribe Now Link iPad App Google Play Store
Mainframe News Sign Up Today! Past News Letters