Accelerate with ATS Encrypting Data at Rest with the DS8000

Transcription

1 Accelerate with ATS Encrypting ata at Rest with the S8000 Hank Sautter Paul Spagnolo

2 Agenda Advanced Technical Skills (ATS) North America Why encryption Encryption basics Key management/key servers S8000 encryption implementation Best practices 2

3 Agenda Advanced Technical Skills (ATS) North America Why encryption Encryption basics Key management/key servers S8000 encryption implementation Best practices 3

4 Aspects of ata Security Increasing number and sophistication of threats. You have to be able to defend against all threats rather than just respond to intrusions. Preventing data breaches and inappropriate data disclosure, while ensuring no impact on business and productivity. Intrusions that affect customer confidence and business productivity. Security breaches can destroy your brand image and affect your critical business processes. Protecting your data and maintaining appropriate levels of access. Cumbersome processes reduce productivity People who need the information may not be able to access it Security issues are both internal and external. How do you protect against the well-intentioned employee who mishandles information, and the malicious outsider? Having your business comply with a growing number of corporate standards and government regulations You must have tools that can document the status of your application security Meet growing number of compliance initiatives without diverting resources from core activities 4

5 Why Encrypt ata in the Storage Unit? Breach of Security can be defined as the loss of confidentiality (secret data exposed), integrity (unauthorized users modifying data), or availability (system made unusable) The S8000 Full rive Encryption (FE) features address data confidentiality Active authentication mechanisms are in place while storage is in use but This disappears when equipment is removed from the environment (and no one should be authorized access to your data) for example M replacement under warranty Lease expiration A logical volume does not equal physical volume Not all customer data resident on disk is host accessible Bad and relocated sectors Secure erasure is an option But a manual process Takes time to complete Encryption is an option Automatic and transparent 5

6 Options Other than Encryption IBM Certified Secure ata Overwrite Service This IBM Lab Services enables the decommissioning or repurposing of storage systems by overwriting data on the disk drives. The process is compliant with the US o M three-pass standard Additional passes are optionally available IBM Hard rive Retention Offering This IBM service offering allows you to keep replaced drives are part of a service repair action IBM service support representative replaces defective drive and subsequently provides you with the failing drive for your follow on action Server based applications that write over files, datasets or disk volumes Examples include WIPEISK, RACF, FRERASE, BCWIPE 6

7 What is On a ata isk in the S8000? What if we removed a disk from the S8000? (Assuming the disk isn t a spare) What makes this different than a disk from a PC? isk and logical volume meta-data, available extents ata written on 256 KB strips One part in 6 or 7 if RAI 5 array format Rotating Parity (one strip in 7 or 8 disks is parity) One part in 5 or 6 if RAI-6 array format Two strips represent parity One part in 3 or 4 if RAI10 array format Possible RAI rank types (5, 6, 10) P P Q RAI5 7+P RAI6 6+P+Q RAI Minimum logical volume size is one extent = 1 GB (binary) = 4096 strips 7

8 A Simple Illustration RAI isk Metadata Strip 1 Extent 1 Strip 5 Strip Strip Extent N Logical volumes (what the server sees) are made up of extents These include irectory Free space User files and associated data Extents are spread across the physical disks in the rank Unless the file is smaller than a strip, it is unlikely a whole file is visible Records and portions of files are most certainly visible Even a single drive can provide an unauthorized user with a lot of corporate information Encryption keeps this data safe automatically with no performance impact 8

9 Agenda Advanced Technical Skills (ATS) North America Why encryption Encryption basics Key management/key servers S8000 encryption implementation Best practices 9

10 Encryption for ata at Rest The S8000 uses special drives, known as Full rive Encryption (FE) to encrypt data at rest ata is always encrypted on write to the drive and then decrypted on read. ata stored on the drive is encrypted rives do the encryption at full data rate No impact to disk response times Uses AES 256 bit encryption Protection for disk removal (repair, replace or stolen) Protection for disk subsystem removal (retired, replaced or stolen) Requires authentication with key server before access to data is granted Key management is via IBM Tivoli Key Lifecycle Manager (TKLM) z/os can also use IBM Security Key Lifecycle Manager (ISKLM) Key exchange with key server is via 256 bit encryption 10

11 Encryption Terminology Plain text Often referred to as clear text. This is data that is human readable or machine readable without the need for a cipher key. Cipher text Cipher text is the opposite of plain text. Cipher text is not readable without a cipher key to decode the data. Cipher text is encrypted. Key A piece of data, that when applied in conjunction of an algorithm can convert plain text to cipher text or from cipher to plain text. Symmetric key encryption An encryption method where there is only a single key that is used both to encrypt and to decrypt data. This common key is used to both encrypt and decrypt data. Asymmetric key encryption An encryption method where there are two keys (a key pair). The first key (the public key) is used to encrypt the data while a second separate key (private key) is used to decrypt the data. 11

12 Symmetric Key Encryption Symmetric key encryption uses the same key to both encrypt and decrypt the data Usually significantly faster than asymmetric key encryption algorithms Since it uses the same key to encrypt as to decrypt the data, care must be maintained to protect the key from unauthorized access Keys are bit streams (128, 192, 256-bit key length are common) Plain Text Encryption Process Encryption Algorithm Encrypted ata Symmetric Key Plain Text ecryption Process Encryption Algorithm Encrypted ata Symmetric Key 12

13 Asymmetric Key Encryption Asymmetric key encryption uses a public key to encrypt data and a private key to decrypt data Often referred to as public key/private key encryption Public key can be provided at will Only the private key can decrypt data that was encrypted with its associated public key Computationally more intensive and slower than symmetric key encryption Keys are bit streams (128, 192, 256-bit key length are common) Plain Text Encryption Process Encryption Algorithm Encrypted ata Asymmetric Public Key Plain Text ecryption Process Encryption Algorithm Encrypted ata Asymmetric Private Key 13

14 Combining Symmetric and Asymmetric Encryption The S8000 uses a combination of symmetric and asymmetric encryption A symmetric key is used to actually encrypt and decrypt the data Allows drive to run at full data rate speeds even when encrypting or decrypting data This key is not transmitted in the clear and is used internally between the drive and the S8000 Every drive has a unique symmetric key Asymmetric keys are used to authenticate S8000 and Key Server Private/Public key pair allows for tighter security controls Rekey as necessary Standard AES 256 bit key Keys between S8000 and Key Server are never exchanged in the clear Without this key, the S8000 will not expose data on drives 14

15 igital Signatures Using public and private key pairs, you can easily create a igital Signature to authenticate the identity of a message sender igital Signatures are used to verify the original content of the message has not been altered S8000 uses digital signatures to verify communications with key servers S8000 Key Server S8000 Private Key TKLM Public Key Encrypted TKLM Private Key Read the message using the TKLM private key Public Key Message Message Public Key Message ata S8000 Public Key Encrypted ata Return encrypted data using the S8000 public key ata 15

16 igital Certificates igital Certificates provide a method to bind a public key with a specific identity igital Certificates are signed by a Certificate Authority If the Certificate Authority is trusted, then you can verify the igital Certificate and know who provided the public key Recall that a public key can be used to encrypt data. ata that is encrypted with a public key can only be decrypted with the corresponding private key igital Certificates provide the following information about the owner Name of the issuer Serial number of certificate Public key belonging to the owner Serial number of the digital certificate igital signature of the issuer Validity date of the public key (from to) 16

17 Agenda Advanced Technical Skills (ATS) North America Why encryption Encryption basics Key management/key servers S8000 encryption implementation Best practices 17

18 Key Management ata encryption introduces new challenges to the organization such as Security of Keys Keys must be kept secure No single individual has all of the information required to determine the encryption key Keys may need to be changed when employees leave the organization or job role changes Availability of Keys The key must be available in order to access the encrypted data Without the decryption key, you can not decrypt the associated ciphertext If that happens, the data that is contained in the ciphertext is considered cryptographically erased There are no back doors Storage Administration versus Security Administration Storage Administrator and Security Administrator are not the same job role Each is needed and each share joint responsibilities 18

19 Key Servers To preserve access to encryption keys the S8000 needs access to at least two Key Servers These key servers act as redundant key servers Consistent key stores all key servers have to have the key for the S8000 The redundant key servers use independent communication paths to the storage device Backups of each Key Server s data must be maintained Failure of a single Key Server or any network should not prevent storage devices from obtaining access to data keys required to access data Supported Key Servers include IBM Tivoli Key Lifecycle Manager (TKLM) IBM Security Key Lifecycle Manager for z/os (ISKLM) Minimum of two key servers are required One of which must be isolated 19

20 IBM Tivoli Key Lifecycle Manager (TKLM) TKLM works with IBM encryption-enabled storage devices in generating, protecting, storing and maintaining encryption keys that are used to encrypt information being written to and decrypt information being read from storage media. Supported Operating Systems AIX Solaris Windows Server Red Hat Enterprise Linux SuSE Linux Enterprise Server TKLM is designed to be easy to use Provides a graphical user interface Initial setup wizards Single button backup Lifecycle functions include Notification of certificate expiration Automatic rotation of groups of keys Same TKLM server supports IBM S8000, S5000 and IBM Tape + more 20

21 IBM Security Key Lifecycle Manager for z/os Attributes of encryption and key management: Encryption in storage hardware does not hurt performance Encryption and key management doesn t require changing applications, middleware, JCL, operating systems Key management is completely separate from the data path Storage arrays and libraries contact the key manager on behalf of the application and hosts doing I/O With disk arrays done at power up With tape libraries at each cartridge mount Encryption and key management fits into your operations management Separation of duties Leverage investments in high availability and security ISKLM benefits: Easy upgrade from EKM, easy SMP/E install Supports ICSF, RACF, crypto express hardware Writes SMF records type 83 subtype 6 audit records Supports all of the latest system z/os centric storage tape and disk Goal was simplest key serving with no co-reqs isk Storage Enterprise Tape 21

22 S8000 and Key Server Network Environment Storage Admin SGUI / S-CLI S8000 Storage Facility Storage Facility Image SFI Server SFI Server HMC ual HMCs Recommended HMC Customer Network TKLM GUI Key Lifecycle Manager Security Admin Cryto-Services Key-Store Up to 4 redundant TKLM servers Minimum 2 are required 22

23 Agenda Advanced Technical Skills (ATS) North America Why encryption Encryption basics Key management/key servers S8000 encryption implementation Best practices 23

24 S8000 Encryption To support encryption, the S8000 uses a special class of disk drives capable of Full isk Encryption (FE drives) Current S8700 choice of available FE drives include 300 GB/15K and 450 GB/15K Current S8800 choice of available FE drives include 400 GB SS, 146 GB/15K, 300 GB/15K, 450 GB/10K, 600 GB/10K, 900 GB/10K and 3 TB/7.2K FE drives use 256 bit AES symmetric encryption All drives must be FE to support encryption rives run at full data rate With encryption enabled All customer data at rest is encrypted Customer data in flight is not encrypted Supports cryptographic erasure data change of encryption keys Key attack methods addressed isk removal (repair or stolen) Machine removed (retire, stolen, end of life) IBM requires customer to sign a Customer Agreement to activate encryption function 24

25 Encrypting isks on S8000 One Encryption Group per Storage Facility Image (One key on TKLM) No intermix of encrypting and non-encrypting Ms New factory order only, no field MES to add encryption to existing non-encrypting machines only to add encryption capacity to an encryption capable machines. Entire storage facility image is either all encrypted or all not encrypted - selected when configuring the first rank Logical volumes Logical Volume Logical Volume Logical Volume Logical Volume Ranks combine into extent pools Extent Pool 1 Extent Pool 2 Place arrays into ranks Rank 1 Rank 2 Rank 3 Rank 4 Rank N Create RAI arrays Array 1 Array 2 Array 3 Array 4 Array N Encryption capable disks 25 Special FE drives

26 Encryption isks on S8000 All data on disk is encrypted One or more data bands on disk Each data band has an encryption key ata is always encrypted on write and decrypted on read Encryption key is wrapped with access credential and maintained within the disk Establishing a new encryption key causes cryptographic erasure Access to data requires authentication Each data band can be locked with an access credential Access credential established by TKLM based on key hierarchy when band is locked Access credential converted to a secure hash and maintained within the disk Re-authentication required on locked band after disk power loss or each power cycle Bands with encrypted customer data are locked by S8000 before any customer data is stored on the band Bands with unencrypted customer data are not locked by S8000 Encrypting disks have band encryption key set, band unlocked, and data pre-initialized at factory so do not have to re-initialize when band is locked 26

27 ata Bands on FE isks Customer ata System ata Band 0 Band 1 FE has two bands Bands are like disk partitions (designated areas of the disk) Band 0 contains customer data Band 1 contains internal global data for S8000 disk support Each disk/band has its own encryption key Bands are locked when the disk is made a member of an encryption enabled rank Cryptographic Erasure occurs when band is unlocked The rank is deleted rive is reused as a spare You can cryptographically erase data for a set of logical volumes in an encryption-capable extent pool by deleting all of the ranks that are associated with the extent pool. 27

28 High Level View of the Encryption Process Servers S8000 Encrypted isk Apps Encrypted isk Apps Apps Apps Host Adapter evice Adapter Encrypted isk Encrypted isk HMC Clear text Encrypted isk TKLM or ISKLM 28

29 Gaining Access to Encrypted ata on isk When the data band is locked (encryption enabled) S8000 obtains the key at power on from Key Server S8000 identifies itself to Key Server using digital signature After verification, the drive is unlocked and reads and writes can occur ata is stored on the disk encrypted and then decrypted on read Without access to the Key Server, S8000 does not know the access credentials for the drive and can not access the drive s data 29

30 Basic Steps to Enable Encryption Configure S8000 to TKLM Configure one or more key labels on TKLM efine the encryption key server efine key server using IP address or host name You can define up to 4 key servers, but you will need to define at least 2 30

31 Basic Steps to Enable Encryption - continued Create encryption recovery key (if desired) Both Security Administrator and Storage Administrator access is required Create encryption group All ranks of disk in S8000 will belong to this encryption group Group 0 designates no encryption Group 1 designates encryption Specify key label for this encryption group S8000 communicates with TKLM to get necessary keys to manage encryption group S8000 locks data bands on encryption disks that are configured in an extent pool that is associated with group 1 efine one or more encryption capable ranks in an extent pool Ranks and groups have an encryption group attribute efine logical volumes in extent pool as normal 31

32 eadlock Prevention One critical consideration with using a key server implementation is that all code and data objects required to make the key server operational must not be stored on a storage device dependent on any key server to be accessed. Potential for all encrypted data managed by Key Servers to be permanently lost Examples of a deadlock: TKLM server boot disk located on encryption enabled drive TKLM data base / program code located on encryption enabled drive TKLM backup on encryption enabled tape Use of an isolated key server is required Key server backups can t reside on encrypted media Optional S8000 feature code #1760 will provide isolated key server instance 32

33 eadlock Creation Factors Besides poor design (examples on the previous chart), there are a number of factors that can eventually lead to a deadlock occurring. Layers of virtualization can make it difficult to know where data resides Transparent ata Relocation Consolidation of servers and storage ifficult to determine if deadlock exists without power cycling the storage complex Servers supporting SAN boot (and not supporting internal boot) 33

34 Creating Recovery Key Security Administrator can elect to create a recovery key Can also disable the creation and use of a recovery key Make this decision before creating encryption group on S8000 This key is a 256 bit AES key Recovery key is a manual process and would only be used in a deadlock condition Recovery key must be created before deadlock condition and is part of the configuration process Security administrator requests the recovery key Storage administrator authorizes the recovery key In the event of an encryption deadlock, both users are required to perform the recovery operation The recovery key is written down, verified and stored in a secure location or safe Recovery key can be re-keyed if lost or user access revoked 34

35 S8000 Encryption Feature Codes Common feature codes associated with encryption capable machines are: #1751 Encrypted drive set support #1760 Isolated key server (TKLM preloaded) System x server with SUSE Linux Enterprise Server 10 preloaded 35

36 S8800 isk Feature Codes isk Class rive Set Size FE rive Feature Code Co FE rive Feature Code SS N/A SS N/A Enterprise 146/15K Enterprise 300/15K Enterprise 450/10K Enterprise 600/10K Enterprise 900/10K Nearline 3 TB/7.2K

37 S8700 isk Feature Codes isk Class rive Set Size FE rive Feature Code Co FE rive Feature Code Enterprise 146/15K Enterprise 300/15K Enterprise 450/15K

38 Agenda Advanced Technical Skills (ATS) North America Why encryption Encryption basics Key management/key servers S8000 encryption implementation Best practices 38

39 Best Practices - Security Physically secure the hardware, communications and associated media Startup of TKLM key server requires a password Can provide password through the keyboard Could also use a startup script Use access controls on this script to prevent tampering and provide audit trail o not use default password for S8000 users SECAMIN STGAMIN ivide roles of Security Administrator and Storage Administrator between two individuals If enabled, recovery key (deadlock key) should be stored in area with physical security Utilize S8000 re-label function to meet compliance requirements to replace encrypting keys shared between TKLM and S

40 Best Practices - Availability Use of redundant key servers at each independent location Primary site(s) should use local key servers Recovery site(s) should use local key servers Minimum of two key servers needed for power on of S8000 One of which must be an isolated key server (no other dependencies) For lights out operation, key servers and key server application should be configured to automatically power on and boot Provide redundant networks between key server and encrypting storage Use S8000 with dual HMC for highest level of availability 40

41 Best Practices eadlock Prevention Encryption eadlock Condition The credential for unlocking the S8000 cannot be obtained from TKLM TKLM data may be encrypted (by mistake) TKLM Server may be not functional Manually configure S8000 devices on the Key Server Manual configuration allows the device to be associated with a specific key label to help avoid accidentally archiving or deleting an active key label Automatic configuration automatically associates the device with the default key label Administrators like to delete defaults Assign a unique key label to each S8000 Recommend against sharing keys among group of devices 41

42 Best Practices eadlock Prevention continued Create a recovery key Configuring a Recovery Key is optional and is a manual process Provides a mechanism break an encryption deadlock Used to unlock a S8000 that cannot obtain a data key from a key server Requires the customer to configure and escrow the recovery key for future use The S8000 does NOT have a copy of the recovery key Recovery keys can be changed (re-keyed) User roles Storage Administrator (STGAM) - (formerly known as Administrator) Security Administrator (SECAM) Recovery key user protocols use a dual control: Requires two people to effect recovery key operation Security Administrator is requester and holder of recovery key Storage Administrator is approver for the recovery key request 42

43 Summary Advanced Technical Skills (ATS) North America ata breaches and data disclosures threats are real Encrypting in the storage unit can manage these threats All data is always encrypted Automatic and transparent process No performance impact Other options exist but have their own risks S8000 uses special full drive encryption disks rives available in a variety of formats and sizes Blends both symmetric and asymmetric encryption methods Key server externalizes the management of encryption keys and addresses availability requirements 43

44 Additional Material 44

45 References IBM System Storage S8000 isk Encryption Redbook (REP-4500) IBM System Storage S8000: Architecture and Implementation (SG ) IBM System Storage S8000: LAP Authentication (REP-4505) IBM System Storage S8000 Information Center IBM Encrypted Storage Overview and Customer Requirements ftp://public.dhe.ibm.com/common/ssi/ecm/en/diw03021usen/iw03021usen.pf 45

46 IBM s Policy Concerning ata on Returned isk rives efective hard disk drives (H) are handled through a controlled process that begins at the time of replacement, either by you, the customer, or an IBM service representative. The data on returned defective drives are either deleted during the repair process or the drive is scrapped. Because no erasure or destruction process can be guaranteed to be completely effective IBM recommends that, whenever possible, you attempt to delete any data that might remain on the H before returning the drive to IBM. IBM further recommends that if any data is subject to protections by federal, state, or local laws, you take appropriate measures to ensure the affected data is stored sufficiently unintelligible through commercially available encryption technologies that require a security key, known only to you, to access the protected data. IBM follows two methods for the processing of defective Hs that include data removal or destruction. H's that are designated to be repaired are retained by the IBM Service Representative at the time the defective drive is replaced. These drives are then returned to an IBM parts consolidation center using IBM's controlled Used Parts Return process and subsequently sent through the parts repair process at an IBM repair center. The repair process includes the electronic resurfacing and a complete format of the drive. Once the re-utilization process has been completed, quality seals are installed on each H. If the test process fails then the H is scrapped. H's designated for scrap are retained by the IBM Service Representative at the time the defective drive is replaced. These drives are then returned to an IBM parts consolidation center using IBM's controlled Used Parts Return process where they are scrapped. The scrap process includes total destruction and disposal of the H according to established environmental standards. In the case where returned H's are handled by a third party, IBM requires such third party to follow specific guidelines for handling and protecting information. IBM Business Practices/Contracts and Negotiations Section Re: ata Security Procedure of Returned Magnetic Media 46

47 Encryption Key Management Flow 47