Introduction to IBM z Systems Cryptography

Transcription

1 Introduction to IBM z Systems Cryptography And the Ecosystem around z Systems Cryptography zec12 / CEX4S IBM Crypto Development Team June 10,

2 Table of Contents IBM z Systems Crypto History IBM z Systems Crypto Hardware Hardware Crypto Support in z Systems IBM User Defined Extensions (UDX) IBM Trusted Key Entry (TKE) Workstation IBM z Systems Crypto Stack z/os Crypto Stack z/linux Crypto Stack IBM z Systems Crypto Software z/os Integrated Cryptographic Services Facility IBM z Systems Software Exploiting ICSF IBM z Systems Crypto Keys & Certificates Cryptographic Keys & Certificates Secure Keys vs Clear Keys vs Protected Keys IBM z Systems Crypto Ecosystem EKMF, ACSP, ISKLM, Encryption Facility IBM z Systems Crypto Exploitation Encrypting Data in Transit Encrypting Data at Rest 2

3 IBM z Systems Crypto History 3

4 z Systems Crypto History /11 Cryptographic Coprocessor Facility (CCF) G3, G4, G5, G6, z900, z800 PCI Cryptographic Coprocessor (PCICC) G5, G6, z900, z PCI Cryptographic Accelerator (PCICA) z800/z900 z990 z890 PCIX Cryptographic Coprocessor (PCIXCC) z990 z890 CP Assist for Cryptographic Functions z990 z890 z9 EC z9 BC z10 EC/BC z196/z114 zec12 zbc12 Crypto Express2 Crypto Express3 Crypto Express4S z990/z890 z9 EC z9 BC z10 EC/BC zec12 z10 EC/BC z196/z114 zbc12 4 Cryptographic Coprocessor Facility Supports Secure key cryptographic processing PCICC Feature Supports Secure key cryptographic processing PCICA Feature Supports Clear key SSL acceleration PCIXCC Feature Supports Secure key cryptographic processing CP Assist for Cryptographic Function allows limited Clear key crypto functions from any CP/IFL NOT equivalent to CCF on older machines in function or Crypto Express2 capability Crypto Express2 Combines function and performance of PCICA and PCICC Crypto Express3 PCIe Interface, additional processing capacity with improved RAS Crypto Express4S - IBM Standard PKCS #EP11 Hardware preceding CCF includes: IBM 3845 Channel Attached DES (1977) IBM 3848 channel-attached TDES (1979)

5 IBM has been providing Security & Encryption Solutions for over 30 years A History of Enterprise Security RACF: controls access to resources and applications: 1976 Hardware Cryptography: 1977 Key management built into operating system (ICSF): 1991 Distributed Key Management System (DKMS) (1990 s) Intrusion Detection Services (IDS): 2001 z/os PKI Services: create digital certificates & act as Certificate Authority (CA) 2002 Multilevel Security (MLS): 2004 Encryption Facility for z/os: 2005 TS1120 Encrypting Tape Drive: 2006 LTO4 Encrypting Tape Drive: 2007 License ECC Technology from Certicom: 2008 Tivoli Encryption Key Lifecycle Manager: 2009 Self-Encrypting Disk Drives, DS8000: 2009 System z10 CPACF Protected Key Support: 2009 Crypto Express3 Crypto Coprocessor: 2009 z Systems z196 with additional CPACF encryption modes: 2010 z Systems zec12 with Public Key Cryptography Standards Enterprise PKCS#11 5

6 Hardware (HW) Crypto Support in IBM z Systems 6

7 Overview HW Crypto support in z Systems (zec12) Processor Books Processor Drawers MCM SCM PCIe I/O drawers CPACF Crypto Express4S PCIe I/O drawers PCIe I/O drawers zec12 zbc12 7 Trusted Key Entry (TKE) Smart Cards Smart Card Readers

8 MCU L3C 0 L3 C 1 CPACF - The CP Assist For Cryptographic Functions DES, T-DES AES128 AES192 AES256 SHA-1 SHA-256 SHA-384 SHA-512 PRNG Core0 Core1 Supported Algorithms Core2 Core3 Clear Key Y Y Y Y Y Y Y Y Y Core4 Core5 GX Protected Key Y Y Y Y N/A N/A N/A N/A N/A Provides a set of symmetric cryptographic functions and hashing functions for: Data privacy and confidentiality Data integrity Random Number generation Message Authentication Enhances the encryption/decryption performance of clearkey operations for SSL VPN Data storing applications Available on every Processor Unit defined as a CP, IFL, zaap and ziip Supported by z/os, z/vm, z/vse, z/tpf and Linux on z Systems Must be explicitly enabled, using a no-charge enablement feature (#3863), SHA algorithms enabled with each server Protected key support for additional security of cryptographic keys Crypto Express3 or Crypto Express4S required in CCA mode 8

9 Crypto Express4S (CEX4S) Provides state-of the art tamper sensing and responding, programmable hardware to protect cryptographic keys, sensitive cryptographic processing and sensitive custom applications Unauthorized removal of the adapter zero-izes its content Suited to applications requiring high-speed security-sensitive cryptographic operations for data encryption and digital signing, and secure management and use of cryptographic keys Functions targeted to Banking/Finance and Public sector Supports multiple logically-separate cryptographic domains for use by different LPARS. FIPS Level 4 hardware evaluation 9

10 Crypto Express4S (CEX4S) One PCIe adapter per feature Initial order two features FIPS Level 4 Installed in the PCIe I/O drawer Up to 16 features per server Prerequisite: CPACF (#3863) Three configuration options for the PCIe adapter Only one configuration option can be chosen at any given time All card secrets are erased when switching to or from EP11 Coprocessor mode Accelerator CCA Coprocessor EP11 Coprocessor TKE N/A TKE OPTIONAL TKE REQUIRED CPACF NO CPACF REQUIRED CPACF REQUIRED UDX N/A UDX YES UDX NO CDU YES(SEG3) CDU YES(SEG3) CDU NO Clear Key RSA operations Secure Key crypto operations Secure Key crypto operations Security Enhancements for 2013 Crypto EP11 enhancements - Extending EP11 support by providing additional cryptographic algorithms in the HW 10

11 Crypto Express 4S - Modes of Operation The Crypto Express4S can be configured in three different modes 1) Accelerator mode : Request is processed fully in hardware (versus Power PC) Supports clear key RSA operations (e.g. SSL Acceleration) 2) CCA CoProcessor mode : Supports the IBM Common Cryptographic Architecture (CCA) Request is sent first to the internal IBM PowerPC for processing (default mode) 3) Enterprise PKCS #11 (EP11) EP11 CoProcessor mode Supports the PKCS #11 programming interface for public sector requirements. Designed for extended evaluations (FIPS and Common Criteria certifications) Request is sent first to the internal IBM PowerPC for processing (default mode) Requires the use of the TKE Workstation 11

12 CEX4S Reliability, Availability and Serviceability (RAS) RAS Features Concurrent Code Updates Concurrent Segment 3 firmware Only Patches and New GAx levels Disruptive UDX, O/S (Segment 2), FPGA (Segment 1) Dynamic AP Add/Remove Without preplanning Add AP to LPAR Delete AP from LPAR Results in Move from one LPAR to another LPAR Tamper Protection / Events Physical Intrusion Battery Level Temperature Lowered to allow for shipment in systems Voltage BBRAM Integrity 12

13 CEX4S Reliability, Availability, and Serviceability (RAS) All memory, logic, and data paths in the card include hardware error checking ASIC is fully compliant with System z RAS requirements including the following: Byte wide parity protection on all interfaces Byte wide parity protection on all internal registers and data paths wider than two bits. This includes internal register arrays as well SHA & MD5 engines are protected with a checksum prediction method AES & DES engine is protected by running the same operation on two independent engines and the outputs are compared cycle by cycle RSA engines are protected by a duplicate engine which predicts the CRC of the result. CRC is then calculated on the actual result and compared with the predicted value. 13

14 CEX4S Cryptographic Units DES/TDES w DES/TDES MAC AES MD5, SHA-1, SHA-2 (224,256) RSA (512, 1024, 2048, 4096) Montgomery Modular Math Engine RNG (Random Number Generator) Clear Key Fast Path (Symmetric and Asymmetric) 14

15 User Defined Extension (UDX) 15

16 User Defined Extensions (UDX) UDX support available for Crypto Express4S features defined as CCA coprocessors Allows additional functions to the CCA API, which execute inside the secure crypto feature Standard CCA functions plus UDX enhancements available Tied to specific versions of the CCA code and the related host code Must be rebuilt each time these IBM code modules change Note: Installation of a UDX is a disruptive (non-concurrent) operation on z Systems 16

17 IBM Trusted Key Entry (TKE) Workstation 17

18 Trusted Key Entry (TKE) Workstation Components Workstation with a 4765 Cryptographic Coprocessor TKE 7.2+ LIC Smart card readers and smart cards Required if using Enterprise PKCS #11 LIC Optional if using IBM CCA LIC Smart Smart Card Smart Card Smart Card Smart Card Smart Card Smart Card Smart Card Smart Card Smart Card Card Purpose To securely manage multiple Cryptographic Coprocessors and keys on various generations of z Systems from a single point of control Support of new hardware, firmware and software Support requirements for standards Simplification of tasks Popular Features Domain Grouping Ability to broadcast a command to a set of domains Wizards Configuration Migration Tasks Migrating IBM Host Crypto Module Public Configuration Data TKE Workstation Setup 18

19 Unique TKE Workstation Capabilities Secure Loading of CCA Master Keys (MKs) Migration Wizards to securely clone a card Enable/disable Access Control Points (ACPs) Loading MKs for inactive LPARs Loading PIN decimalization tables Loading EP11 Master Key 19

20 IBM z Systems Crypto Stack 20

21 TKE z/os Crypto Stack z Systems Software z/os System SSL IPSec IKE PKI Java RACF EF DB2 ICSF SW CPACF SW CPACF SW CPACF RACF RMF CCA Services PKCS #11 Services z/os PKI Services System SSL Java PKCS#11 Provider CKDS PKDS ICSF CCA Device Driver CPACF Software Crypto PKCS #11 Device Driver TKDS Request routing Request routing Secure Key Material TKE CCA Verbs PKCS #11 Verbs Clear Key Material Crypto Device Driver Crypto Device Driver Trusted Key Entry CCA PKCS11 Crypto Express4S (CEX4C) Crypto Express4S (CEX4P) 21

22 Linux for z Systems Crypto Stack 22

23 A Linux Open PKCS#11 implementation -- opencryptoki 3.x Version: 3.0 Configuration via: /etc/opencryptoki/opencryptoki.conf pkcs11_startup is no longer needed ICA token New mechanisms exploiting the System z processor based crypto (CPACF) E.g.: OFB, CFB, MAC modes New ICSF token to connect to z/os via LDAP extended operations and crypto capabilities provided by ICSF via the z/os ITDS (LDAP) server Included in RedHat Enterprise Linux -- RHEL 7.0 Version 3.1 New EP11 token Included in SuSe Linux Enterprise Server -- SLES 12 Targeted for additional distributions 23

24 Additional z Systems Operating Systems with Crypto Support z/vm z/vm Guest Support for Crypto Express 4S in Accelerator mode CCA Coprocessor mode and EP11 Coprocessor mode z/vse Supports Crypto Express 4S in Accelerator mode and CCA Coprocessor mode CPACF support OpenSSL Support Encryption Facility support (w/ OpenPGP) 24

25 IBM z Systems Crypto Software for z/os 25

26 z/os Integrated Cryptographic Services Facility (ICSF) ICSF works with the hardware cryptographic features and the Security Server (RACF element) to provide secure, high-speed cryptographic services in the z/os environment. ICSF provides the application programming interfaces by which applications request cryptographic services. ICSF is the default means by which the secure cryptographic features are loaded with master key values, allowing the hardware features to be used by applications. ICSF callable services and programs can be used to generate, maintain, and manage keys that are used in the cryptographic functions. ICSF uses keys in cryptographic functions to Protect data Protect other keys Verify that messages were not altered Generate, protect and verify PINs Distribute keys Generate and verify signatures 26

27 IBM Common Cryptographic Architecture (CCA) for z/os ICSF IBM Common Cryptographic Architecture (CCA) IBM proprietary cryptographic application programmers interface (API) providing a broad range of cryptographic services including standard cryptographic algorithms financial services standards z/os ICSF Naming Conventions for CCA CSNB* = CCA 31-bit Symmetric Key API CSNE* = CCA 64-bit Symmetric Key API CSND* = CCA 31-bit Asymmetric Key API CSNF* = CCA 64-bit Asymmetric Key API CCA Functions & Algorithms Encrypt / Decrypt (AES, DES, DES3, RSA) Sign / Verify (RSA, ECC) MAC Generate / Verify (AES, DES, DES3) HMAC Generate / Verify (HMAC) Key Generate (AES, DES, DES3, HMAC) Key Pair Generate (RSA, ECC) Key Agreement (ECC, DH) One Way Hash Random Number Generate Key Import / Export TR-31 Block Import / Export Financial Crypto PIN Generate / Verify / Translate PIN Encrypt Diversified Key Generate Derive Unique Key Per Transaction (DUKPT) CVV Generate / Verify Secure Messaging for Keys / Pins And Many More! 27

28 PKCS#11 Cryptographic Token Interface Standard for z/os ICSF PKCS #11 Cryptographic Architecture Originally published by RSA Laboratories, now maintained by OASIS Defines a standard API for devices that hold cryptographic information and perform cryptographic functions Enterprise PKCS#11 EP11 z/os ICSF Naming Convention for PKCS#11 CSFP* = PKCS#11 APIs PKCS#11 Functions & Algorithms Encrypt / Decrypt (AES, DES, TDES, RSA) Sign / Verify (RSA, DSA, ECDSA) HMAC Generate / Verify Key Generate (DES, TDES, AES, Blowfish, RC4) Key Pair Generate (RSA, DSA, EC) Key Derivation Domain Parameter Generation (DH) One Way Hash Random Number Generate Wrap / Unwrap Key Designed for portability and FIPS/Common Criteria certification 28

29 Security Product -- RACF Where Cryptography and Security Meet Related disciplines Data & Applications Engine Engine Administration Networks z/os Hardware Exploiter Exploiter Exploiter Synergy between Cryptography and Security functions Cryptography provides the primitives to support security functions Similarly security functions help to ensure authorized use of key material and cryptographic functions Built on a platform with Integrity Intended to prevent Unauthorized users, applications & subsystems from bypassing system security mechanisms Security fundamentals Identification & Authentication Know and prove user or process identity Authorization user or process has the authority to perform a given action Administration managing the relationships of users or processes to protected resources Auditing recording security relevant events; validating security policies are being enforced Architecture Central security process that is easy to apply to new workloads or as user base increases Can help reduce security complexity and expense Tracks activity to address audit and compliance requirements 29

30 Protecting z/os ICSF Resources ICSF Keys and APIs The CSFSERV class controls access to ICSF callable services and ICSF TSO panel utilities. The CSFKEYS class controls access to cryptographic keys in the ICSF Key Data Sets (CKDS and PKDS). The CRYPTOZ class controls access to, and defines a policy for PKCS#11 token in the Token Key Data Set (TKDS). The XCSFKEY class controls the ability to export a symmetric key with the Symmetric Key Export callable services. ICSF Key Data Sets The DATASET class can be configured to protect the ICSF Key Data Sets. Key Store Policy Defines rules for the use of encrypted key tokens that are stored in the CKDS and PKDS. Access Control Points must be enabled for each service to be executed on a cryptographic coprocessor. The TKE workstation is required to modify ACP settings. 30

31 z Systems Software Exploiters of ICSF z/os Software Components System SSL Java Cryptography Extension RACF Security DB2 Database PKI Services IBM Tivoli Directory Server Kerberos Network Authentication Service Websphere MQ Websphere Application Server z/os Communications Server IBM Solutions IBM Infosphere Guardium Sterling Connect:Direct 31

32 IBM z Systems Crypto Keys & Certificates 32

33 Cryptographic Keys & Certificates IBM z Systems has several means to generate, maintain and manage keys and certificates that are used in cryptographic functions. ICSF provides callable services and utilities to generate and store keys into ICSF Key Data Sets (CKDS/PKDS/TKDS). RACF provides the RACDCERT GENCERT command to generate and store keys into the RACF database and ICSF Key Data Sets (PKDS/TKDS). RACF also provides the RACDCERT CONNECT command to add certificates to RACF Keyrings. SystemSSL provides the gskkyman utility to generate and store certificates into key database files. SystemSSL can also read from RACF Keyrings and generate and store certificates into PKCS#11 Tokens (TKDS). JCE provides provides APIs and utilities to generate and store keys and certificates into ICSF Key Data Sets, RACF Keyrings, and Java Key Stores. ICSF Key Data Sets RACF Keyrings Flat Files CKDS PKDS Cryptographic Key Data Set CCA Symmetric Keys AES and DES PKA Key Data Set CCA Asymmetric Keys RSA and ECC Java Key Store (ks) Certificates, Keys Key Database Files (kdb) Certificates, Keys TKDS Token Key Data Set PKCS#11 Keys, Certificates All algorithms RACF Keyrings Certificates RSA, ECC 33

34 Secure Keys vs Clear Keys vs Protected Keys Secure Key - provides high security because the key material is protected by the master key. Master keys are loaded within the cryptographic coprocessor and are used to wrap and unwrap secure key material within the secure boundaries of the HSM. This prevents secure key material from ever appearing in the clear. Clear Key when performing symmetric encryption, TDES and AES, with clear keys, ICSF uses the CPACF to provide high performance. Clear Key refers to key material that is in the clear, meaning the clear key value appears within application storage and within the keystore Protected Key - provides a high performance and high security solution by taking advantage of the high speed CPACF while utilizing symmetric keys protected by the cryptographic coprocessor Master Key. To use a CKDS encrypted key, the ICSF segment of the CSFKEYS class general resource profile associated with the specified key label must contain SYMCPACFWRAP(YES). 34

35 IBM z Systems Ecosystem 35

36 View of the Future Pervasive Encryption in the Enterprise Encryption Key Provisioning Encryption Key Management Encryption choices why should encryption be built into storage and other endpoints? SAN File system encryption Database encryption Switch encryption Performance cryptography can be computationally intensive Efficiency - encrypted data is not able to be compressed or de-duplicated Security -- Data in transit should use temporary keys, data at rest should have long term retention and robust management Scalability best to distribute cryptography across many devices Encryption IBM started with encrypting tape systems, encrypting storage arrays, with the goal to extend to the rest of the infrastructure Disk Storage Array Encryption Enterprise Tape Library 3592 Encryption 36

37 IBM Enterprise Key Management Foundation (EKMF) The IBM Enterprise Key Management Foundation provides real-time secure management of keys and certificates in an enterprise with a variety of cryptographic devices and key stores. EKMF workstation is online with all mainframes in the system Manages the keys in ICSF key stores Support for other platforms as well Support for several workstations One LPAR is hosting the EKMF key repository Containing keys and metadata Easy backup and recovery Secure workstation for all key management tasks Centralized key management Secure hardware IBM 4765 Two factor authentication, dual control, group logon, split knowledge, audit logging Database (Repository) Configuration Keys and metadata Audit log Available on z/os, Windows, Linux, AIX Key Stores Distribution Push mechanism ICSF, CCA, RACF, Websphere DataPower, Thales, SSL, PKCS#11 On-line management of keys and certificates for WebSphere DataPower DB2 database deployed on server EKMF On-line management of keys in ICSF and RACF 37

38 IBM Advanced Crypto Service Provider (ACSP) ACSP is a remote crypto services solution that enables distributed clients to access IBM cryptographic hardware on z Systems and System x over the network. ACSP client platforms AIX, IBM i, Linux, Windows, z/os, Linux on z PureSystems In reality, any Java platform ACSP client APIs CCA in Java and C PKCS#11 Transport network IP SSL/TLS protected (client/server auth) ACSP server platform z Systems: z/os (CEX3/4) System p: AIX (4765) System x: SLES, RHEL (4765) IBM PureSystems 38

39 IBM Security Key Lifecycle Manager (ISKLM) IBM Security Key Lifecycle Manager for z/os manages encryption keys for storage. It integrates with encrypting storage devices with hardware encryption for performance, Resource Access Control Facility (RACF), Integrated Cryptographic Service Facility (ICSF) and IBM Enterprise Key Management Foundation (EKMF). Application 1. Application sends write/read request to device 2. Device requests an encrypting/decrypting key from ISKLM, if it doesn t already have it z/os Storage Device ISKLM 3. ISKLM looks up info about the device and the keys DB2 6. Device uses the key to encrypt/decrypt this and future write/read requests 5. ISKLM distributes the key to the device 4. ISKLM retrieves the key from the keystore Keystore 39

40 Security Key Lifecycle Manager for z/os Key Features and Benefits Encryption in storage hardware does not hurt performance Encryption and key management doesn t require changing applications, middleware, JCL, operating systems Key management completely separate from the data path Storage arrays and libraries contact the key manager on behalf of the application and hosts doing I/O With disk arrays done at power up With tape libraries at each cartridge mount Encryption and key management fits into your operations management Separation of duties Leverage investments in high availability and security ISKLM V1.1 for z/os benefits: Easy upgrade from EKM, easy SMPE install Supports ICSF, RACF, Crypto Express hardware Writes SMF records type 83 subtype 6 audit records Supports all of the latest z Systems/OS centric storage tape and disk No longer requires DB2 or SSRE Goal was simplest key serving with no co-reqs Streamlined an tailored for z/os Operational efficiency 40 Disk Storage Array Enterprise Tape 3592 Library

41 Encryption Facility (EF) for z/os The Encryption Facility for z/os is a host-based encryption and key-management solution specifically designed to protect sensitive data that's being exchanged with trusted business partners or archived for backup and recovery purposes. Provides a business-to-business encryption capability to help companies that rely on exchange of tapes with their partners to complete these business transactions. EF for z/os provides services for: Public-key based encryption Passphrase-based encryption Modification detection of encrypted data Compression of packaged data before encryption Importing and exporting of OpenPGP certificates Binary or ASCII armor format Digital signatures of data Leverages z/os and IBM hardware capabilities to encrypt and compress data as it's sent to tape. Written in Java, so the client can be downloaded from the Internet and used on multiple platforms. 41

42 IBM z Systems Crypto Exploitation 42

43 Cryptography is used in a variety of places Data in flight Virtual Private Networks (VPNs) SSL/TLS connections (using public/private keys and certificates and symmetric encryption) Messaging infrastructures (using SSL/TLS or shared secrets) WS-Security and SOA Data at rest File and folder encryption including the use of intermediate devices Removable media (tape) encryption Transactional environments Industry specific finance Mandates highly trust-worthy cryptography Smart ID cards, epassports For sharing user credentials between organizations the establishment of trust Via certificate exchanges Federated Identity Management Credential formats such as SAML, OpenID Connect Cryptography is one of the foundations that data privacy is built upon 43

44 Managing & Sharing Keys Distributing keys to other systems Sharing keys with z/os Systems Sharing keys with non-z/os Systems 44

45 Key Distribution using the EKMF Workstation EKMF Workstation z/os EKMF agent z/os EKMF agent ISKLM Applications ICSF SMF Audit trail DB2 Key Repository Applications ICSF Key rings z/os PKI Tape Drives or Disk CKDS/PKDS CKDS/PKDS zec12 CEX4S CEX4S Crypto Express CPACF zec12 CEX4S CEX4S Crypto Express CPACF TKE 45

46 Encrypting Data in Flight Sending data securely to another z/os system Sending data securely to a non-z/os system Receiving data securely from another z/os system Receiving data securely from a non-z/os system 46

47 z/os Communications Server for Encrypting Data In Flight Protect the system z/os CS TCP/IP applications use SAF to authenticate users and prevent unauthorized access to datasets, files, and SERVAUTH protected resources. The SAF SERVAUTH class is used to prevent unauthorized user access to TCP/IP resources (stack, ports, networks). Intrusion detection services protect against attacks of various types on the system's legitimate (open) services. IDS protection is provided at both the IP and transport layers. IP filtering blocks out all IP traffic that this systems doesn't specifically permit. IP filtering is also used to control which traffic must use IPSec. Application layer SAF protection Application specific Native SSL / TLS API layer SAF protection AT-TLS IDS IDS IP Filtering IPSec IP Filtering Kerberos TCP/UDP transport layer IP Networking layer Protect data in the network Examples of application protocols with built-in security extensions are SNMPv3, DNS, and OSPF. SSH (not part of z/os CS) provides an umbrella of secure applications (secure shell access, secure file transfer, etc.) Both Kerberos and SSL/TLS are located as extensions to the sockets APIs and applications have to be modified to make use of these security functions. Both SSL/TLS and Kerberos are connection-based and only applicable to TCP (stream sockets) applications, not UDP. AT-TLS is a TCP/IP stack service that provides SSL/TLS services at the TCP transport layer and is transparent to applications. IPSec resides at the networking layer and is transparent to upper-layer protocols, including both transport layer protocol and application protocol. 47

48 z/os TCP/IP Cryptographic Landscape NSSD = Network Security Services Daemon Optional IKEv1 X.509 Cert Support NSSD IKED DES, 3DES, MD5, SHA-1 V1R12: All IKEv2 X.509 Cert Support IKED = Internet Key Exchange Daemon RSA signatures V1R12: add ECDSA signatures All AES ops V1R12: add SHA-2 ICSF System SSL V2R1: All V1R12: Supported All alg ms All except algorithms ECC-based except ECC-based and AES-GCM ones SSL/TLS All AES s/w ops, & DES CPACF support V1R12: add SHA-2 s/w ops AT-TLS TCP/IP Stack IPSec DES, 3DES, MD5, SHA-1 3DES, AES-CBC, SHA-1 V1R12: SHA-2 CPACF (z instruction set) (3DES, AES-CBC, AES-GCM, SHA-1, SHA-2) Coprocessors / Accelerators (RSA operations) Asymmetric Operations Symmetric Operations 48

49 Encrypting Data at Rest Encrypting non-vsam data sets Encrypting VSAM data sets Encrypting data on tape Encrypting data on disk (e.g. DS8000) Encrypting DB2 database Encrypting IMS data 49

50 ISKLM for Management of Keys that Encrypt Data at Rest ISKLM managing keys in ICSF Key Data Sets ISKLM managing keys in SAF Keyrings 50

51 51