Protocol Comparisons: OpenSSH, SSL/TLS (AT-TLS), IPSec

Similar documents
Protecting Your z/os Data: Safe Flying Through Stormy Weather. Thomas Cosenza Systems Lab Services Security Consultant

Transport Level Security

L13. Reviews. Rocky K. C. Chang, April 10, 2015

IPSec VPN Setup with IKE Preshared Key and Manual Key on WRVS4400N Router

Information Security CS 526

IBM Systems and Technology Group

IPSec. Slides by Vitaly Shmatikov UT Austin. slide 1

The World Wide Web is widely used by businesses, government agencies, and many individuals. But the Internet and the Web are extremely vulnerable to

Data Security and Privacy. Topic 14: Authentication and Key Establishment

Transport Layer Security

Computer Security. 10r. Recitation assignment & concept review. Paul Krzyzanowski. Rutgers University. Spring 2018

APNIC elearning: Cryptography Basics

VPN Ports and LAN-to-LAN Tunnels

Overview. SSL Cryptography Overview CHAPTER 1

Sharing Secrets using Encryption Facility - Handson

Protocols, Technologies and Standards Secure network protocols for the OSI stack P2.1 WLAN Security WPA, WPA2, IEEE i, IEEE 802.1X P2.

Securing Mainframe File Transfers and TN3270

Encryption Facility for z/os

CSCE 715: Network Systems Security

Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP,

(2½ hours) Total Marks: 75

INTERNET PROTOCOL SECURITY (IPSEC) GUIDE.

Overview of SSL/TLS. Luke Anderson. 12 th May University Of Sydney.

Proving who you are. Passwords and TLS

Introduction and Overview. Why CSCI 454/554?

Linux Network Administration

10194 System SSL and Crypto on System z

Virtual Private Networks

CPSC 467: Cryptography and Computer Security

CONTENTS. vii. Chapter 1 TCP/IP Overview 1. Chapter 2 Symmetric-Key Cryptography 33. Acknowledgements

CSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L

Lecture Nov. 21 st 2006 Dan Wendlandt ISP D ISP B ISP C ISP A. Bob. Alice. Denial-of-Service. Password Cracking. Traffic.

Cristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.

Sample excerpt. Virtual Private Networks. Contents

The Xirrus Wi Fi Array XS4, XS8 Security Policy Document Version 1.0. Xirrus, Inc.

CSCE 715: Network Systems Security

WAP Security. Helsinki University of Technology S Security of Communication Protocols

Network Security - ISA 656 IPsec IPsec Key Management (IKE)

HP Instant Support Enterprise Edition (ISEE) Security overview

Firewalls, Tunnels, and Network Intrusion Detection

Table of Contents 1 SSH Configuration 1-1

E-commerce security: SSL/TLS, SET and others. 4.1

IBM Education Assistance for z/os V2R1

Cryptography and Network Security

Junos Security. Chapter 8: IPsec VPNs Juniper Networks, Inc. All rights reserved. Worldwide Education Services

VPN Overview. VPN Types

Acronyms. International Organization for Standardization International Telecommunication Union ITU Telecommunication Standardization Sector

SonicWALL Addendum. A Supplement to the SonicWALL Internet Security Appliance User's Guide

Lecture 9a: Secure Sockets Layer (SSL) March, 2004

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

Cryptography and Network Security

INF3510 Information Security University of Oslo Spring Lecture 9 Communication Security. Audun Jøsang

AN IPSWITCH WHITEPAPER. The Definitive Guide to Secure FTP

iii PPTP... 7 L2TP/IPsec... 7 Pre-shared keys (L2TP/IPsec)... 8 X.509 certificates (L2TP/IPsec)... 8 IPsec Architecture... 11

Glenda Whitbeck Global Computing Security Architect Spirit AeroSystems

Int ernet w orking. Internet Security. Literature: Forouzan: TCP/IP Protocol Suite : Ch 28

IBM z Systems Security Conference Business Security for today and tomorrow > September Montpellier

Configuring OpenVPN on pfsense

CSC 774 Network Security

SSH. Partly a tool, partly an application Features:

KALASALINGAM UNIVERSITY

IBM Education Assistance for z/os V2R2

Integrating the Hardware Management Console s Broadband Remote Support Facility into your Enterprise

VPN World. MENOG 16 Istanbul-Turkey. By Ziad Zubidah Network Security Specialist

Let's Encrypt - Free SSL certificates for the masses. Pete Helgren Bible Study Fellowship International San Antonio, TX

FIPS SECURITY POLICY FOR

Digital Certificates Demystified

Lecture 33. Firewalls. Firewall Locations in the Network. Castle and Moat Analogy. Firewall Types. Firewall: Illustration. Security April 15, 2005

IP Security IK2218/EP2120

System SSL and Crypto on z Systems. Greg Boyd

Certificate Authentication in the z/os Internet Key Exchange SHARE Session 8233

CTS2134 Introduction to Networking. Module 08: Network Security

What is Secure. Authenticated I know who I am talking to. Our communication is Encrypted

TLS 1.1 Security fixes and TLS extensions RFC4346

Securing Internet Communication: TLS

SEEM4540 Open Systems for E-Commerce Lecture 03 Internet Security

Chapter 8. Network Security. Cryptography. Need for Security. An Introduction to Cryptography 10/7/2010

AIT 682: Network and Systems Security

Hardware Cryptography and z/tpf

Set Up a Remote Access Tunnel (Client to Gateway) for VPN Clients on RV016, RV042, RV042G and RV082 VPN Routers

CSC/ECE 774 Advanced Network Security

Syllabus: The syllabus is broadly structured as follows:

Dell SonicWALL. NSA 220, NSA 220W and NSA 240. FIPS Non-Proprietary Security Policy

CRYPTOGRAPHY AND NETWROK SECURITY-QUESTION BANK

Virtual Private Network

9/30/2016. Cryptography Basics. Outline. Encryption/Decryption. Cryptanalysis. Caesar Cipher. Mono-Alphabetic Ciphers

Configuring SSL. SSL Overview CHAPTER

Findings for

Distributed Systems. 25. Authentication Paul Krzyzanowski. Rutgers University. Fall 2018

Configuring Internet Key Exchange Security Protocol

Cryptography Basics. IT443 Network Security Administration Slides courtesy of Bo Sheng

Cryptography - SSH. Network Security Workshop May 2017 Phnom Penh, Cambodia

CS November 2018

Cryptography - SSH. Network Security Workshop. 3-5 October 2017 Port Moresby, Papua New Guinea

Cryptography (Overview)

Wireless LAN Security. Gabriel Clothier

Cryptography and secure channel. May 17, Networks and Security. Thibault Debatty. Outline. Cryptography. Public-key encryption

SSL/TLS & 3D Secure. CS 470 Introduction to Applied Cryptography. Ali Aydın Selçuk. CS470, A.A.Selçuk SSL/TLS & 3DSec 1

Configuring Security for VPNs with IPsec

Connecting Securely to the Cloud

Transcription:

Protocol Comparisons: OpenSSH, SSL/TLS (AT-TLS), IPSec Author: Gwen Dente, IBM Gaithersburg, MD Acknowledgments: Alfred Christensen, IBM Erin Farr, IBM Christopher Meyer, IBM Linwood Overby, IBM Richard Theiss, IBM 1. This document was assembled with assistance from information provided by the following people: 1. Alfred Christensen, IBM 2. Erin Farr, IBM 3. Christopher Meyer, IBM 4. Linwood Overby, IBM 5. Richard Theiss, IBM Comparison_SSL_IPSec_SSH_02.PRZ Page 1

What is OpenSSH A secure protocol that provides: Authentication both client and server Data Privacy including Userid/password Data Integrity Authorization regulates access control to accounts Forwarding (a.k.a. tunneling) encryption of other TCP/IP-based sessions Most implementations of OpenSSH support direct access only to UNIX file systems. OpenSSH from IBM z/os: Program Product: IBM Ported Tools for z/os Unpriced, runs on z/os 1.4 and higher Order from ShopzSeries, under MVS: System Mgmt. and Security. GA Version info: OpenSSH 3.5p1, OpenSSL 0.9.7b, zlib 1.1.4 OA10315 version is: OpenSSH 3.8.1p1, OpenSSL 0.9.7d, zlib 1.1.4 Supports SSH V1 and V2 SSH protects against: Eavesdropping Name service and IP spoofing Connection Hijacking Man-in-the-Middle Attacks Insertion Attacks 1. OpenSSH from IBM z/os: Program Product: IBM Ported Tools for z/os 2. ` ` unpriced, runs on z/os 1.4 and higher 3. ` order from ShopzSeries, under MVS: System Mgmt. and Security. 4. ` GA Version info: OpenSSH 3.5p1, OpenSSL 0.9.7b, zlib 1.1.4 5. ` OA10315 version is: OpenSSH 3.8.1p1, OpenSSL 0.9.7d, zlib 1.1.4 1. Supports SSH V1 and V2 6. SSH protects against: 1. Eavesdropping 2. Name service and IP spoofing 3. Connection Hijacking 4. Man-in-the-Middle Attacks 5. Insertion Attacks 7. Eavesdropping network snooper who reads traffic without affecting it. 8. SSH prevents this through encryption 9. Name Service and IP spoofing an attacker subverts your naming service (DNS, for example) and network programs may connect to the wrong machine. 10. SSH prevents this by cryptographically verifying the server host identity. It may print warning or exit, depending on configuration. 11. Connection Hijacking an attacker listens to network traffic and injects his own traffic, essentially stealing away the TCP from one of its endpoints. 12. SSH prevents this through integrity checking, and shuts down if data was corrupted. 13. Man-in-the-middle attack an attacker is able to read, and possibly modify, transmissions between two parties/hosts. Neither party knows they have been attacked. Each believes they are still communicating with his intended destination. 14. SSH prevents this 2 ways: 15. 1. server host authentication 16. 2. allows users to limit the authentication methods vulnerable to this attack (like password authentication). Public-key and Hostbased/RhostsRSA are immune. 17. Insertion Attack an attacker inserts arbitrary data into the data stream 18. SSH (Protocol Version 2) uses cryptographically strong integrity checks to avoid this. 19. Base SSH: Uses Public Key Infrastructure for authentication and encryption, 20. Authentication (both client and server) through: 21. Public key cryptography 22. Existing login passwords 23. Trusted hosts authentication 24. Data Privacy - through encryption 25. Data Integrity - guarantees data traveling over the network is unaltered 26. Authorization regulates access control to accounts 27. Forwarding (a.k.a. tunneling) encryption of other TCP/IP-based sessions 28. SSH does not protect against: 29. Password cracking an attacker steals your password 30. SSH alleviates this by: 31. 1. Encrypting passwords as they pass over the network. 32. 2. Providing public-key authentication. Stolen passphrase is useless without the private key file. 33. IP and TCP attacks SSH operates on top of TCP, so it is vulnerable to attacks against weaknesses in TCP and IP. 34. SSH, through privacy, integrity, and authentication, minimizes these attacks to denial-of-service attacks. 35. Traffic analysis - Deducing useful intelligence from patterns of message traffic, without breaking codes or reading the messages 36. SSH does not address traffic analysis attacks. 37. Covert Channel a hidden communication medium, usually defying the host s security policy. Comparison_SSL_IPSec_SSH_02.PRZ Page 2

Comparison: SSL/TLS or AT-TLS, IPSec, & OpenSSH Public Key Technology Security: Authentication of Partner Data Integrity Checking Encryption of Userid, Password, Data IP Protocol Protected? Types of Files? Number of "sessions" on encrypted pipe SSL/TLS or AT-TLS with x.509 Certificates IPSec with x.509 Certificates Yes (server authentication required) Server Authentication with Server Certificate Optional Client Authentication with Client Certificate Yes (mutual authentication required) Partner Authentication required with Certificate at both endpoints. Protects TCP Protects TCP, UDP, any IP protocol MVS datasets and UNIX files MVS datasets and UNIX files 1 per TCP Multiple per OpenSSH with Public and Private Key Pair (Assumption: SSH V2) Yes (mutual authentication required) Server Authentication with Server Public/Private Key Pair Server Public Key has been loaded into Client-Side "$HOME/.ssh/known_hosts" file and Client Authentication with Client password or with Public/Private Key Pair Client Public Key has been loaded into Server-Side "$HOME/.ssh/authorized_keys" file and Protects TCP UNIX files only** No SSH Tunnel: 1 per TCP SSH Tunnel: Multiple per TCP ** Note: OpenSSH works with UNIX file systems only; EOM vendor implementations exist to work with MVS files. OpenSSH can operate against MVS files if they have been copied or moved into an HFS or zfs. 1. OpenSSH from IBM z/os: Program Product: IBM Ported Tools for z/os 2. ` ` unpriced, runs on z/os 1.4 and higher 3. ` order from ShopzSeries, under MVS: System Mgmt. and Security. 4. ` GA Version info: OpenSSH 3.5p1, OpenSSL 0.9.7b, zlib 1.1.4 5. ` OA10315 version is: OpenSSH 3.8.1p1, OpenSSL 0.9.7d, zlib 1.1.4 6. Base SSH: Uses Public Key Infrastructure for authentication and encryption, 7. Authentication (both client and server) through: 8. Public key cryptography 9. Existing login passwords 10. Trusted hosts authentication 11. Data Privacy - through encryption 12. Data Integrity - guarantees data traveling over the network is unaltered 13. Authorization regulates access control to accounts 14. Forwarding (a.k.a. tunneling) encryption of other TCP/IP-based sessions 15. BUT key management and distribution for large numbers of users are difficult because there is no concept of a Certificate Authority. As a result, the keys themselves or the trusted hosts file itself for each server needs to be distributed to the participants. In addition, the SSH option for eliminating 16. Only for UNIX files with SFTP; only for UNIX shell with SSH (Tectia extensions allow usage on MVS files); only uses crypto card for generation of the keys 17. 18. Base SSL or TLS: Either Unix or MVS files with either TN3270 or FTPS; 19. also uses Public Keys, but in addition relies on x.509 Certificates for authentication thus simplifying key management and distribution, especially if you use a well-known Certificate Authority; 20. can store master key in hardware and can take advantage of crypto cards for handshakes and sometimes data encryption Comparison_SSL_IPSec_SSH_02.PRZ Page 3

Appendix A: Protocol Comparisons -- IPSec and SSL; OpenSSH 1. The material in this appendix is repeated in the IPSec Overview, another presentation in this course. Comparison_SSL_IPSec_SSH_02.PRZ Page 4

IPSec vs. AT-TLS IPSec All protocols AT-TLS TCP Traffic protected with data authentication and encryption End-to-end protection Yes Yes Segment protection Yes No Scope of protection How controlled Requires application modifications Security association 1)all traffic 2)protocol 3)single 4)Certificate Content is protected IPSec policy 1)z/OS responds to IKE peer 2)z/OS initiates to IKE peer based on outbound packet, IPSec command, or policy autoactivation No TLS session 1)single 2)Certificate Content flows in clear AT-TLS policy 1)For handshake role of server, responds to TLS client based on policy 2)For handshake role of client, initializes TLS based on policy 3)Advanced function applications No, unless advanced function needed 1)Obtain client cert/userid 2)Start TLS Type of security Device to device Application to application Type of authentication Peer-to-peer 1)Server to client 2)Client to server (opt) Authentication credentials 1)Preshared keys X.509 certificates 2)X.509 certificates Authentication principals Represents host Represents user Session key generation/refresh "Yes" with IKE "No" with manual IPSec TLS handshake 1. This chart was assembled by Alfred Christensen, Linwood Overby, and Christopher Meyer of IBM Raleigh CommServer Development. 2. There is one more difference between the two protocols that is not depicted on this chart: 1. If the SSL Private key is compromised, then any negotiation of a new Session Key is compromised 2. If the IPSec Private key is compromised, then there is a bit more protection, because the Session Key is independently negotiated with Diffie-Hellman. Comparison_SSL_IPSec_SSH_02.PRZ Page 5

Comparison: SSL/TLS or AT-TLS, IPSec, & OpenSSH Public Key Technology Visual duplicated in order to provide context for remaining visuals. Security: Authentication of Partner Data Integrity Checking Encryption of Userid, Password, Data IP Protocol Protected? Types of Files? Number of "sessions" on encrypted pipe SSL/TLS or AT-TLS with x.509 Certificates IPSec with x.509 Certificates Yes (server authentication required) Server Authentication with Server Certificate Optional Client Authentication with Client Certificate Yes (mutual authentication required) Partner Authentication required with Certificate at both endpoints. Protects TCP Protects TCP, UDP, any IP protocol MVS datasets and UNIX files MVS datasets and UNIX files 1 per TCP Multiple per OpenSSH with Public and Private Key Pair (Assumption: SSH V2) Yes (mutual authentication required) Server Authentication with Server Public/Private Key Pair Server Public Key has been loaded into Client-Side "$HOME/.ssh/known_hosts" file and Client Authentication with Client password or with Public/Private Key Pair Client Public Key has been loaded into Server-Side "$HOME/.ssh/authorized_keys" file and Protects TCP UNIX files only** No SSH Tunnel: 1 per TCP SSH Tunnel: Multiple per TCP ** Note: OpenSSH works with UNIX file systems only; EOM vendor implementations exist to work with MVS files. OpenSSH can operate against MVS files if they have been copied or moved into an HFS or zfs. 1. This is a duplicate of an earlier page and is reproduced to put the other pages of this appendix in context. 2. OpenSSH from IBM z/os: Program Product: IBM Ported Tools for z/os 3. ` ` unpriced, runs on z/os 1.4 and higher 4. ` order from ShopzSeries, under MVS: System Mgmt. and Security. 5. ` GA Version info: OpenSSH 3.5p1, OpenSSL 0.9.7b, zlib 1.1.4 6. ` OA10315 version is: OpenSSH 3.8.1p1, OpenSSL 0.9.7d, zlib 1.1.4 7. Base SSH: Uses Public Key Infrastructure for authentication and encryption, 8. Authentication (both client and server) through: 9. Public key cryptography 10. Existing login passwords 11. Trusted hosts authentication 12. Data Privacy - through encryption 13. Data Integrity - guarantees data traveling over the network is unaltered 14. Authorization regulates access control to accounts 15. Forwarding (a.k.a. tunneling) encryption of other TCP/IP-based sessions 16. BUT key management and distribution for large numbers of users are difficult because there is no concept of a Certificate Authority. As a result, the keys themselves or the trusted hosts file itself for each server needs to be distributed to the participants. In addition, the SSH option for eliminating 17. Only for UNIX files with SFTP; only for UNIX shell with SSH (Tectia extensions allow usage on MVS files); only uses crypto card for generation of the keys 18. 19. Base SSL or TLS: Either Unix or MVS files with either TN3270 or FTPS; 20. also uses Public Keys, but in addition relies on x.509 Certificates for authentication thus simplifying key management and distribution, especially if you use a well-known Certificate Authority; 21. can store master key in hardware and can take advantage of crypto cards for handshakes and sometimes data encryption Comparison_SSL_IPSec_SSH_02.PRZ Page 6

Comparison: SSL/TLS or AT-TLS, IPSec, & OpenSSH Public Key Technology Private Key Repository Key Management Encryption Protocols Hashing Protocols SSL/TLS or AT-TLS with x.509 Certificates In Keyring or key database Usually low maintenance: Certificate Authority Services for x.509 cert.*** Asymmetric: RSA for Server (and optionally Client) Authentication and Generation of Session Key Symmetric: RC2, RC4, DES, 3DES, AES128, AES256 MD5, SHA-1 IPSec with x.509 Certificates In Keyring or key database Usually low maintenance: Certificate Authority Services for x.509 cert.*** Asymmetric: RSA for peer authentication; Diffie-Hellman (DH) for Generation of Session Key Symmetric: RC2, RC4, DES, 3DES, AES128, AES256 MD5, SHA-1 OpenSSH with In a trusted Can be high maintenance: Asymmetric: RSA, DSA for peer MD5, SHA-1, Public and hosts file or Distribution of each public authentication and Generation of RIPEMD-160 Private Key Pair authorized key; verification at Session Key and Generation of (Assumption: keys file* server*** Digital Signature SSH V2) Symmetric: DES, 3DES, AES128, AES192, AES256 * Note: The system-wide known hosts file is in /etc/ssh/ssh_known_hosts. The user-specific file is in $HOME/.ssh/known_hosts (Server ID) or $HOME/.ssh/authorized_keys (Client ID) ***Note: With x.509, each client participant needs a copy of only the Certificate Authority's certificate that signed the server certificate in its keyring or key database in order to authenticate the server. For example, 20 server certificates may have been signed by the same CA, and yet the client requires only the 1 trusted CA certificate in order to authenticate the server(s). With OpenSSH each client requires a copy of the public key for each server in order to authenticate that server. If there are 20 servers, then the client requires copies of 20 public keys. 1. Diffie-Hellman key exchange (D-H) is a cryptographic protocol that allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel. This key can then be used to encrypt subsequent communications using a symmetric key cipher. 2. 3. 4. Perform setup for server authentication: 1. Generate host keys for server 2. allows a client to verify the identity of the server. 5. Use ssh-keygen to create host keys: 1. ssh keygen t dsa f /etc/ssh/ssh_host_dsa_key N "" 2. ssh keygen t rsa f /etc/ssh/ssh_host_rsa_key N "" 6. Create local and remote ssh_known_hosts files 1. Contains host public keys for all hosts you know about 2. Copy local host s public keys to the remote hosts 3. Gather public keys of remote hosts 7. 8. OpenSSH from IBM z/os: Program Product: IBM Ported Tools for z/os 9. ` ` unpriced, runs on z/os 1.4 and higher 10. ` order from ShopzSeries, under MVS: System Mgmt. and Security. 11. ` GA Version info: OpenSSH 3.5p1, OpenSSL 0.9.7b, zlib 1.1.4 12. ` OA10315 version is: OpenSSH 3.8.1p1, OpenSSL 0.9.7d, zlib 1.1.4 13. Base SSH: Uses Public Key Infrastructure for authentication and encryption, 14. Authentication (both client and server) through: 15. Public key cryptography 16. Existing login passwords 17. Trusted hosts authentication 18. Data Privacy - through encryption 19. Data Integrity - guarantees data traveling over the network is unaltered 20. Authorization regulates access control to accounts 21. Forwarding (a.k.a. tunneling) encryption of other TCP/IP-based sessions 22. BUT key management and distribution for large numbers of users are difficult because there is no concept of a Certificate Authority. As a result, the keys themselves or the trusted hosts file itself for each server needs to be distributed to the participants. 23. Only for UNIX files with SFTP; only for UNIX shell with SSH (Tectia extensions allow usage on MVS files); only uses crypto card for generation of the keys 24. 25. Base SSL or TLS: Either Unix or MVS files with either TN3270 or FTPS; 26. also uses Public Keys, but in addition relies on x.509 Certificates for authentication thus simplifying key management and distribution, especially if you use a well-known Certificate Authority; 27. can store master key in hardware and can take advantage of crypto cards for handshakes and sometimes data encryption 28. 29. Comparison_SSL_IPSec_SSH_02.PRZ Page 7

Appendix B: Use of Cryptographic Hardware: SSL/TLS, IPSec, SSH Performance Reports for z/os Communications Server and Security: http://www-01.ibm.com/support/docview.wss?uid=swg27005524 1. Some of this material is a subset of the material that is available in the presentation built by Christopher Meyer, of z/os Communications Server Development in Raleigh, North Carolina. Comparison_SSL_IPSec_SSH_02.PRZ Page 8

Use of Cryptographic Hardware: SSL/TLS, AT-TLS Algorithm RSA signature generation RSA signature verification PKA encrypt/decrypt for handshake SHA-1 digest generation SHA-224 digest generation SHA-256 digest generation SHA-384 digest generation SHA-512 digest generation DES encrypt/decrypt 3DES encrypt/decrypt AES-128 encrypt/decrypt AES-256 encrypt/decrypt CPACF only Available Hardware on z Platform CPACF + Coprocessor/Accelerator In coprocessor mode only. Otherwise in software (accelerator does not support this operation). In coprocessor/accelerator. In coprocessor/accelerator CPACF CPACF CPACF on z9, CPACF in z10 EC on z9, CPACF in z10 EC CPACF CPACF CPACF on z9, CPACF in z10 EC Extracted from a presentation by Christopher Meyer, IBM Raleigh Communications Server Development Team: "Crypto Demystified" 1. Starting with the z10 processor, more hashing and encryption algorithms are processed in CPACF than were processed on previous System z models: SHA-384, SHA-512, AES-256. Comparison_SSL_IPSec_SSH_02.PRZ Page 9

Use of Cryptographic Hardware: IKE Diffie-Hellman based symmetric key generation Generated keys are used to encrypt traffic that flows over Phase 1 SA RSA signature generate, signature verify for peer authentication Due to z/os IKED single-threaded design, multiple Coprocessors or Accelerators will not provide any significant advantage for IKE operations DES, 3DES, AES encryption of IKE payloads AES requires ICSF (unsupported if ICSF is not available) SHA-1, MD5 HMACs for message authentication Algorithm Diffie-Hellman operations RSA signature generation (clear key only) RSA signature verification DES 3DES AES-128 CPACF only via System SSL via System SSL via System SSL Available Hardware on z Platform via System SSL In CPACF via ICSF, otherwise not supported CPACF + Coprocessor/Accelerator In Coprocessor (not accelerator) if available, otherwise in software via System SSL In Coprocessor/Accelerator SHA-1 MD5 Extracted from a presentation by Christopher Meyer, IBM Raleigh Communications Server Development Team: "Crypto Demystified" 1. Diffie-Hellman key exchange (D-H) is a cryptographic protocol that allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel. This key can then be used to encrypt subsequent communications using a symmetric key cipher. Comparison_SSL_IPSec_SSH_02.PRZ Page 10

Use of Cryptographic Hardware: IPSec DES, 3DES, AES encryption of IKE payloads AES requires ICSF (unsupported if ICSF is not available) SHA-1, MD5 HMACs for message authentication Available Hardware on z Platform Algorithm DES 3DES AES-128 SHA-1 MD5 CPACF (stack doesn t use coproc r or accel r) In CPACF (via ICSF) In CPACF In CPACF In CPACF (via ICSF) ziip Offload Starting with V1R8 (APAR PK40178), all SRB-based processing in stack, including these crypto operations, can be offloaded to ziip to reduce cost of IPSec protection. IPSec processing that is based on enclave SRBs is eligible for ziip offload. Only an outbound-initiated IPSec operation is ineligible as it is processed on a TCB. (See notes.) Extracted from a presentation by Christopher Meyer, IBM Raleigh Communications Server Development Team: "Crypto Demystified" 1. The ziip assisted IPSec function is designed to move most of the IPSec processing from the general purpose processors to the ziips. 2. z/os CS TCP/IP recognizes IPSec packets and routes a portion of them to an independent enclave SRB this workload is eligible for the ziip. 1. Inbound operation (not initiated by z/os) 1. All inbound IPSec processing is dispatched to enclave SRBs and is eligible for ziip 2. All subsequent outbound IPSec responses from z/os are dispatched to enclave SRB. This means that all encryption/decryption of message integrity and IPSec header processing is sent to ziip 2. Outbound operation (initiated by z/os) 1. Operation which starts on a TCB is not ziip eligible 2. BUT any inbound response or acknowledgement is SRB-based and therefore ziip eligible 3. AND all subsequent outbound IPSec responses from z/os are also ziip eligible Comparison_SSL_IPSec_SSH_02.PRZ Page 11

Use of Cryptographic Hardware: OpenSSH Available Hardware on z Platform Cipher CPACF only CPACF + Coprocessor RNG (Random Number Generation) In Coprocessor RSA DSA RSA, DSA for Authentication of peer for Generation of Session Key and Digital Signature RNG OpenSSH on z accesses the hardware Coprocessor only during the Random Number Generation (RNG) that is used in the process of generating the symmetric key which will be used during the data transfer stage of SSH. 1. RSA is the default. Choose DSA only when you have a specific need for DSA. 2. Diffie-Hellman key exchange (D-H) is a cryptographic protocol that allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel. This key can then be used to encrypt subsequent communications using a symmetric key cipher. 3. As documented at z/os IBM Ported Tools for z/os User s Guide (SA22-7985-04), on page 27, OpenSSH uses hardware support to generate random numbers through CSFRNG (random number generate service). CSFRNG is a system z nomenclature to CSNBRNG. 1. According to the z/os Cryptographic Services ICSF Application Programmer s Guide (SA22-7522-09) on page 167 you will find the CSNBRNG description. On page 168, under the CSNBRNG Usage Notes, you will find the required hardware to run this callable service. 1. At IBM z900 / z800, the CCF (Cryptographic Coprocessor Facility) is enough. 2. At IBM z9 BC / EC, the CEX2C (Crypto Express 2 Card) is required. 3. In order to exploit the CPACF, OpenSSH developer should code the KMC (Cipher Message with Chaining) with PRNG instruction instead of calling ICSF. (Documented at z/architecture Principles of Operation (SA22-7832-05) on page 7-47.) 1. As of 2008 there are no plans for OpenSSH to exploit CPACF -- that is, to switch the ICSF call to the KMC-PRNG instruction. Comparison_SSL_IPSec_SSH_02.PRZ Page 12

End of Topic Comparison_SSL_IPSec_SSH_02.PRZ Page 13

End of Topic Comparison_SSL_IPSec_SSH_02.PRZ Page 14

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback