Security is critical for enterprises across the globe, and this is particularly true as more businesses rely on data for their operations. Cryptography is one of several technologies that is recommended to ensure data confidentiality and data integrity. It has come a long way from the first IBM-developed data encryption standard (DES) algorithm in the 1970s, says Eysha Shirrine Powers, senior technical staff member at IBM. For example, AES 256-bit keys now provide strong protection for z/OS data set encryption and pervasive encryption, as DES 56-bit keys are no longer considered strong enough in today's computing environment. Cryptography and pervasive encryption strategies have been central to IBM Z over the last several decades, but many clients have said that it is complicated. Clients also have stated that implementing encryption at the application level can be daunting.
In Powers' upcoming SHARE Dallas 2022 sessions, “Crypto Lockdown” and “What’s New in Z Crypto: Enterprise Key Management Edition”, users can get an inside look at z/OS data encryption. She says that easy-to-use tools are expected to spur wider adoption of cryptographic technology.
Top Tips for Securing Crypto Environments
Powers explains that strong cryptography protects sensitive data, particularly in accordance with industry standards like the Payment Card Industry Data Security Standard (PCI DSS) and the National Institute of Standards & Technology (NIST) SP 800-53. However, "even with the use of strong cryptography, it’s imperative to protect the environment where cryptography is deployed," she says. "There are many system configuration options that are available to 'lockdown' your crypto environment."
- Restrict access to CSFSERV resources
- Restrict access to CSFKEYS and CRYPTOZ resources
- Load and activate master keys
Powers recommends that users make sure their CSFSERV class — which controls access to the integrated cryptographic service facility (ICSF) callable services and ICSF panel utilities — is active, RACLISTed, and generic. Additionally, there should be a backstop profile, such as CSFSERV* or CSFSERV**, with UACC(NONE) that prevents access by default.
The CSFKEYS class — which both controls access to cryptographic keys in the CKDS/PKDS and enables/disables the use of protected keys — also should be active, RACLISTed, and generic. Furthermore, the CRYPTOZ class controls access to and defines policy for cryptographic data within PKCS #11 tokens (i.e., TKDS). CRYPTOZ resources are designed to be secure by default, notes Powers, as it does not grant access to PKCS #11 cryptographic keys if there is no protection profile.
Because master keys reside on tamper responding hardware, tampering with them can lead to erasure. Powers explains, "Attempts to tamper with the Crypto Express Hardware Security Modules (HSMs), where the master keys are held, results in the zeroization of the card’s secrets." She adds that, even so, "master keys should be separated in two or more key parts owned by different key officers to ensure the separation of duties."
Crypto Express HSMs are a major protection mechanism for IBM Z. Powers says, "Crypto Express HSMs are designed and certified for PCI-HSM and FIPS 140-2 Level 4. They provide physical and logical protection of sensitive data stored on the HSMs, such as master keys. Additionally, the Crypto Express HSMs support the concept of cryptographic domains."
Each of these domains can contain a unique set of master keys. Powers explains, "To ensure cryptographic separation between IBM Z logical partitions (LPARs), load and activate different master keys for each domain/LPAR intended to be separated. Then, operational keys from one LPAR cannot be readily used on another LPAR."
z/OS ICSF Configurations
According to Powers, z/OS ICSF provides many different configuration options for crypto environments. These options are typically found in the CSFPRMxx PARMLIB member. CHECKAUTH, which is disabled by default, can improve performance for authorized callers, but she warns that if there are untrusted programs running and they are not checked for authorization of ICSF resources, there could be significant risk. "When enabled, authorized callers are checked for authorization to ICSF resources. This enhances security, but can significantly slow down performance," she says.
Powers recommends enabling crypto usage statistics to collect cryptographic usage data, such as cryptographic engines, services, and algorithms that are used in your workloads. The data is stored in System Management Facility (SMF) Type 82, subtype 31 records and correlated by job and user. However, she cautions, "For heavy workloads with different task level user IDs, there could be a lot of SMF records produced. To limit the number of records, enable the STATSFILTER option with the NOTKUSERID value."
Tools and Tricks for Easier Crypto Key Management
Protecting data well can be dependent on the availability of cryptographic keys. "If an enterprise chooses to implement data set encryption with hundreds of keys," Powers explains, "then you need tools to make key management easier." Key management includes activities such as key generation, key rotation, access control, assignment, auditing, and more.
She says that the Enterprise Key Management Foundation (EKMF) Web Edition is designed to simplify operational key management. EKMF Web has a browser-based user interface, which can both manage keys and display data sets protected with those keys. Meanwhile, the Trusted Key Entry (TKE) workstation can facilitate easier master key management. "With multiple cryptographic domains supported on a single Crypto Express adapter, generating and/or copying keys between Central Electronics Complexes (CECs), HSMs, or domains can be tedious," Powers says. "TKE provides a graphical user interface and multifactor authentication for master key management."
Algorithms are the brains behind cryptographic technology, says Powers, and these algorithms are typically based on mathematical analysis and proofs by cryptographers and cryptanalysts. "Over time, vulnerabilities can be found in algorithms and protocols that were once considered strong or unbreakable," she warns. "With encryption, both the algorithm and the cryptographic key are critical." Powers continues, "Even data encrypted with a strong algorithm could be broken with a weak key, especially as computers advance and processing power grows. The ability to crack a 'short' key becomes easier." However, the mainframe continues to evolve with pervasive encryption and other tools to ensure data remains secure going forward.
Over time, vulnerabilities can be found in algorithms and protocols that were once considered strong or unbreakable. With encryption, both the algorithm and the cryptographic key are critical.