230 likes | 336 Views
Presented by. RACF Administration Cryptography Catalog Management and Recovery Storage Management SMF Management Enterprise Password Reset and Sync. Offering software solutions worldwide for over 20 years. Your Presenter. Greg Thomason ASPG Technical Support. Greg Thomason
E N D
RACF Administration Cryptography Catalog Management and Recovery Storage Management SMF Management Enterprise Password Reset and Sync Offering software solutions worldwide for over 20 years
Your Presenter Greg Thomason ASPG Technical Support Greg Thomason ASPG Technical Support (800) 662-6090 greg.thomason@aspg.com
Today’s Agenda History Terminology Solving Business Problems Standards for Implementation Key Storage and Security Performance Interoperation
What is Cryptography? Cryptography is the process of securing data using encryption. Parts of a Cryptographic System Parts of a Cryptographic System Encryption for Data Confidentiality Digital Signatures for Signing and Verification Hashing for Data Integrity
Security Mandates • Sarbanes Oxley (SOX): Companies must retain and protect financial records. • HIPAA: Ensures the protection of Personal Health Information. • FERPA:Protection of Student Information. • Graham Leach Bliley:Protection of customer transaction records/information. • Payment Card Industry PCI: Merchants who store, process or transmit cardholder data must implement strong access control measures. • California Security Breach Information Act: Protection of personal information and requires reporting of security breaches involving unencrypted data. • Business-to-Business • Personal Information Protection & Electronic Documents Act (PIPEDA): Canadian act that protects personal information. • Personal Health Information Protection Act (PHIPA): Canadian law requires personal health information of patients to be held private, confidential and secure.
Why Use Cryptography? - Supplement Data Access Security - When Access Protection is breached - When Access Security is not available - Additional benefits of cryptographic systems
History “Classical” permutation and substitution “Medieval” polyalphabetic substitution 1883 Playfair cipher (diagrammatic) WWII Enigma Machine 1970’s: DES / RSA / Asymmetric 1990’s: PGP, Blowfish, SHA, SSL 2000’s AES, OpenPGP, OpenSSL
Terminology Plaintext: Ciphertext: Cryptanalysis: Cryptology: Algorithm: Key: Hash: Fingerprint: Original data Encrypted plaintext Breaking ciphertext Branch of math for Cryptography Mathematical Function Data value used by an algorithm Message digest of plaintext A hash of a key
Concepts Cryptographic System A “cryptosystem” includes all of the protocols, algorithms, and keys used to encipher and decipher messages. Example: OpenPGP Key Management Key Management includes any action that concerns your cryptographic keys: storage, access, generation, exchange, and replacement. Example: Key Import
Methods for Encryption Symmetric: Same key is used for Encryption and Decryption. Symmetric: Same key is used for Encryption and Decryption. Asymmetric:Different “public and private” keys are used for Encryption and Decryption. Asymmetric:Different “public and private” keys are used for Encryption and Decryption. Password Encryption Public Key Encryption
Encryption Operations Data at Rest Data at Rest Encryption of only specific sensitive files stored on disk or tape. Encryption of only specific sensitive files stored on disk or tape. Data in Transit Data in Transit Encryption of data during a transfer. Encryption of data during a transfer. Data in Process Data in Process Encryption routines added to your custom application. Encryption routines added to your custom application. Disk or Tape Disk or Tape Encryption of the entire disk or tape media regardless of data sensitivity. Encryption of the entire disk or tape media regardless of data sensitivity.
Implementing Encryption Software Solutions Appliance Solutions • Executed via Software Routines • Many support HW Acceleration for cryptographic instructions • Pros: • Flexiblity • Recoverability • Compatibility • Interoperability • Cons: • Potential programming effort • Alter batch processing • Executed at the storage device • Dedicated processor for cryptographic instructions • Pros: • Minimal administration after initial setup. • Cons: • Data must be on the device • Lack openness / compatibility • Symmetric processing only
Symmetric Encryption Same Key is Used to Encrypt and Decrypt Same Key is Used to Encrypt and Decrypt • Use a Password or “secret key” • Pros • Very efficient use of CPU for larger files • Cons • Key management/security issues • Especially with large # of business partners • Keys that decrypt data can exist in more than one place
Asymmetric Encryption Public Key Encryption Public Key Encryption • A key owner generates a key pair. • Public Key • Used for encryption only • Is exported from the key pair • Sent to users who will encrypt • Private Key • Used for decryption • Securely stored by key owner • Never share the private key
Hashing for Data Integrity Verification that the data has not been modified Checksum, Seal or Message Digest Checksum, Seal or Message Digest • Is created by processing cleartext using a Hashing algorithm • If data has changed, the checksum will be different.
Digital Signatures for Verification Verify the sender of the data that you decrypt Sign with Private Key Sign with Private Key • Authentication when signing Verify with Public Key Verify with Public Key • Sender is confirmed
OpenPGP An internet standard to define a protocol for PGP-like interoperation Main features • asymmetric and symmetric encryption • digital signatures • text compression • binary to base-64 conversion
Key Storage & Security Only authorized users should access keys • User’s brain (password) • Shared secret (password in parts) • Key Encrypting Keys (GnuPG) • Key Control Vectors (ICSF) • Access permission (RACF) • Combinations of these • User’s brain (password) • Shared secret (password in parts) • Key Encrypting Keys (GnuPG) • Key Control Vectors (ICSF) • Access permission (RACF) • Combinations of these
Performance Features that affect Cryptographic Performance • Algorithm Type • Amount of data to process • Compression time • Batch processing • Available system resources • Hardware Acceleration • Algorithm Type • Amount of data to process • Compression time • Batch processing • Available system resources • Hardware Acceleration
Associated Tasks Issues that impact Operations • Compression / Decompression • Tape resources • Disaster Recovery • Plaintext Encoding • Ciphertext Encoding • Training and Support
Getting Started Preparing for your Cryptography Project • Create a Security Policy • Legal Requirements • Business Partners • What must be encrypted • Trial and Acquire Products • Adherence to Standards • Interoperability / Compatibility • Free Tools and Enhancements • Human Resources • Training • Hiring • Create a Security Policy • Legal Requirements • Business Partners • What must be encrypted • Trial and Acquire Products • Adherence to Standards • Interoperability / Compatibility • Free Tools and Enhancements • Human Resources • Training • Hiring
Your Questions Contact ASPG for more information Email: aspgsales@aspg.com aspgtech@aspg.com Phone: (800) 662-6090