1 / 23

Presented by

Presented by. RACF Administration Cryptography Catalog Management and Recovery Storage Management SMF Management Enterprise Password Reset and Sync. Offering software solutions worldwide for over 20 years. Your Presenter. Greg Thomason ASPG Technical Support. Greg Thomason

gerry
Download Presentation

Presented by

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Presented by

  2. RACF Administration Cryptography Catalog Management and Recovery Storage Management SMF Management Enterprise Password Reset and Sync Offering software solutions worldwide for over 20 years

  3. Your Presenter Greg Thomason ASPG Technical Support Greg Thomason ASPG Technical Support (800) 662-6090 greg.thomason@aspg.com

  4. Today’s Agenda History Terminology Solving Business Problems Standards for Implementation Key Storage and Security Performance Interoperation

  5. What is Cryptography? Cryptography is the process of securing data using encryption. Parts of a Cryptographic System Parts of a Cryptographic System Encryption for Data Confidentiality Digital Signatures for Signing and Verification Hashing for Data Integrity

  6. Security Mandates • Sarbanes Oxley (SOX): Companies must retain and protect financial records. • HIPAA: Ensures the protection of Personal Health Information. • FERPA:Protection of Student Information. • Graham Leach Bliley:Protection of customer transaction records/information. • Payment Card Industry PCI: Merchants who store, process or transmit cardholder data must implement strong access control measures. • California Security Breach Information Act: Protection of personal information and requires reporting of security breaches involving unencrypted data. • Business-to-Business • Personal Information Protection & Electronic Documents Act (PIPEDA): Canadian act that protects personal information. • Personal Health Information Protection Act (PHIPA): Canadian law requires personal health information of patients to be held private, confidential and secure.

  7. Why Use Cryptography? - Supplement Data Access Security - When Access Protection is breached - When Access Security is not available - Additional benefits of cryptographic systems

  8. History “Classical” permutation and substitution “Medieval” polyalphabetic substitution 1883 Playfair cipher (diagrammatic) WWII Enigma Machine 1970’s: DES / RSA / Asymmetric 1990’s: PGP, Blowfish, SHA, SSL 2000’s AES, OpenPGP, OpenSSL

  9. Terminology Plaintext: Ciphertext: Cryptanalysis: Cryptology: Algorithm: Key: Hash: Fingerprint: Original data Encrypted plaintext Breaking ciphertext Branch of math for Cryptography Mathematical Function Data value used by an algorithm Message digest of plaintext A hash of a key

  10. Concepts Cryptographic System A “cryptosystem” includes all of the protocols, algorithms, and keys used to encipher and decipher messages. Example: OpenPGP Key Management Key Management includes any action that concerns your cryptographic keys: storage, access, generation, exchange, and replacement. Example: Key Import

  11. Methods for Encryption Symmetric: Same key is used for Encryption and Decryption. Symmetric: Same key is used for Encryption and Decryption. Asymmetric:Different “public and private” keys are used for Encryption and Decryption. Asymmetric:Different “public and private” keys are used for Encryption and Decryption. Password Encryption Public Key Encryption

  12. Encryption Operations Data at Rest Data at Rest Encryption of only specific sensitive files stored on disk or tape. Encryption of only specific sensitive files stored on disk or tape. Data in Transit Data in Transit Encryption of data during a transfer. Encryption of data during a transfer. Data in Process Data in Process Encryption routines added to your custom application. Encryption routines added to your custom application. Disk or Tape Disk or Tape Encryption of the entire disk or tape media regardless of data sensitivity. Encryption of the entire disk or tape media regardless of data sensitivity.

  13. Implementing Encryption Software Solutions Appliance Solutions • Executed via Software Routines • Many support HW Acceleration for cryptographic instructions • Pros: • Flexiblity • Recoverability • Compatibility • Interoperability • Cons: • Potential programming effort • Alter batch processing • Executed at the storage device • Dedicated processor for cryptographic instructions • Pros: • Minimal administration after initial setup. • Cons: • Data must be on the device • Lack openness / compatibility • Symmetric processing only

  14. Symmetric Encryption Same Key is Used to Encrypt and Decrypt Same Key is Used to Encrypt and Decrypt • Use a Password or “secret key” • Pros • Very efficient use of CPU for larger files • Cons • Key management/security issues • Especially with large # of business partners • Keys that decrypt data can exist in more than one place

  15. Asymmetric Encryption Public Key Encryption Public Key Encryption • A key owner generates a key pair. • Public Key • Used for encryption only • Is exported from the key pair • Sent to users who will encrypt • Private Key • Used for decryption • Securely stored by key owner • Never share the private key

  16. Hashing for Data Integrity Verification that the data has not been modified Checksum, Seal or Message Digest Checksum, Seal or Message Digest • Is created by processing cleartext using a Hashing algorithm • If data has changed, the checksum will be different.

  17. Digital Signatures for Verification Verify the sender of the data that you decrypt Sign with Private Key Sign with Private Key • Authentication when signing Verify with Public Key Verify with Public Key • Sender is confirmed

  18. OpenPGP An internet standard to define a protocol for PGP-like interoperation Main features • asymmetric and symmetric encryption • digital signatures • text compression • binary to base-64 conversion

  19. Key Storage & Security Only authorized users should access keys • User’s brain (password) • Shared secret (password in parts) • Key Encrypting Keys (GnuPG) • Key Control Vectors (ICSF) • Access permission (RACF) • Combinations of these • User’s brain (password) • Shared secret (password in parts) • Key Encrypting Keys (GnuPG) • Key Control Vectors (ICSF) • Access permission (RACF) • Combinations of these

  20. Performance Features that affect Cryptographic Performance • Algorithm Type • Amount of data to process • Compression time • Batch processing • Available system resources • Hardware Acceleration • Algorithm Type • Amount of data to process • Compression time • Batch processing • Available system resources • Hardware Acceleration

  21. Associated Tasks Issues that impact Operations • Compression / Decompression • Tape resources • Disaster Recovery • Plaintext Encoding • Ciphertext Encoding • Training and Support

  22. Getting Started Preparing for your Cryptography Project • Create a Security Policy • Legal Requirements • Business Partners • What must be encrypted • Trial and Acquire Products • Adherence to Standards • Interoperability / Compatibility • Free Tools and Enhancements • Human Resources • Training • Hiring • Create a Security Policy • Legal Requirements • Business Partners • What must be encrypted • Trial and Acquire Products • Adherence to Standards • Interoperability / Compatibility • Free Tools and Enhancements • Human Resources • Training • Hiring

  23. Your Questions Contact ASPG for more information Email: aspgsales@aspg.com aspgtech@aspg.com Phone: (800) 662-6090

More Related