IBM System z - Security: IBM zEnterprise EC12

Customers and businesses who use the Web each have their own security concerns about sensitive information. Customers must have confidence in the safe transmission of sensitive financial and personal information to web merchants. Businesses must be certain in the knowledge that payment information collected over web storefronts is indeed valid. Transactions sent across networks must be protected from eavesdropping and alteration. Data files on Internet-connected servers must be protected from malicious hackers. Secure Sockets Layer (SSL) traffic must be encrypted at high speeds.

The best known way to protect against eavesdropping and alteration is by using cryptography. Encryption ensures data confidentiality. Data integrity techniques, which include MAC, hashing, and digital signatures, protect against data alteration.

Encryption is a vital part of today's business processes and information systems. IBM mainframe systems have long been designed with the need for encryption in mind. IBM has offered hardware-based cryptographic processors for its mainframe computers for nearly three decades.

Today's IBM zEnterprise EC12 (zEC12) server offers a number of standard and optional hardware-based encryption features to satisfy nearly all customer application encryption requirements. In addition, System z hardware and software provide higher performance, greater physical security, and the features necessary to easily manage the cryptographic configuration in a manner that is integrated with the other System z management facilities.

The cryptographic hardware available on zEnterprise EC12 includes the following features:

• Central Processor Assist for Cryptographic Functions (CPACF)
• Crypto Express4S
• Trusted Key Entry (TKE) workstation
• Smart Card Reader
• Smart Cards

Central Processor Assist for Cryptographic Function

The Central Processor Assist for Cryptographic Function (CPACF) is available on every processor unit defined as a central processor (CP). It provides a set of symmetric cryptographic functions that enhance the encryption and decryption performance of clear-key operations for Secure Sockets Layer (SSL), Virtual Private Network (VPN), and data storing applications not requiring a high level of security such as Federal Information Processing Standard (FIPS) 140-2 Security Level 4.

CPACF is explicitly enabled using a no-charge enablement feature (#3863). Secure hash algorithms (SHA-1, SHA-224, SHA-256, SHA-384, and SHA-512) are shipped enabled on all servers with processor units (PUs) defined as CPs, IFLs, zIIPs, or zAAPs.

The CP Assist for Cryptographic Function offers:

• For data privacy and confidentiality
  • Data Encryption Standard (DES)
  • Triple Data Encryption Standard (TDES)
  • Advanced Encryption Standard (AES) for 128-bit, 192-bit, and 256-bit keys
• For data integrity
  • Secure Hash Algorithms
  • SHA-1: 160 bit
  • SHA-2: 224, 256, 384, and 512 bit
• For message authentication codes (MAC)
  • Single-length key MAC
  • Double-length key MAC

Support for CPACF can be invoked using the Integrated Cryptographic Service Facility (usted Key Entry enhancemeICSF). ICSF is a component of z/OS® , and is designed to transparently use the available cryptographic functions, whether CPACF or Crypto Express4S, to balance the workload and help address the bandwidth requirements of your applications.

Please go to www.ibm.com/support/techdocs and search on ICSF for information on the latest versions of ICSF.

CPACF is supported by z/OS, z/TPF, z/VM, z/VSE, and Linux on System z.

Crypto Express4S feature

Crypto Express4S represents the newest-generation cryptographic feature and is designed to complement the cryptographic capabilities of the CPACF. This new feature resides in the Peripheral Component Interconnect Express Generation 2 (PCIe Gen2) I/O drawer, a native PCIe Gen2 environment first introduced in July of 2011.

The Crypto Express4S feature, with one PCIe adapter per feature, has been designed to provide port granularity for increased flexibility. Crypto Express4S remains a tamper-sensing and tamper-responding, programmable cryptographic feature providing a secure cryptographic environment. It continues to support all of the cryptographic functions available on the Crypto Express3 feature.

Crypto Express4S PCIe adapter - a coprocessor or an accelerator

The PCIe adapter contains a tamper-resistant hardware security module. It can be configured in one of three ways using the Hardware Management Console (HMC) panels:

1. IBM Common Cryptographic Architecture (CCA) coprocessor
2. IBM Enterprise PKCS #11 (EP11) coprocessor
3. Accelerator

When the PCIe adapter is configured as a coprocessor, it supports the following:

• Secure key transactions
• Federal Information Processing Standard (FIPS) 140-2 Security Level 4 certification
• User-defined extension (UDX) services to implement custom cryptographic functions and algorithms (applies only when configured as an IBM CCA coprocessor)

When the PCIe adapter is configured as an accelerator, it is optimized for the following:

• Secure Sockets Layer (SSL) acceleration and clear key RSA operations.

The Crypto Express4S feature is exclusive to the IBM zEnterprise EC12 environment. It is supported by z/OS , z/VM , z/VSE , z/TPF, and Linux on System z

IBM Enterprise PKCS #11 (EP11). A new configuration option is available when defining the Crypto Express4S feature as a coprocessor. This option, called IBM Enterprise Public-Key Cryptography Standards (PKCS) #11 (EP11), is designed to provide open industry-standard cryptographic services. EP11 is based on PKCS #11 specification v2.20 and more recent amendments that leverage the IBM Crypto Express4S feature and provide enhanced firmware capabilities. This firmware is designed to meet the rigorous FIPS 140-2 Security Level 4 and Common Criteria EAL 4+ certifications. The new Crypto Express4S configuration option is designed to meet public sector and European Union requirements where standardized crypto services and certifications are needed.

EP11 supports secure PKCS #11 keys. Secure PKCS #11 keys that never leave the secure boundary of the coprocessor unencrypted. The prior PKCS #11 implementation, which supported only clear keys, was provided by z/OS. Key protection was accomplished solely by Resource Access Control Facility (RACF®) dataset protection. Now with EP11, keys can be generated and securely wrapped under the EP11 Master Key, all within the bounds of the coprocessor. Thus, EP11 provides enhanced security qualities when using PKCS #11 functions.

EP11 is exclusive to IBM zEnterprise EC12 and is supported by z/OS and z/VM.

Common Cryptographic Architecture (CCA) enhancements. When the Crypto Express4S PCIe adapter is configured as a CCA coprocessor the following new cryptographic enhancements are supported:

• Improved wrapping key strength. In order to comply with current cryptographic standards, including ANSI X9.24 Part 1 and PCI-HSM, a key must not be wrapped with a key weaker than itself. Many CCA verbs allow the client to select the key wrapping key. With this release, CCA allows you to configure the coprocessor to ensure that your system meets these key wrapping requirements. It can be configured to respond in one of three ways when a key is wrapped with a weaker key: ignore weak wrapping (the default), complete the requested operation but return a warning message, or prohibit weak wrapping altogether.

This Crypto function is exclusive to IBM zEnterprise EC12 and is supported by z/OS and z/VM.

• DUKPT for Message Authentication Code (MAC) and encryption keys. Derived Unique Key Per Transaction (DUKPT) is defined in the ANSI X9.24 Part 1 standard. It provides a method in which a separate key is used for each transaction or other message sent from a device. This makes it so that an attacker who is able to discover the value of a key would only be able to gain information about a single transaction and not about any that preceded it or that follow it. The keys are derived from a base key that is initially loaded into the device, but then erased as soon as the first keys are derived from it. Those keys, in turn, are erased as subsequent keys are derived.

The original definition of DUKPT only allowed derivation of keys to be used in encryption of personal identification number (PIN) blocks. The purpose was to protect PINs that were entered at a point-of-sale (POS) device and then sent to a host system for verification. Recent versions of X9.24 Part 1 expanded this so that DUKPT can also be used to derive keys for MAC generation and verification, and for data encryption and decryption. Three separate variations of the DUKPT key derivation process are used so that there is key separation between the keys derived for PIN, MAC, and encryption purposes.

This Crypto function is exclusive to IBM zEnterprise EC12 and is supported by z/OS and z/VM.

• Secure Cipher Text Translate2 (CTT2). CTT2 is a new data encryption service that takes as input data encrypted with one key and returns the same data encrypted under a different key. This service has the advantage that it provides the ability to securely change the encryption key for cipher text without exposing the intermediate plain text. The decryption of data and reencryption of data happens entirely inside the secure module on the Crypto Express4S feature.

This Crypto function is exclusive to IBM zEnterprise EC12 and is supported by z/OS and z/VM.

• Compliance with new random number generation standards. The standards defining acceptable methods for generating random numbers have been enhanced to include improved security properties. The Crypto Express4S coprocessor function has been updated to support methods compliant with these new standards. Now, random number generation in the Crypto Express4S feature when defined as a coprocessor conforms to the Deterministic Random Bit Generator (DRBG) requirements defined in NIST Special Publication 800-90/90A, using the SHA-256 based DRBG mechanism. The methods in these NIST standards supersede those previously defined in NIST FIPS 186-2, ANS X9.31, and ANS X9.62. With these improvements, client applications can help to meet the timeline outlined in Chapter 4 of NIST SP800-131 for switching to the new methods and ceasing use of the old methods.

This Crypto function is exclusive to IBM zEnterprise EC12 and is supported by z/OS and z/VM.

• CCA Enhancements for applications supporting American Express EMV cards. Two changes have been made to the CCA application programming interface (API) to help improve support of payment card applications for American Express EMV cards. The Transaction_Validation service is used to generate and verify American Express card security codes (CSCs). This release adds support for the American Express CSC version 2.0 algorithm. The PIN_Change/Unblock verb is used for PIN maintenance. It prepares an encrypted message portion for communicating an original or replacement PIN for an EMV smart card. The verb embeds the PINs in an encrypted PIN block using information supplied. With this CCA enhancement, PIN_Change/Unblock adds support for the message format used to change or unblock the PIN on American Express EMV cards.

This crypto function is available on IBM zEnterprise EC12 and select z196, z114, z10™, and z9® servers and is supported by z/OS and z/VM.

Trusted Key Entry enhancements

The following functions are supported in the Trused Key Entry (TKE) 7.2 LIC:

Support for the Crypto Express4S feature when the PCIe adapter is configured as an EP11 coprocessor. The TKE workstation is required in order to manage a Crypto Express4S feature that is configured as an EP11 coprocessor. The TKE smart card reader (#0885) is mandatory. Two items must be placed on the new smart cards:

1. Master key material: The Crypto Express4S feature has unique master keys for each domain. The key material must be placed on a smart card before the key material can be loaded.
2. Administrator signature keys: When commands are sent to the Crypto Express4S feature, they must be signed by administrators. Administrator signature keys must be on smart cards.

Support for the Crypto Express4S feature when the PCIe adapter is configured as a CCA coprocessor. Crypto Express4S (defined as a CCA coprocessor) is managed in the same way as any other CCA-configured coprocessors. A Crypto Express4S can be in the same crypto module group or domain group as a Crypto Express4S, Crypto Express3, and Crypto Express2 feature.

New Data Encryption Standard (DES) operational keys. Four new DES operational keys can be managed from the TKE workstation (#0841). The key types are:

• CIPHERXI
• CIPHERXL
• CIPHERXO
• KEYGENKY (DUKPT)

The new keys are managed the same way as any other DES operational key.

New Advanced Encryption Standard (AES) CIPHER key attribute. A new attribute, "key can be used for data translate only," can now be specified when creating an AES CIPHER operational key part.

Creation of corresponding keys. There are some cases where operational keys need to be loaded to different host systems to serve an opposite purpose. For example, one host system needs an exporter key encrypting key; another system needs a corresponding importer key encrypting key with the same value. The TKE workstation now allows nine types of key material to be used for creating a corresponding key.

Support for four smart card readers. The TKE workstation supports two, three, or four smart card readers when smart cards are being used. The additional readers were added to help reduce the number of smart card swaps needed while managing EP11-configured coprocessors. EP11 can be managed with only two smart card readers. CCA-configured coprocessors can be managed with three or four smart card readers.

Back to top

Learn more

IBM zEnterprise EC12 Performance of Cryptographic Operations (206KB)