ata encryption for databases; understanding the crypto hardware

IBM ^ zSeries Technical Training

© 2006 IBM CorporationIBM Advanced Technical Support

Data Encryption for Databases : Understanding the Crypto Hardware Support

Marilyn Allmond

zSeries Sales and Technical Education

© 2006 IBM Corporationz9XX Crypto | MarilynAllmond | Wahington Systems Center

The following are trademarks of the International Business Machines Corporation in the United States and/or other countries.

The following are trademarks or registered trademarks of other companies.

* Registered trademarks of IBM Corporation

* All other products may be trademarks or registered trademarks of their respective companies.

Linux is a registered trademark of Linus TorvaldsPenguin (Tux) compliments of Larry EwingJava and all Java-related trademarks and logos are trademarks of Sun Microsystems, Inc., in the United States and other countriesUNIX is a registered trademark of The Open Group in the United States and other countries.Microsoft, Windows and Windows NT are registered trademarks of Microsoft Corporation.SET and Secure Electronic Transaction are trademarks owned by SET Secure Electronic Transaction LLC.Intel, Intel Inside (logos), MMX and Pentium are trademarks of Intel Corporation in the United States, other countries, or both.

Notes : Performance is in Internal Throughput Rate (ITR) ratio based on measurements and projections using standard IBM benchmarks in a controlled environment. The actual throughput that any user will experience will vary depending upon considerations such as the amount of multiprogramming in the user's job stream, the I/O configuration, the storage configuration, and the workload processed. Therefore, no assurance can be given that an individual user will achieve throughput improvements equivalent to the performance ratios stated here. IBM hardware products are manufactured from new parts, or new and serviceable used parts. Regardless, our warranty terms apply.All customer examples cited or described in this presentation are presented as illustrations of the manner in which some customers have used IBM products and the results they may have achieved. Actual environmental costs and performance characteristics will vary depending on individual customer configurations and conditions.This publication was produced in the United States. IBM may not offer the products, services or features discussed in this document in other countries, and the information may be subject to change without notice. Consult your local IBM business contact for information on the product or services available in your area.All statements regarding IBM's future direction and intent are subject to change or withdrawal without notice, and represent goals and objectives only.Information about non-IBM products is obtained from the manufacturers of those products or their published announcements. IBM has not tested those products and cannot confirm the performance, compatibility, or any other claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products.

Prices subject to change without notice. Contact your IBM representative or Business Partner for the most current pricing in your geography.

Trademarks

AIX*AIX/ESA*C/MVSC/370CICS*CICS/ESA*CICS/MVS*COBOL/370

Database 2DB2*DB2 ConnectdeveloperWorks*DFSMS/MVS*DFSMSdfpDFSMSdssDFSMShsm

e-business logo*e(logo)server*ESCONFICON*ibm.com*IBMLinkMQSeries*Multiprise*

MVSMVS/DFPMVS/ESAOS/2*OS/2 WARP*OS/390*Parallel Sysplex*Processor Resource/Systems ManagerPR/SMRACF*

Resource LinkRMFS/390*S/390 Parallel Enterprise ServerWebSphere*z/Architecturez/OS*z/VM*zSeries*

MasterCard is a registered trademark of MasterCard InternationalRSA BSAFE is a registered trademark of RSA Data SecurityRSA is a registered trademark of RSA Inc.Visa is a register trademark of Visa international

04/04/06 1-2 of 15



Discussion Topics

Drivers and Need Where basic understanding of industry (client) requirements can lead to more opportunity

Product History

Product Overviews

Product Setup

Things to Watch and Prepare (Educate the Client) for Success

Things that make Bumps in the Night

Product Requirements

Comments from Those Who Have Gone Before



Data Encryption Driven by Demand: Driven by Law

Health Insurance Portability and Accountability Act (HIPAA) of 1996CA's Pers Info Prot & Elec Doc ActGraham-Leach-Bliley Act of 1999 (GLBA)

Solutions targeting requirements driven bySarbanes-Oxley (SOX) UK's Data Protection ActSEC 17a-4 Privacy Act

Not perfect, any solution has challenges in this environmentPerformance overheadKey managementApplication changes

IBM Database solutions address part of the needTie with comprehensive understanding and very good consulting skills and knowledgeManagement acceptance of responsibility for risk and asset definition and balance Consulting opportunity lead that can be introduced during product sale and implementation cycle

Key maintenanceArchival requirements & issuesDisaster recovery issues

04/04/06 3-4 of 15



Is Only Encryption Needed

By examining the various regulatory legislation and industry mandates (not all that may be applicable are mentioned) certain cryptographic and/or other security mechanisms can be found. With those other mechanisms you can

Strengthen the case for one or more of the IBM database encryption solutionsDrive need for additional server processing Plant the seeds for future opportunities or the enhancement of the one being addressed

Where to find some of these documents?A quick Google search using the legislative name and overview usually provides a good list from which to select - further define by including org as a keyword

http://www.isaca.org/AMTemplate.cfm?Section=Sarbanes-Oxley2&Template=/ContentManagement /ContentDisplay.cfm&ContentID=11247http://www.ziplip.com/solutions/SARBOX.htmlhttp://www.deloitte.com/dtt/cda/doc/content/Sarbanes%20Oxley%20Act%202002.pdfhttp://techrepublic.com.com/5100-10878_11-5034345.html



Brief Look at the Some of the Legislative Requirements

Sarbanes-Oxley (SOX)requires internal controls on information to ensure completeness, correctness, and quick access

addresses the deliberate alteration or destruction of a record or document with the intent to obstruct an investigationrequires that strict records retention policies and procedures existdictates publicly traded companies must have policies and controls in place to secure, document, and process material information dealing with their financial results

Health Insurance Portability and Accountability Act (HIPPA) must guard “confidentiality, integrity & availability” of individual health data.To accomplish this, each provider is required to meet three conditions:

Must “assess potential risks and vulnerabilities to the individual health data in its possession” …Must …“develop, implement, and maintain appropriate security measures”

IntegrityAvailabilityConfidentiality

Must insure these measures are “documented and kept current”

04/04/06 5-6 of 15



Brief Look at the Some of the Legislative Requirements . . .

Graham-Leach-Bliley Act (GLBA)Both non-public and public information must be protected

insure the security and confidentiality of customer records and information; protect against any anticipated threats or hazards to the security or integrity of such records; and protect against unauthorized access to or use of such records or information which could result in substantial harm or inconvenience

Data should be encrypted in storage and in transit

European Union legislation addresses similar safeguards as HIPPA

Basel II addresses similar safeguards as GLBA

Summary : All Legal Directives include requirements to protect personal data against

accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access



Data Encryption History on IBM Mainframes for Databases

Application enablers allowed clients to code confidentiality into applications where needed

First wave includedProgrammed Cryptographic Facility (PCF)Customer Unit Support Program (CUSP) and its hardware, 3848IDCAMS REPRO

Second wave includedTransaction Security System family of productsICSF and ICRF (first versions of S/390 crypto hardware with ICSF)ICSF and CCF (second version of S/390 and zSeries crypto hardware)

Third wave included4758 PCI CoprocessorPCICC, PCICA (second version of S/390 and zSeries crypto hardware)

Fourth wave includes PCIXCC and Crypto Express2

04/04/06 7-8 of 15



IBM Data Encryption Solutions for Databases Beyond Application Enablers

Data Encryption for IMS and DB2 Databases First Edition

Offered as PRPQ, 5799-GWD

Announced December 2002

Implemented encryption via Segment Edit/Compression exit and EDITPROC exit, respectively (1 exit per database type)

Supported IMS V6 and DB2 V6 and later

Used secure key thus requiring secure crypto hardware

Data Encryption for IMS and DB2 Databases Second Edition

Offered as product, 5655-P03

Released as Version 1 Release 1 in the February 2003

same as above

Pub update done in March 2004, SC18-7336-01



IBM Data Encryption Solutions for Databases Beyond Application Enablers . . .

Data Encryption for IMS and DB2 Databases Third Edition

Offered as product, 5655-P03 FMID(H29F110)

Released as Version 1 Release 1 updated in the September 2004

same as above (2 exits per database type)

Uses secure key OR new clear key

DB2 Version 8

Offers data encryption through built-in functions

Allows column encryption rather than row encryption

Requires change to column definitions for targeted data

May encrypt data using 2 methodsDefining encryption at the column levelDefining encryption at the value level

Encryption key is referred to as PASSWORD in DB2 Admin Guide

04/04/06 9-10 of 15



Data Encryption for IMS and DB2 (Emphasis on DB2)

DB2 Databases Implemented via EDITPROC exit

DECENC00DECENA00

Specified in the EDITPROC clause of the SQL CREATE TABLE statement

IMS DatabasesImplemented via Segment/Compression exit

DECENC01DECENA01

Specified in the DBD COMPRTN parameter

The DECENC0n routines exploit secure key crypto via ICSF services, CSNBENC and CSNBDECThe DECENA0n routines exploit clear key crypto (CPACF)

DB2 uses the problem state instruction (KMC)IMS uses the ICSF APIs, CSNBSYE and CSNBSYD

secure key implemented

clear key implementedsecure key implemented

clear key implemented




These exits must initially encrypt the database and Are used in future calls where an application processes a table or segment for which encryption or decryption has been specified.Data stays encrypted during channel I/O, when the DBMS gains control it invokes the exit to decrypt based on read processing or encrypt based on write processingISPF panel interface to assist in setting up JCL parameters for exit creation or use SAMPLIB JCL samplesThe JCL will link-edit the product-supplied exit into the user's exit library The JOB takes the encryption key indicated by label in the JCL and stores it in the exitOnce installed existing objects need to be unloaded, redefined, and reloaded

04/04/06 11-12 of 15




Data Encryption for IMS and DB2 Databases Third EditionOffered as product, 5655-P03Released as Version 1 Release 1 updated in the September 2004same as above (2 exits per database type)Used secure key OR new clear key Encrypts at row level

DB2 Version 8Offers data encryption through built-in functionsAllows column encryption rather than row encryptionRequires change to column definitions for targeted dataMay encrypt data using 2 methods

Defining encryption at the column levelDefining encryption at the value level

Encryption key is referred to as PASSWORD in DB2 Admin Guide



General Limitations to Consider

Using encryption and the IBM crypto hardware requires knowledge of the relationships between the ICSF calls (software service requests) and the various types of crypto hardware

3 methods of requesting encryptionCSNBENC requires CCF or PCIXCC or Crypto Express2 configured as a coprocessor, ICSF active, & Master Keys loadedCSNBSYE requires CPACF which is only available on z990/890 and higher servers, ICSF active, & Master Keys loadedProblem state machine instruction where only the Key Record Read is the only ICSF API used requires CPACF

CSNBSYE and the problem state machine instruction references a different key than one that is referenced with CSNBENC

64 bytes of label padded with blanks + 8 bytes of key typeMust have unique key label

ICSF

DB2KEY.....DATA

DB2KEY.....CLRDES

Secure

Clear CPACF

CCF, CEX2 PCIXCC

04/04/06 13-14 of 15



General Limitations to Consider . . .

Performance varies but is faster than software encryptionUsing CPACF with clear key functions is fastestUsing Secure key on CCF systems is faster than on PCIXCC and CEX2 systems

Storage time for database backups and impact of key lifeICSF is a single address space shared by other users on z/OSWhen using multiple keys for different tables/segments the DBA or data owners need to ensure the longevity of keys associated with backup data and/or create a process to change keysCannot encrypt DB2 indexes so may need to change table structuresUsing encryption means managing data in 8 bytes or multiple of 8 so tables may need to expandUse of compression will be impacted

DB2 compression is done after encryption which has no benefitIMS can only do compression OR encryption not both



General Limitations to Consider . . .

Only one exit of either database can be associated with a segment or table at one time, if any exit exists alternative code will be required

What cannot be encryptedIMS: HIDAM index databases DB2: Indexes Tables with ROWIDs or LOBs

These exits must have APF authorization ICSF settings can influence performance (CHECKAUTH, KEYAUTH)

If CKDS is initialized on z990/890 or z9 and the DR processor is an earlier processor, the CKDS will not work

IMS: a different encryption key may exist for different segments, each segment will have its own exit association

DB2: only 1 key may exist

04/04/06 15-16 of 15



Server Type

IMS Tool Exit Name

DB2 Tool Exit Name

Crypto HW Reqd SW Reqd Special

PTFs

S/390 DECENC01 DECENC00 CCF

IMS V6 or laterDB2 UDB Server for OS/390 V6 or laterICSF

zSeries z900/800 DECENC01 DECENC00 CCF


zSeries z990/890

DECENC01DECENA01

DECENC00DECENA00

PCIXCC (0868) or

CEX2

CPACF (3863)

IMS V6 or later

DB2 UDB Server for OS/390 V6 or laterICSF HCR770A/0B/20/30

UK00049

UA156__ 77/78/79

zSeries z9

DECENC01DECENA01

DECENC00DECENA00

PCIXCC (0868) or

CEX2

CPACF(3863)

IMS V6 or later


UK00049

UA156__ 77/78/79

IBM Data Encryption Tool: HW & SW Assurance Chart



Server Type

IMS Tool Exit Name

DB2 Tool Exit Name

Crypto HW Reqd SW Reqd Special

PTFs

zSeries z900/800 and earlier

DECENC01 DECENC00 CCF


zSeries z990/890 and z9

DECENC01DECENA01

DECENC00DECENA00

PCIXCC (0868) or

CEX2

CPACF (3863)

IMS V6 or later


UK00049

UA156__ 77/78/79

IBM Data Encryption Tool: Usage Assurance

Address DR implicationsMachine type impact (CPACF or secure key)Key availability (CKDS key storage and CKDS accessibility)Naming convention for key labels Storage and archiving requirementsAccountability issuesPerformance

04/04/06 17-18 of 15



IBM Data Encryption for IMS and DB2

DocumentationIBM Data Encryption for IMS and DB2 Databases User ’s Guide

V1R1, SC18-7336-02

For enciphered data to be processed else where the other machine must have crypto capability and access to same key value as used to encrypt that data

Tested in DB2 and IMS environments ensure compatibility with all interfaces



IMS Exit Processing

IMS EncryptionProgram passes a segment REPL, ISRT, or LOAD request to IMS control regionIMS determines, using the DBD, that a Segment Edit/Compression exit is required IMS loads and calls the exit, passing it the unencrypted segment Exit invokes ICSF services IMS puts the encrypted segment into the database

IMS DecryptionIMS application program passes segment GET request to the IMS control region IMS determines, from the DBD, that a Segment Edit/Compression exit is required IMS loads and calls the exit, passing it the encrypted segment Exit invokes ICSF services IMS passes the decrypted segment back to the application

04/04/06 19-20 of 15



DB2 Exit Processing

DB2 EncryptionDB2 application program passes a row to DB2.DB2 determines, by presence of EDITPROC on the table, exit is required DB2 loads and calls the exit, passing it the unencrypted row Exit invokes ICSF services DB2 puts the encrypted row into the table

DB2 DecryptionDB2 application program requests data from DB2 DB2 determines, by presence of EDITPROC on the table, exit is required DB2 loads and calls the exit, passing it the unencrypted row Exit invokes ICSF services DB2 passes the decrypted row back to the application



Prerequisites for Use

Required Crypto hardware must be activated CCF and PCIXCC

Configuration loadedLPAR associations must be madeMaster Keys must be loaded

CPACF must be enabled via Feature Code 3863

Required SoftwareIMS Version 6 or higher, and/or DB2 for OS/390 Version 6 or higherICSF must be activated

Base element of z/OS and OS/390Key(s) to be used for data protection must be defined

Security issue!!Do not look for step-by-step directionsShould understand this process in order to explain decisions to auditorsShould understand crypto concepts and IBM Crypto

04/04/06 21-22 of 15



Generic Installation Steps for DE for IMS and DB2

Set up and validate crypto hardwareValidate? If from ICSF menu, Utility option for Random Number works, ICSF and secure crypto hardware works

Generate and then store (in the CKDS) a triple DES encryption key for use

Use ICSF Key Generation Utility Program, KGUPRead ICSF Administrator's Guide

Build the IMS or DB2 user exit, specifying the key name defined in step aboveBack up your data

Unload your data

Create/install the exit

Reload the data, during which process the data is encrypted Validate your output



Specific Exit Installation Notes

IMS Provides sample job DECIMSJB in PDS smphlq.SDECSAMP

DB2Provides sample job DECDB2JB in PDS smphlq.SDECSAMP

Generic to either database Replace the yyyyyyyyyy (at the end of the job) with encryption key label built by the security analyst Also, provides an alternate in the form of a panel interface to create the user exit

ex ’smphlq.SDECCEXE(DECENC04)’’smphlq ’

For a more user-friendly key entry process allowing key knowledge separation use

PRS189 ICSF Key Part Entry Sample Application for ISPF Panels from www.ibm.com/support/techdocs

04/04/06 23-24 of 15



Brief Highlight of Crypto in DB2 V8

Provides encryption at column and cell or value level

Provides basic keywords to control the encrypt/decrypt processENCRYPT to encrypt dataDECRYPT_BIT

SET ENCRYPTION PASSWORD statement allows the entry of a password and a hint

Password is used to create keyPassword or key is stored in DB2 along with hint if providedUse SELECT GETHINT statement to recover hint

DB2 V8 requires a zSeries ProcessorDocumentation found in

DB2 V8 Administration Guide, SC18-7413-01, Chapter 9

DECRYPT_CHARDECRYPT_DB



Summary

Not an integrated solution but well tested and is the best aroundReplaces the EDITPROC code providing encryption that may have been obtained earlier and was 'AS IS' Requires no application changes

Data base changes may need to occurEnsure targeted data will be protected may need to rearrange dataAdjustments for data base product restrictions or considerations

Understanding IBM Crypto will be crucial to adhering to the regulations/requirements driving this solution

Weigh the options availableNot every segment or table needs to be encryptedEvaluate need for

Encryption/decryption in cross-platform and/or sysplex environmentsDisaster Recovery

04/04/06 25-26 of 15

ata encryption for databases; understanding the crypto hardware

Documents