presented by
DESCRIPTION
Presented by. RACF Administration Cryptography Catalog Management and Recovery Storage Management SMF Management Enterprise Password Reset and Sync. Offering software solutions worldwide for over 20 years. Your Presenter. Greg Thomason ASPG Technical Support. Greg Thomason - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Presented by](https://reader035.vdocuments.us/reader035/viewer/2022070502/56814d0b550346895dba447b/html5/thumbnails/1.jpg)
Presented by
![Page 2: Presented by](https://reader035.vdocuments.us/reader035/viewer/2022070502/56814d0b550346895dba447b/html5/thumbnails/2.jpg)
Offering software solutions worldwide for over 20 years
RACF Administration
Cryptography
Catalog Management and Recovery
Storage Management
SMF Management
Enterprise Password Reset and Sync
![Page 3: Presented by](https://reader035.vdocuments.us/reader035/viewer/2022070502/56814d0b550346895dba447b/html5/thumbnails/3.jpg)
Your Presenter
Greg ThomasonASPG Technical Support(800) 662-6090
Greg ThomasonASPG Technical Support
![Page 4: Presented by](https://reader035.vdocuments.us/reader035/viewer/2022070502/56814d0b550346895dba447b/html5/thumbnails/4.jpg)
Today’s Agenda
History
Terminology
Solving Business Problems
Standards for Implementation
Key Storage and Security
Performance
Interoperation
![Page 5: Presented by](https://reader035.vdocuments.us/reader035/viewer/2022070502/56814d0b550346895dba447b/html5/thumbnails/5.jpg)
What is Cryptography?
Cryptography is the process of securing data using encryption.
Encryption for Data Confidentiality
Digital Signatures for Signing and Verification
Hashing for Data Integrity
Parts of a Cryptographic SystemParts of a Cryptographic System
![Page 6: Presented by](https://reader035.vdocuments.us/reader035/viewer/2022070502/56814d0b550346895dba447b/html5/thumbnails/6.jpg)
Security Mandates• Sarbanes Oxley (SOX): Companies must retain and protect financial records.
• HIPAA: Ensures the protection of Personal Health Information.
• FERPA: Protection of Student Information.
• Graham Leach Bliley: Protection of customer transaction records/information.
• Payment Card Industry PCI: Merchants who store, process or transmit cardholder data must implement strong access control measures.
• California Security Breach Information Act: Protection of personal information and requires reporting of security breaches involving unencrypted data.
• Business-to-Business
• Personal Information Protection & Electronic Documents Act (PIPEDA): Canadian act that protects personal information.
• Personal Health Information Protection Act (PHIPA): Canadian law requires personal health information of patients to be held private, confidential and secure.
![Page 7: Presented by](https://reader035.vdocuments.us/reader035/viewer/2022070502/56814d0b550346895dba447b/html5/thumbnails/7.jpg)
Why Use Cryptography?
- Supplement Data Access Security
- When Access Protection is breached
- When Access Security is not available
- Additional benefits of cryptographic systems
![Page 8: Presented by](https://reader035.vdocuments.us/reader035/viewer/2022070502/56814d0b550346895dba447b/html5/thumbnails/8.jpg)
History“Classical” permutation and substitution
“Medieval” polyalphabetic substitution
1883 Playfair cipher (diagrammatic)
WWII Enigma Machine
1970’s: DES / RSA / Asymmetric
1990’s: PGP, Blowfish, SHA, SSL
2000’s AES, OpenPGP, OpenSSL
![Page 9: Presented by](https://reader035.vdocuments.us/reader035/viewer/2022070502/56814d0b550346895dba447b/html5/thumbnails/9.jpg)
TerminologyPlaintext:
Ciphertext:
Cryptanalysis:
Cryptology:
Algorithm:
Key:
Hash:
Fingerprint:
Original data
Encrypted plaintext
Breaking ciphertext
Branch of math for Cryptography
Mathematical Function
Data value used by an algorithm
Message digest of plaintext
A hash of a key
![Page 10: Presented by](https://reader035.vdocuments.us/reader035/viewer/2022070502/56814d0b550346895dba447b/html5/thumbnails/10.jpg)
Concepts
Cryptographic System
Key Management
A “cryptosystem” includes all of the protocols, algorithms, and keys used to encipher and decipher messages. Example: OpenPGP
Key Management includes any action that concerns your cryptographic keys: storage, access, generation, exchange, and replacement.Example: Key Import
![Page 11: Presented by](https://reader035.vdocuments.us/reader035/viewer/2022070502/56814d0b550346895dba447b/html5/thumbnails/11.jpg)
Methods for Encryption
Symmetric: Same key is used for Encryption and Decryption.
Asymmetric: Different “public and private” keys are used for Encryption and Decryption.
Symmetric: Same key is used for Encryption and Decryption.
Asymmetric: Different “public and private” keys are used for Encryption and Decryption.
Password Encryption Public Key Encryption
![Page 12: Presented by](https://reader035.vdocuments.us/reader035/viewer/2022070502/56814d0b550346895dba447b/html5/thumbnails/12.jpg)
Encryption Operations
Data at Rest
Data in Transit
Data in Process
Disk or Tape
Encryption of only specific sensitive files stored on disk or tape.
Encryption of data during a transfer.
Encryption routines added to your custom application.
Encryption of the entire disk or tape media regardless of data sensitivity.
Data at Rest Encryption of only specific sensitive files stored on disk or tape.
Data in Transit Encryption of data during a transfer.
Data in Process Encryption routines added to your custom application.
Disk or Tape Encryption of the entire disk or tape media regardless of data sensitivity.
![Page 13: Presented by](https://reader035.vdocuments.us/reader035/viewer/2022070502/56814d0b550346895dba447b/html5/thumbnails/13.jpg)
Implementing Encryption
Software Solutions Appliance Solutions
• Executed via Software Routines
• Many support HW Acceleration for cryptographic instructions
Pros:• Flexiblity• Recoverability• Compatibility• Interoperability
Cons:• Potential programming effort• Alter batch processing
• Executed at the storage device
• Dedicated processor for cryptographic instructions
Pros:• Minimal administration after initial setup.
Cons:• Data must be on the device• Lack openness / compatibility• Symmetric processing only
![Page 14: Presented by](https://reader035.vdocuments.us/reader035/viewer/2022070502/56814d0b550346895dba447b/html5/thumbnails/14.jpg)
Symmetric Encryption
Use a Password or “secret key”• Pros
– Very efficient use of CPU for larger files
• Cons– Key management/security
issues• Especially with large # of
business partners• Keys that decrypt data can
exist in more than one place
Same Key is Used to Encrypt and DecryptSame Key is Used to Encrypt and Decrypt
![Page 15: Presented by](https://reader035.vdocuments.us/reader035/viewer/2022070502/56814d0b550346895dba447b/html5/thumbnails/15.jpg)
Asymmetric Encryption
Public Key EncryptionPublic Key Encryption
A key owner generates a key pair.• Public Key
– Used for encryption only– Is exported from the key pair– Sent to users who will encrypt
• Private Key– Used for decryption– Securely stored by key owner– Never share the private key
![Page 16: Presented by](https://reader035.vdocuments.us/reader035/viewer/2022070502/56814d0b550346895dba447b/html5/thumbnails/16.jpg)
Hashing for Data IntegrityVerification that the data has not been modified
• Is created by processing cleartext using a Hashing algorithm
• If data has changed, the checksum will be different.
Checksum, Seal or Message Digest Checksum, Seal or Message Digest
![Page 17: Presented by](https://reader035.vdocuments.us/reader035/viewer/2022070502/56814d0b550346895dba447b/html5/thumbnails/17.jpg)
Digital Signatures for VerificationVerify the sender of the data that you decrypt
Sign with Private Key
Verify with Public Key
• Authentication when signing
• Sender is confirmed
Sign with Private Key
Verify with Public Key
![Page 18: Presented by](https://reader035.vdocuments.us/reader035/viewer/2022070502/56814d0b550346895dba447b/html5/thumbnails/18.jpg)
OpenPGPAn internet standard to define a protocol for PGP-like interoperation
Main features
• asymmetric and symmetric encryption
• digital signatures
• text compression
• binary to base-64 conversion
![Page 19: Presented by](https://reader035.vdocuments.us/reader035/viewer/2022070502/56814d0b550346895dba447b/html5/thumbnails/19.jpg)
Key Storage & SecurityOnly authorized users should access keys
User’s brain (password)
Shared secret (password in parts)
Key Encrypting Keys (GnuPG)
Key Control Vectors (ICSF)
Access permission (RACF)
Combinations of these
User’s brain (password)
Shared secret (password in parts)
Key Encrypting Keys (GnuPG)
Key Control Vectors (ICSF)
Access permission (RACF)
Combinations of these
![Page 20: Presented by](https://reader035.vdocuments.us/reader035/viewer/2022070502/56814d0b550346895dba447b/html5/thumbnails/20.jpg)
PerformanceFeatures that affect Cryptographic Performance
• Algorithm Type
• Amount of data to process
• Compression time
• Batch processing
• Available system resources
• Hardware Acceleration
• Algorithm Type
• Amount of data to process
• Compression time
• Batch processing
• Available system resources
• Hardware Acceleration
![Page 21: Presented by](https://reader035.vdocuments.us/reader035/viewer/2022070502/56814d0b550346895dba447b/html5/thumbnails/21.jpg)
Associated Tasks
• Compression / Decompression
• Tape resources
• Disaster Recovery
• Plaintext Encoding
• Ciphertext Encoding
• Training and Support
Issues that impact Operations
![Page 22: Presented by](https://reader035.vdocuments.us/reader035/viewer/2022070502/56814d0b550346895dba447b/html5/thumbnails/22.jpg)
Getting Started
• Create a Security Policy- Legal Requirements- Business Partners- What must be encrypted
• Trial and Acquire Products- Adherence to Standards- Interoperability / Compatibility- Free Tools and Enhancements
• Human Resources- Training- Hiring
Preparing for your Cryptography Project
• Create a Security Policy- Legal Requirements- Business Partners- What must be encrypted
• Trial and Acquire Products- Adherence to Standards- Interoperability / Compatibility- Free Tools and Enhancements
• Human Resources- Training- Hiring
![Page 23: Presented by](https://reader035.vdocuments.us/reader035/viewer/2022070502/56814d0b550346895dba447b/html5/thumbnails/23.jpg)
Your QuestionsContact ASPG for more information
Email: [email protected] [email protected]
Phone: (800) 662-6090