Cryptography concepts

 

This topic provides a basic understanding of cryptographic function and an overview of the cryptographic services for the systems running the i5/OS^® operating system.

 

Cryptography

Cryptographic services help ensure data privacy, maintain data integrity, authenticate communicating parties, and prevent repudiation (when a party refutes having sent a message).

Basic encryption allows you to store information or to communicate with other parties while preventing non-involved parties from understanding the stored information or understanding the communication. Encryption transforms understandable text (plaintext) into an unintelligible piece of data (ciphertext). Decryption restores the understandable text from the unintelligible data. Both functions involve a mathematical formula (the algorithm) and secret data (the key).

 

Cryptographic algorithms

There are two types of cryptographic algorithms:

1. With a secret or symmetric key algorithm, the key is a shared secret between two communicating parties. Encryption and decryption both use the same key. The Data Encryption Standard (DES) and the Advanced Encryption Standard (AES) are examples of symmetric key algorithms.

   There are two types of symmetric key algorithms:

   Block ciphers

   In a block cipher, the actual encryption code works on a fixed-size block of data. Normally, the user's interface to the encrypt/decrypt operation will handle data longer than the block size by repeatedly calling the low-level encryption function. If the length of data is not on a block size boundary, it must be padded.

   Stream ciphers

   Stream ciphers do not work on a block basis, but convert 1 bit (or 1 byte) of data at a time.

2. With a public key (PKA) or asymmetric key algorithm, a pair of keys is used. One of the keys, the private key, is kept secret and not shared with anyone. The other key, the public key, is not secret and can be shared with anyone. When data is encrypted by one of the keys, it can only be decrypted and recovered by using the other key. The two keys are mathematically related, but it is virtually impossible to derive the private key from the public key. The RSA algorithm is an example of a public key algorithm.

   Public key algorithms are slower than symmetric key algorithms. Applications typically use public key algorithms to encrypt symmetric keys (for key distribution) and to encrypt hashes (in digital signature generation).

Together, the key and the cryptographic algorithm transform the data. All of the supported algorithms are in the public domain. Therefore it is the key that controls access to the data. You must safeguard the keys to protect the data.

 

Cryptographic operations

Different cryptographic operations may use one or more algorithms. You choose the cryptographic operation and algorithm(s) depending on your purpose. For example, for the purpose of ensuring data integrity, you might want to use a MAC (message authentication code) operation with the AES algorithm.

The system provides several API sets that support cryptographic operations. See the System cryptography overview information at the bottom of this topic for more information.

 

Data privacy

Cryptographic operations for the purpose of data privacy (confidentiality) prevent an unauthorized person from reading a message. The following operations are included in data privacy:

Encrypt and Decrypt

The encrypt operation changes plaintext data into ciphertext through the use of a cipher algorithm and key. To restore the plaintext data, the decrypt operation must employ the same algorithm and key.

Encryption and decryption may be employed at any level of the operating system. There are three levels:

Field level encryption

With field level encryption, the user application explicitly requests cryptographic services. The user application completely controls key generation, selection, distribution, and what data to encrypt.

Session level encryption

With encryption at the session layer, the system requests cryptographic services instead of an application. The application may or may not be aware that encryption is happening.

Link level encryption

Link level encryption is performed at the lowest level of the protocol stack, usually by specialized hardware.

The Cryptographic Coprocessors and the 2058 Cryptographic Accelerator may be used for both field level encryption and Secure Sockets Layer (SSL) session establishment encryption. While VPN is supported in i5/OS, it does not use either coprocessor or the accelerator. Furthermore, the system does not support SNA session level encryption at all.

Translate

The translate operation decrypts data from encryption under one key and encrypts the data under another key. This is done in one step to avoid exposing the plaintext data within the application program.

 

Data integrity, authenticity, and non-repudiation

Encrypted data does not mean the data can not be manipulated (e.g. repeated, deleted, or even altered). To rely on data, you need to know that it comes from an authorized source and is unchanged. Additional cryptographic operations are required for these purposes.

Hash (Message Digest)

A cryptographic hash operation produces a fixed-length output string (often called a digest) from a variable-length input string. For all practical purposes, the following statements are true of a good hash function:

• Collision resistant: If any portion of the data is modified, a different hash will be generated.

• One-way: The function is irreversible. That is, given a digest, it is not possible to find the data that produces it.

These properties make hash operations useful for authentication purposes. For example, you can keep a copy of a digest for the purpose of comparing it with a newly generated digest at a later date. If the digests are identical, the data has not been altered.

MAC (Message Authentication Code)

A MAC operation uses a secret key and cipher algorithm to produce a value (the MAC) which later can be used to ensure the data has not been modified. Typically, a MAC is appended to the end of a transmitted message. The receiver of the message uses the same MAC key, and algorithm as the sender to reproduce the MAC. If the receiver's MAC matches the MAC sent with the message, the data has not been altered.

The MAC operation helps authenticate messages, but does not prevent unauthorized reading because the transmitted data remains as plaintext. You must use the MAC operation and then encrypt the entire message to ensure both data privacy and integrity.

HMAC (Hash MAC)

An HMAC operation uses a cryptographic hash function and a secret shared key to produce an authentication value. It is used in the same way a MAC is used.

Sign/Verify

A sign operation produces an authentication value called a digital signature. A sign operation works as follows:

1. The data to be signed is hashed, to produce a digest.

2. The digest is encrypted using a PKA algorithm and a private key, to produce the signature.

The verify operation works as follows:

1. The signature is decrypted using the sender's PKA public key, to produce digest 1.

2. The data that was signed is hashed, to produce digest 2.

3. If the two digests are equal, the signature is valid.

Theoretically, this also verifies the sender because only the sender should posses the private key. However, how can the receiver verify that the public key actually belongs to the sender? Certificates are used to help solve this problem.

 

Key and random number generation

Many security-related functions rely on random number generation, for example, salting a password or generating an initialization vector. An important use of random numbers is in the generation of cryptographic key material. Key generation has been described as the most sensitive of all computer security functions. If the random numbers are not cryptographically strong, the function will be subject to attack.

The i5/OS operating system contains a pseudorandom number generator (PRNG). The PRNG is used by many system functions and is available for application use through the Cryptographic Services API set.

The PRNG is composed of two parts: pseudorandom number generation and seed management. Pseudorandom number generation is performed using the FIPS 186-1 algorithm. Cryptographically strong pseudorandom numbers rely on good seed. The FIPS 186-1 key and seed values are obtained from a system seed digest. The system automatically generates seed using data collected from system information or by using the random number generator function on a cryptographic coprocessor if one is available. System-generated seed can never be truly unpredictable. If a cryptographic coprocessor is not available, you should add your own random seed to the system seed digest. This should be done as soon as possible any time the Licensed Internal Code is installed.

 

Key management

Key management is the secure handling and storage of cryptographic keys. This includes key storage and retrieval, key encryption and conversions, and key distribution.

Key storage

Key storage on the system includes the following:

• Cryptographic Services key store

• Digital certificate manager certificate store

• CCA key store (used with the Cryptographic Coprocessors)

• JCE key store

In addition, keys can also be stored on the Cryptographic Coprocessors themselves.

Key Encryption and Conversions

Keys must be encrypted prior to sending or storing them outside the secured system environment. In addition, keys should be handled in encrypted form within the system as much as possible to reduce the risk of exposure. The management of encrypted keys is often done via a hierarchical key system.

• At the top is a master key (or keys). The master key is the only clear key value and must be stored in a secure fashion.

• Key-encrypting keys (KEKs) are used to encrypt other keys. Typically, a KEK is used to encrypt a stored key, or a key that is sent to another system. KEKs are normally encrypted under a master key.

• Data keys are keys used directly on user data (such as to encrypt or MAC). A data key may be encrypted under a KEK or under a master key.

Various uses of a key will require the key to be in different forms. For example, keys received from other sources will normally be converted to an internal format. Likewise, keys sent out of the system are converted to a standard external format before sending. Certain key forms are standard, such as an ASN.1 BER-encoded form, and others are peculiar to a cryptographic service provider, such as the Cryptographic Coprocessors.

Key Distribution

Typically, data encryption is performed using symmetric key algorithms. The symmetric keys are distributed using asymmetric key algorithms. Consider these examples:

• RSA - An RSA public key is used to encrypt a symmetric key which is then distributed. The corresponding private key is used to decrypt it.

• Diffie-Hellman - The communicating parties generate and exchange D-H parameters which are then used to generate key pairs. The public keys are exchanged and each party is then able to compute the symmetric key independently.

 

System cryptography overview

Cryptographic Service Providers

A cryptographic service provider (CSP) is the software or hardware that implements a set of cryptographic operations. The system supports several CSPs:

• 4758 Cryptographic Coprocessor

• 4764 Cryptographic Coprocessor

• 2058 Cryptographic Accelerator

• i5/OS LIC

• Java™ Cryptography Extensions

Cryptographic API sets

User applications can utilize cryptographic services indirectly via i5/OS functions such as SSL, VPN IPSec, and LDAP. User applications can also access cryptographic services directly via the following APIs:

• CCA

  The Common Cryptographic Architecture (CCA) API set is provided for running cryptographic operations on a Cryptographic Coprocessor.

• i5/OS Cryptographic Services

  The i5/OS Cryptographic Services API set is provided for running cryptographic operations within the Licensed Internal Code or optionally on the 2058 Cryptographic Accelerator.

• Java Cryptography

  Java Cryptography Extension (JCE) is a standard extension to the Java Software Development Kit.

• Network Authentication Service

  GSS (Generic Security Services), Java GSS, and Kerberos APIs are part of the Network Authentication Service which provides authentication and security services. These services include session level encryption capability.

• i5/OS SSL and JSSE

  i5/OS SSL and JSSE support the Secure Sockets Layer Protocol. APIs provide session level encryption capability.

• SQL

  Structured Query Language is used to access or modify information in a database. SQL supports encryption/decryption of database fields.

This table indicates what CSPs are used under each user interface.

Table 1. CSPs used under each user interface

CSP APIs	i5/OS LIC	JCE	4764 and 4758	2058
CCA			X
i5/OS Cryptographic Services	X			X
Java Cryptography		X
Network Authentication Service	X	X
i5/OS SSL and JSSE	X	X	X	X
SQL	X

 

Parent topic:

Cryptography

Related concepts
Initializing a key store file 4764 and 4758 Cryptographic Coprocessors 4764 and 4758 Cryptographic Coprocessors

Related information
Digital Certificate Manager Cryptographic Services API set Certificate Stores Java Cryptography Extension