It is *theoretically* possible for someone with physical access to the
zSeries processor to open it up and install some customized hardware
that could intercept the clear key. Is that a reasonable risk for the
dats you need to protect, when weighed against the improved performance?
For most customers I would think so. But that is something customers
have to weigh for themselves - with the assistance of their friendly
neighborhood auditor!
Tim
On 4/26/2013 8:58 AM, Todd Arnold wrote:
So.. even though the protected key starts with the Crypto Express, it
wouldn't pass an audit for protection of card data?
Yes, it STARTS with the Crypto Express, but then the cleartext key is protected
by the fact that it is buried in the inaccessible System z hardware which
cannot be seen or probed by applications, the O/S, debug tools, etc. However,
regardless of the fact that the key is inaccessible, it does not meet the
strict requirements as defined by the standards. As an example, here is a
piece of the ANSI X9.24 Part 1 standard, which defines requirements for
handling and managing symmetric cryptographic keys in banking applications:
-------------- begin text from X9.24.1 ---------------
a) Cryptographic keys SHALL only exist in one or more of the following forms:
1) In a Tamper-Resistant Security Module (TRSM) as specified in Section 7.2
below.
2) If outside a TRSM, as a cryptogram that SHALL have been created inside a
TRSM by
TDEA using a Key Encrypting Key.
3) If non-encrypted and outside of a TRSM, a key SHALL exist only in one of
the following
forms:
i) as two or more key components as defined in Section 7.5, employing dual
control
and split knowledge or
ii) as a cleartext key while being transferred from a Key Loading Device
(KLD) to a
directly connected TRSM
-------------- end text from X9.24.1 ---------------
Some clarification of terms in this...
- A TRSM is a physically secure device which detects any attempt to tamper
with it and automatically clears all secret data (like keys)
- TDEA is a synonym for TDES, Triple-DES, which is the only symmetric crypto
algorithm currently approved for banking applications.
- "cryptogram" is just a fancy word for a piece of data that is in encrypted
form.
- "key components" are values that are combined together to form the actual
key, such that no component by itself can be
used to learn anything about the value of the key. (typically,
components are exclusive-ored together to create the key.)
- A KLD is a very specialized secure device that can be connected to an HSM,
Point of Sale terminal, etc. to load keys into it.
- In standards, the word SHALL means that something is absolutely mandatory.
So, this says that any complete key that is not encrypted MUST ONLY exist
inside a TRSM, which means a physically secure, tamper-detecteing device like
the Crypto Express. This is what the auditors are measuring the systems
against.
Todd Arnold
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
