Download Safari Books Online apps: Apple iOS | Android

Entire Site

Safari Books Online

    Free Trial

    Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

    Start ReadingShareBuy Print Version
    IBM System i Security: Protecting i5/OS Data with Encryption

    • IBM System i Security: Protecting i5/OS Data with Encryption

    • By: Yessong Johng; Beth Hagemeister; John Concini; Milan Kalabis; Robin Tatam

    • Publisher: IBM Redbooks

    • Pub. Date:

    • Part Number: SG24-7399-00

    • Print ISBN-10: 0-7384-8537-3

    • Print ISBN-13: 978-0-7384-8537-9

    • Pages in Print Edition: 308

    • Subscriber Rating: 0 out of 5 rating0 [0 Ratings]

    ebooken
    Subscriber Reviews • Browse Similar Topics

    Overview

    Regulatory and industry-specific requirements, such as SOX, Visa PCI, HIPAA, and so on, require that sensitive data must be stored securely and protected against unauthorized access or modifications. Several of the requirements state that data must be encrypted.

    IBM® i5/OS® offers several options that allow customers to encrypt data in the database tables. However, encryption is not a trivial task. Careful planning is essential for successful implementation of data encryption project. In the worst case, you would not be able to retrieve clear text information from encrypted data.

    This IBM Redbooks® publication is designed to help planners, implementers, and programmers by providing three key pieces of information:
    Part 1, "Introduction to data encryption" on page 1, introduces key concepts, terminology, algorithms, and key management. Understanding these is important to follow the rest of the book.

    If you are already familiar with the general concepts of cryptography and the data encryption aspect of it, you may skip this part.

    Part 2, "Planning for data encryption" on page 37, provides critical information for planning a data encryption project on i5/OS.

    Part 3, "Implementation of data encryption" on page 113, provides various implementation scenarios with a step-by-step guide.

    Subscriber Reviews

    Average Rating: 0 out of 5 rating Based on 0 Ratings

    No Subscribers have provided a review for this book.

    Table of Contents

     

    View Sample
    Notices
    View Sample

    Trademarks

    View Sample
    Preface
    View Sample

    The team that wrote this book

    View Sample

    Become a published author

    View Sample

    Comments welcome

    View Sample

    Part 1. Introduction to data encryption

    View Sample

    Download ChapterDownload Chapter
    0 Tokens    Chapter 1. Data encryption: the big picture

    View Sample
    1.1. Introducing encryption
    View Sample

    1.1.1. What is data encryption

    View Sample

    1.1.2. What drives the requirement

    View Sample

    1.1.3. Where to protect the data

    View Sample
    1.2. Building on top of a secure foundation
    View Sample

    1.2.1. Only one piece of the security puzzle

    View Sample

    1.2.2. Security is not only about privacy

    View Sample

    1.2.3. Surely not on System i

    View Sample

    1.2.4. Security initiatives to consider

    View Sample

    1.2.5. A final word on traditional security

    View Sample
    1.3. What this book is about
    View Sample

    1.3.1. Book objectives

    View Sample

    1.3.2. Book road map

    View Sample

    Download ChapterDownload Chapter
    0 Tokens    Chapter 2. Algorithms, operations, and System i implementations

    View Sample
    2.1. Cryptographic algorithms
    View Sample

    2.1.1. Cipher algorithms

    View Sample

    2.1.2. Key distribution algorithms

    View Sample

    2.1.3. One-way hash algorithms

    View Sample

    2.1.4. Random number generation algorithms

    View Sample

    2.1.5. Summary of algorithms

    View Sample
    2.2. Cryptographic operations
    View Sample

    2.2.1. Data confidentiality

    View Sample

    2.2.2. Data authentication, integrity, and non-repudiation

    View Sample

    2.2.3. Key and random number generation

    View Sample

    2.2.4. Financial PINs

    View Sample

    2.2.5. Key management

    View Sample
    2.3. System i cryptographic implementations overview
    View Sample

    2.3.1. Cryptographic service providers

    View Sample

    2.3.2. Cryptographic interfaces

    View Sample
    Download ChapterDownload Chapter
    0 Tokens    Chapter 3. Key management concepts
    View Sample

    3.1. Key management considerations

    View Sample

    3.2. Size matters

    View Sample
    3.3. Establishing a key value
    View Sample

    3.3.1. Generating a key value

    View Sample

    3.3.2. Using a known key value

    View Sample

    3.4. Storing keys

    View Sample
    3.5. Key separation
    View Sample

    3.5.1. Key hierarchy

    View Sample

    3.5.2. Key use

    View Sample

    3.5.3. Keystore authorization

    View Sample

    3.5.4. Key management responsibilities

    View Sample

    3.6. Backing up keys

    View Sample

    3.7. Changing keys

    View Sample

    3.8. Key distribution

    View Sample

    3.9. Key destruction

    View Sample

    Part 2. Planning for data encryption

    View Sample
    Download ChapterDownload Chapter
    0 Tokens    Chapter 4. Analyzing needs and defining scope
    View Sample

    4.1. Needs analysis

    View Sample
    4.2. Defining the scope
    View Sample

    4.2.1. What data to protect

    View Sample

    4.2.2. Define your requirements

    View Sample

    4.2.3. Evaluate the impact of change

    View Sample

    4.2.4. Return on investment

    View Sample

    Download ChapterDownload Chapter
    0 Tokens    Chapter 5. Managing keys on System i

    View Sample
    5.1. Cryptographic services
    View Sample

    5.1.1. Master keys

    View Sample

    5.1.2. Keystore files

    View Sample

    5.1.3. Changing a master key

    View Sample

    5.1.4. Master key variants

    View Sample

    5.1.5. Using keys in an application

    View Sample

    5.1.6. Key distribution

    View Sample

    5.1.7. Generating keys

    View Sample

    5.1.8. Backing up keys

    View Sample
    5.2. CCA key management
    View Sample

    5.2.1. Configuring the cryptographic coprocessor

    View Sample

    5.2.2. Master keys

    View Sample

    5.2.3. Key tokens

    View Sample

    5.2.4. Keystore files

    View Sample

    5.2.5. Retain keys

    View Sample

    5.2.6. Control vectors

    View Sample

    5.2.7. Key identifier

    View Sample

    5.2.8. Key distribution

    View Sample

    5.2.9. Changing master keys

    View Sample

    5.2.10. Generating keys

    View Sample

    5.2.11. Backing up keys

    View Sample

    5.2.12. Using multiple coprocessors

    View Sample

    5.3. Roll your own key management

    View Sample
    5.4. Establishing a secure keystore environment
    View Sample

    5.4.1. Object security 101

    View Sample

    5.4.2. Create user profiles

    View Sample

    5.4.3. Location, location, location

    View Sample

    5.4.4. Secure the keystore

    View Sample

    5.4.5. Accessing the keystore

    View Sample

    5.4.6. Auditing keystore access

    View Sample
    Download ChapterDownload Chapter
    0 Tokens    Chapter 6. Choosing a data encryption method
    View Sample

    6.1. Factors to consider

    View Sample

    6.2. Choosing an interface

    View Sample
    6.3. Choosing an algorithm
    View Sample

    6.3.1. Cipher algorithm

    View Sample

    6.3.2. Hash and HMAC algorithms

    View Sample

    6.4. Tips and techniques

    View Sample
    Download ChapterDownload Chapter
    0 Tokens    Chapter 7. Database considerations
    View Sample

    7.1. Understanding how the database is used

    View Sample
    7.2. How encryption impacts database structure
    View Sample

    7.2.1. Modifying current record layout structure

    View Sample

    7.2.2. Normalizing the encrypted fields

    View Sample

    7.2.3. Key version field

    View Sample
    7.3. Converting the plaintext data to ciphertext
    View Sample

    7.3.1. Adjusting to database structure changes

    View Sample

    7.3.2. Encrypting existing data

    View Sample

    7.3.3. Reducing the initial data conversion window

    View Sample

    7.3.4. Validating the encrypted data

    View Sample
    7.4. Common tools for data maintenance and inquiry
    View Sample

    7.4.1. AS/400 Data File Utility (DFU)

    View Sample

    7.4.2. IBM Query for i5/OS (Query/400)

    View Sample

    7.4.3. Interactive SQL

    View Sample

    7.4.4. Other tools

    View Sample

    Download ChapterDownload Chapter
    0 Tokens    Chapter 8. Application considerations

    View Sample
    8.1. Accommodating database changes
    View Sample

    8.1.1. Record format changes

    View Sample

    8.1.2. Database normalization

    View Sample
    8.2. Working with encrypted data
    View Sample

    8.2.1. Performing encryption tasks with database triggers

    View Sample

    8.2.2. Determining encryption state

    View Sample

    8.2.3. Data sorting

    View Sample

    8.2.4. Random access to encrypted data

    View Sample

    8.2.5. Triggers

    View Sample
    8.3. Other considerations
    View Sample

    8.3.1. Spooled files

    View Sample

    8.3.2. Exported data

    View Sample

    Download ChapterDownload Chapter
    0 Tokens    Chapter 9. Backup considerations

    View Sample
    9.1. Managing keys on a backup system
    View Sample

    9.1.1. Coordinating keys between multiple systems

    View Sample

    9.1.2. Translating keystores

    View Sample

    9.1.3. Transporting keys between systems

    View Sample
    9.2. Securing backup data
    View Sample

    9.2.1. Transporting data to the backup system

    View Sample

    9.2.2. Working with encrypted data between multiple systems

    View Sample

    Part 3. Implementation of data encryption

    View Sample

    Download ChapterDownload Chapter
    0 Tokens    Chapter 10. SQL method

    View Sample
    10.1. Preparing for encryption
    View Sample

    10.1.1. Encryption prerequisites

    View Sample

    10.1.2. Identifying changes to your database

    View Sample

    10.1.3. Analyzing impact to performance

    View Sample
    10.2. Encrypting data using an encryption password
    View Sample

    10.2.1. Associating a hint with a password

    View Sample

    10.2.2. Using a password in a view

    View Sample

    10.2.3. Using password and hint as encryption parameters

    View Sample
    10.3. Encrypting data with triggers
    View Sample

    10.3.1. Using classical triggers

    View Sample

    10.3.2. Using Instead Of Triggers

    View Sample

    10.4. Using user-defined functions (UDFs) with encrypted data

    View Sample

    10.5. Encrypting with stored procedures

    View Sample

    Download ChapterDownload Chapter
    0 Tokens    Chapter 11. Cryptographic Services APIs method

    View Sample
    11.1. Scenario description
    View Sample

    11.1.1. Setting up a master key

    View Sample

    11.1.2. Setting up a symmetric data encryption key

    View Sample

    11.1.3. Encrypting data

    View Sample

    11.1.4. Decrypting data

    View Sample

    11.1.5. Scenario analysis and summary of APIs used

    View Sample
    11.2. Scenario application setup
    View Sample

    11.2.1. Sample application download and initial setup

    View Sample

    11.2.2. Creating commands for sample application scenario

    View Sample
    11.3. Using the scenario application
    View Sample

    11.3.1. Create a master key: SET_MSTR_K command

    View Sample

    11.3.2. Create symmetric keys: GEN_SYMKEY command

    View Sample

    11.3.3. Encrypt data: SET_DATA command

    View Sample

    11.3.4. Decrypt data on source system: GET_DATA command

    View Sample

    11.3.5. Decrypt data on target system

    View Sample

    11.3.6. Execution example of scenario application

    View Sample
    11.4. Another scenario: for external UDFs functions
    View Sample

    11.4.1. External UDFs functions scenario overview

    View Sample

    11.4.2. HASH_DATA UDF function

    View Sample

    11.4.3. DEC_DATA UDF function

    View Sample

    11.4.4. Running DEC_DATA command

    View Sample

    11.4.5. Execution example of external UDFs function scenario

    View Sample

    11.4.6. Using the external trigger function

    View Sample

    Download ChapterDownload Chapter
    0 Tokens    Chapter 12. HW-based method

    View Sample
    12.1. Scenario overview
    View Sample

    12.1.1. Scenario A: exchanging secret data between two systems

    View Sample

    12.1.2. Scenario B: encryption/decryption of data on the same system

    View Sample

    12.2. Prerequisites and assumptions

    View Sample

    12.3. Scenario environment setup

    View Sample
    12.4. Exchanging secret data between two systems (scenario A)
    View Sample

    12.4.1. Two systems scenario: step-by-step guide

    View Sample

    12.4.2. Execution example of scenario A

    View Sample
    12.5. Data encryption/decryption on same system (scenario B)
    View Sample

    12.5.1. Single system scenario: step-by-step guide

    View Sample

    12.5.2. Execution example of scenario B

    View Sample
    Download ChapterDownload Chapter
    0 Tokens    Appendix A. Additional material
    View Sample

    Locating the Web material

    View Sample
    Using the Web material
    View Sample

    System requirements for downloading the Web material

    View Sample

    How to use the Web material

    View Sample
    Related publications
    View Sample

    IBM Redbooks

    View Sample

    Other publications

    View Sample

    Online resources

    View Sample

    How to get Redbooks

    View Sample

    Help from IBM

    View Sample

    Index

    View Sample

    Back cover