Upload
gene-f
View
212
Download
0
Embed Size (px)
Citation preview
Preface
This issue contains papers on recent advances incryptography that are embodied in the CommonCryptographic Architecture (CCA) and associatedtechnology for managing single-key crypto-graphic systems. We are indebted to R. C.Elander of the IBM Kingston Programming Centerin Kingston, New York, and C. L. Symes of IBMEnterprise Systems in Poughkeepsie, New York,for their contributions to the planning and prep-aration of this issue.
Single-key cryptographic systems are those inwhich the sender and receiver share a private keythat allows them to encode and decode a messagetransmitted between them. In contrast, public-key systems have different keys for the senderand receiver, and neither can derive the other'skey. The single-key approach to message-levelsecure communication was selected by the Na-tional Security Agency and the National Bureauof Standards, as it was then known, in the mid-1970s. In 1977, they adopted as a standard anIBM-designed single-key security algorithm,which became known as the Data Encryption Al-gorithm (DEA) and Data Encryption Standard(DES). DEA and DES remain today as the standardsingle-key technology, having resisted concertedefforts to find general methods for cracking theresulting codes.
In the intervening years there have been manyadvances in single-key secure communicationsand in the implementation of such security sys-tems. All of this activity has created a require-ment for an overall architecture for secure com-munications programming. IBM has answered thatrequirement with the Common Cryptographic Ar-chitecture (CCA) and has built products based onthat architecture. This issue has six papers onsingle-key cryptography and its architectural andtechnical support.
Johnson, Dolan, Kelly, Le, and Matyas discussthe CAA Cryptographic Application ProgrammingInterface (Cryptographic API), which has been an-
128 PREFACE
nounced by IBM. It simplifies use of cryptographicservices specified by the CCA. The authors de-scribe advanced user features and provide typicalapplication scenarios to show how easily thesenew callable key-management services can beused. Symes has provided a sidebar that givesbackground information for those not familiarwith general product features and support forcryptography and computer security.
Much of the current technology for cryptographyis based on the management of security keys thatare associated with resources and people. Matyasdescribes how CCA implements keys through con-trol vectors that define permitted uses of that keyin the context of a DEA-based system. The key iscryptographically linked to the control vector,and the resulting token is the basic unit for secureprocessing and distribution. He also contrastscontrol vectors with another means of key man-agement, namely variants.
Matyas, Le, and Abraham contribute a paper anmanagement of keys using a scheme that is partof the new IBM Transaction Security System.That system is supported by special instructionsthat form the secure hardware basis of the Trans-action Security System cryptographic facility(CF). The advantage of the control vector ap-proach is shown to be programs that are simplerand that operate on a robust data structure.
Within the context of the CCA, there is a require-ment for a new approach to cryptography-onethat is implemented through special instructionsin general-purpose computers. The result is theESA/390™ Integrated Cryptographic Facility(ICRF), which directly supports key managementand control vectors in the hardware. Yeh andSmith describe the ICRF, its objectives, applica-tions, key management, and physical security.
Abraham, Dolan, Double, and Stevens discuss indetail the IBM Transaction Security System as an
IBM SYSTEMS JOURNAL, VOL 3D, NO 2, 1991
implementation of the CCA. Since there is no com-plete and final algorithmic solution for computerand data security, they show how engineering andcommon sense can be used to form the basis forthe development of practical cryptographic sys-tems, and especially for the Transaction SecuritySystem in CCA.
The Transaction Security System, as discussedabove, fully implements the CCA. But, as Johnsonand Dolan show in the final paper of this issue, italso provides extensions to CCA to satisfy addi-tional customer requirements. Extensions de-scribed in this paper include programmer supportthrough intuitive security mechanisms, paramet-ric enhancements to the Cryptographic API, andmasking of complexity through a layered ap-proach, among others.
The next issue of the Journal will contain severalpapers related to computer communications,along with papers on such subjects as softwarequality, REXX partial compilation, and multi-media for education.
Gene F. HoffnagleEditor
IBM SYSTEMS JOURNAL, VOL 30, NO 2, 1991 PREFACE 129