TPF users group meeting, October, 2004 Marriott Reservations Systems Development [email protected]

TPF users group meeting, October, 2004Marriott Reservations Systems [email protected]


Background

• Credit Card Vendors requiring merchants to comply with a vast array of new security policies– Transmission Encryption and Authentication (SSL)– Storage Encryption– System Access and Security (Logins, Passwords, and Timeouts)– Audit Trails for all accesses to credit card or critical data– + much more

• Y2K-like effort !


SSL on TPF - Performance

• SSL testing with RC4/SHA and 3DES/SHA – Other ciphers inadequate. MD5 is vulnerable.– Comparison of equivalent SSL and non-SSL traffic– Results (performed on z/900 model 104 = 33.6 ITRRs) :

3DES/SHA 40byte in / 4K out 100msgs/sec +3.40

3DES/SHA 6 byte in / 6 byte out 100msgs/sec +0.84

RC4/SHA 40byte in / 4K out 100msgs/sec +1.68

3DES/SHA*** 40 byte in/ 4K out 14msgs/sec +8.4

Msg. Size Rate Additional I.T.R.R.s

*** Non-persistent connection. Each msg -> SSL handshake (1K RSA key)


SSL on TPF - Conclusions

• Works well for low volume applications

• CPU costs prohibitive for high volume traffic– Even for persistent connections

• SSL handshake CPU costs for non-persistent connections extremely high– After IPL our z104 would only be able to recover ~14 connections/sec (using

about 25% of total capacity). ~12 minutes to recover 10000 socket connections.


SSL on TPF - Alternatives

1. Use external Router to do SSL translation

2. Set up a LINUX partition as a back-end RSA handshake validater, TPF front-ends the traffic

3. Set up a LINUX partition to front-end the traffic, TPF is the back end.

Option 1. was not used – not end-to-end security


Option 2 – LINUX as the back end

TPF on z990-302

VM

/ LIN

UX

V

M

TP

F

PCICACrypto-card

Shared PR/SM

OS

AMCN II

12

3

1. Connection Request arrives

2. A TPF hook in theSSL package intercepts the handshake and passes key data over to VM/LINUX via a socket connection.

3. VM/LINUX kicks off athread that runs a program to perform key decryption. Return code passed back to TPF.

4. Once connection established - Remaining socket traffic (symmetric decryption) is performed entirely by TPF. No need for LINUX.

4


Option 2 – LINUX as the back end

Issues: 1. Very low level (device level)

programming necessary on LINUX side. Must write software at the LIBICA level to drive “math” functions on the PCICA card.

2. Intercept at the TPF side is also deep inside the SSL package, e,g. hooks need to be put into a couple of the 400+ C components that is a part of openssl. Denormalization of mathematical data rqd.

static int RSA_eay_private_decrypt(int flen, unsigned char *from, unsigned char *to, RSA *rsa, int padding)

3. Does not solve the CPU cost of symmetric encryption on TPF for established connections.


Option 3 – LINUX as the front end

TPF on z990-302

VM

/ LIN

UX

/ IFLV

M

TP

F

PCICACrypto-card

Shared PR/SM

OS

AMCN II

1

2

1. Traffic Arrives at the LINUX machine’s IP Address.

2. LINUX (running STUNNEL and OPENSSL) uses the HW facilities to decrypt the data.

3. LINUX passes the data to a TPF INETD listener which is expecting non-encrypted data. TPF does not know it is talking to LINUX. The client thinks it is talking directly to TPF as well.

Because LINUX is under an IFL license agreement,The CPU costs are significantly lower.

3



LINUX SSLDecrypterw STUNNEL

#1

VM/LINUX LPAR Configuration

VM/LINUX

LINUX SSLDecrypterw STUNNEL

#2

LINUX Web

Server

LINUX Guest

Machines

LINUX PrimaryRouter #2

LINUX PrimaryRouter #1

TPF

P CI C

A

Model z990z/302

OS

AVM / LINUX Guest Machines. (IP addresses are not Broadcasted)

VM / LINUX routers route Traffic to Guests via portMapping and IP tables.

OSA addresses are onlyAssigned to TPF and the Two LINUX “virtual” Routers. External Trafficcan come to/from TPFand those two routers.



1. S-TUNNEL v3.14 used to convert SSL traffic to non-SSL traffic then sent to TPF.

2. OPENSSL v9.6G in use on LINUX which has been patched to make use of the crypto facilities

- Z990 series hardware/sw provides even some assist-functionality for symmetric encryption.

3. LINUX kernel is SuSE 2.4.19 distribution 8 obtained from IBM with device drivers (z90crypt and OSA) installed.

Most CPU efficient and simplest solution ! (note: Have not yet applied all S-tunnel patches to enable crypto-HW with OpenSSL)


SSL on TPF

• For CP fallback purposes we will still use TPF’s native SSL.– LINUX not yet configured on our z/OS CPC

Client Authentication• Needed to configure TPF to authenticate client

certificates. – True end-to-end security requires both sides

authenticate each other.– No documentation on how to do this

• Overall TPF’s documentation is excellent, but SSL is HUGE!


SSL on TPF – Client Authentication

CLIENT TPF

VERISIGN

ClientCertificates

Verisign’s Certificates,(Server Certificate Chain)

CertificateSigning Request

Signed Certificates



/**********************************************/ /* Shared SSL processing */ /**********************************************/ /* initialize the SSL library */ SSL_library_init(); /* set SSLv23 for the connection */ meth = SSLv23_server_method();

/*Create the new CTX with the method */ ctx = SSL_CTX_new_shared(meth, NULL);

/* Set the Cipher list */ SSL_CTX_set_cipher_list(ctx, CIPHER_LIST)

• Server Sample Code



/* file where CA certificates are stored */ SSL_CTX_load_verify_locations(ctx, CA_FILE, NULL) /* set the certificate to be used */ SSL_CTX_use_certificate_file(ctx, CERT_FILE, SSL_FILETYPE_PEM) /* load the password for the Private Key*/ SSL_CTX_set_default_passwd_cb_userdata(ctx,KEY_PASSWD);

/* indicate the key file to be used */ SSL_CTX_use_PrivateKey_file(ctx, KEY_FILE, SSL_FILETYPE_PEM) /*make sure the key and certificate file match */ SSL_CTX_check_private_key(ctx) /* send to client the names of CA certificates we will accept */ SSL_CTX_load_and_set_client_CA_file( ctx, CA_FILE )



/*ensure clients sends us a valid certificate */ SSL_CTX_set_verify( ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT | SSL_VERIFY_CLIENT_ONCE, NULL ); /* Accept a socket client */ while(1) { client_sock = accept(sslserver_sock,NULL,NULL); myssl = SSL_new(ctx); SSL_set_fd(myssl,client_sock); SSL_accept(myssl); //check return code !

/* Future function needed to validate client’s FQDN for shared SSL */ if (check_client( myssl, FQDN ) != X509_V_OK) SSL_aor(myssl, aor_parm, socket_reader_prog, istream=0 ); }


Notes:• CA_FIL is the “server certificate chain” containing certificates that the

CA used to sign the clients certificate with. E.g. If the client’s certificate was signed by Verisign, then our CA_FIL will contain 2 concatonated certificates:

• Verisign Class 1 root certificate

• Verisign Class 3 intermediate certificate • Check_client (certificate) should be provided by TPF in the future – its

purpose would be to pull out the clients Fully Qualified Domain Name from the client certificate. This is because *any* client certificate signed by Verisign can pass the SSL_accept()

• Error handling - SSL_CTX_free(ctx); should only be coded when stopping the listener, not by the aor’d targed ECB (the one doing the SSL_read). The AOR target ECB should only perform the SSL_free( … );



OpenSSL How-to’s

download openssl package from www.openssl.org create a sample config.ssl file by cut&paste from internet into a file

To create a private key and server certificate and display it: openssl genrsa -des -out mykeysa.pem 1024 openssl req -new -x509 -key mykeysa.pem -out testcert1.pem -days 1095 openssl x509 -in testcert1.pem -noout -text

to generate a csr for Verisign to sign: openssl req -new -sha1 -key server.key -out server.csr -config config.ssl to generate a ca key, a ca certificate, and sign anyone’s csr’s: create a ./democa directory with all necessary special files and directories and create a config.ca file. This was done by printing out stuff on the web and looking at the PERL scripts in /ssl/096e/apps (ensure index.txt is 0 length otherwise you get a wrong number of fields on line 1 error)


OpenSSL How-to’s

openssl genrsa -des3 -out ca.key 1024 move this key into ./democa/private create a self signed certificate: openssl req -new -x509 -sha1 -days 365 -key ca.key -out ca.crt -config config.ssl move this key into ./democa now generate a certificate request (have to ensure we dont have duplicate data in csrs - modify config.ssl to change the common name) openssl req -new -sha1 -key alex1.pem -out alex1.csr -config config.ssl the above generates a csr. The below signs it: openssl ca -out -alex1.crt -md sha1 -config config.ca -in alex1.csr -key ca.key -cert ca.crt create a file of certificates note: <xxx.crt> can be more certs openssl x509 -in ca.crt <xxx.crt> -text >> ca.fil to verify a match for ca cert and cert: openssl verify -CAfile ca.fil -purpose sslserver alex1.crt !!!!! ca.fil is sent to our remote client to use as their “client certificate chain”


Data Encryption

• Credit Card Security requires storage encryption of credit card data.

• IBM/TPF provides CIFRC (which requires obtaining BQKDES from IBM) for data encryption. (56-bit DES).

• Marriott chose to use SSL 9.7 AES encryption software (American Encryption Standard – US sanctioned)– AES is 128 or 256 bit (min. 128 bit are today’s standards)– AES is *Very Efficient* (better than DES!)


Data Encryption

• You can also use publicly available AES algorithms.– Should run a KAT test on the results of the algorithm @

(http://csrc.nist.gov/CryptoToolkit/aes/katmct/katmct.htm)

• Implementation at Marriott:– ENCRYPT &INPUT,&LEN,&OUTPUT,&ERROR

• &INPUT is a 1-32 byte input value• &LEN is length of input• &OUTPUT is a 34 byte result (32 byte ciphertext+2byte PARS date)• &ERROR – label to branch to for error.

– The encryption key is internally controlled• Too dangerous and risky to make the key a parameter on the macro

• Future : on Z990 can use assember inst. For 3DES.


Final Comments

• It appears that SSL will play a “primary” role in future intra- and extra- networks. Authentication will be a central theme.

• IBM/TPF’s SSL support is based on the base 9.6 version. Currently versions 9.6m and 9.7d are available. An update is warranted.

• IBM/TPF’s SSL should add a routine for shared SSL to interrogate the FQDN of a certificate.

• SSL support for MQ and Apache should be considered.


Special Credit toBob Fowle and Robert Byrd

at MarriottAAaM.

Documents

TPF users group meeting, October, 2004 Marriott Reservations Systems Development [email protected]