New IBM Mainframe Gets Crypto Upgrade

Share this post:

A few weeks ago, IBM announced its most powerful and technologically advanced mainframe ever — the new zEnterprise EC12.

The new system features state-of-the-art technologies that demonstrate IBM’s ongoing commitment to secure and manage critical information with the System z mainframe. More specifically, the mainframe includes a new cryptographic co-processor called the Crypto Express4S designed by IBM scientists in Zurich.

To help understand this innovation better we spoke with its two developers Silvio Dragone, who designed the hardware, and Tamas Visegrady, who wrote the code.

Q. What exactly does a cryptographic co-processor do?

Tamas Visegrady: It’s a device to segregate security relevant operations. This means sensitive data can be secured in a dedicated environment, reducing risk.

Silvio Dragone: Exactly. It is a card to physically control security separated from the processor. You can think of it as a PC dedicated to just cryptography.

Q. What exactly did you develop?

SD: The work was originally developed within IBM’s Systems and Technology Group (STG) in Poughkeepsie, NY. We began collaborating with them few years ago, particularly as stronger requirements were being made by the EU, such as new passports, which have smart chips. Working closely with STG, we designed the architecture for the recent Crypto Express4S hardware enhancements and wrote specifications plus prototype code for the new mainframe crypto provider firmware.

TV: Another unique feature of the card was developed by our Zurich colleague Heiko Wolf. He is an expert in nanopatterning, and made the cards tamper-proof with specially designed packaging and materials.

Q. What was the biggest challenge in developing the Crypto Express4S?

SD: Well, the Crypto Express4S is the last line of defense in protecting data. And when it comes to our clients, this tends to be very sensitive data such as passports, national ID cards and financial information. So, losing this data is not an option.

The front cover of a contemporary
biometric passport

The biggest challenge is designing the hardware and software so it’s fail proof. We refer to it as “mainframe reliability,” which is very unique. It’s not often that hardware and software guys agree on everything, but Tamas and I meet in the middle more times then not.

TV: We’ve been developing cryptographic co-processor’s for 10 years and one of the biggest challenges is to continue to push the boundaries of its development for each new mainframe.  For the 4S, it is significantly faster based on some new algorithms, but speed can sometimes become a trade-off with security. So, it’s a big challenge to get them working together.

Often you read about raw speed being the key factor of a cryptographic co-processors, but that’s like saying a 32 megapixel camera is the best. There are many factors to consider and in our opinion we will accept a small drop in speed for an increase in reliability and security.

Q. So what’s next?

TV: As mainframes benefit from advancements in technology, whether it’s more speed or more power, it trickles down to the cryptographic co-processor. So, we need to work this into our designs to keep up with the needs of the industries we support.

SD: We keep an eye on what is happening in terms of security threats and try to preempt any weaknesses before they impact our clients.

More stories

A new supercomputing-powered weather model may ready us for Exascale

In the U.S. alone, extreme weather caused some 297 deaths and $53.5 billion in economic damage in 2016. Globally, natural disasters caused $175 billion in damage. It’s essential for governments, business and people to receive advance warning of wild weather in order to minimize its impact, yet today the information we get is limited. Current […]

Continue reading

DREAM Challenge results: Can machine learning help improve accuracy in breast cancer screening?

        Breast Cancer is the most common cancer in women. It is estimated that one out of eight women will be diagnosed with breast cancer in their lifetime. The good news is that 99 percent of women whose breast cancer was detected early (stage 1 or 0) survive beyond five years after […]

Continue reading

Computational Neuroscience

New Issue of the IBM Journal of Research and Development   Understanding the brain’s dynamics is of central importance to neuroscience. Our ability to observe, model, and infer from neuroscientific data the principles and mechanisms of brain dynamics determines our ability to understand the brain’s unusual cognitive and behavioral capabilities. Our guest editors, James Kozloski, […]

Continue reading