Fine Grain Encryption Control for Enterprise Applications

Author(s)/Presenter(s):
Library Content Type:
Publish Date: 
Tuesday, September 28, 2021
Event Name: 
Event Track:
Abstract: 

The Key Per IO (KPIO) project is a joint initiative between the NVM Express® and TCG Work Groups (WGs) to define a new KPIO Security Subsystem Class (SSC) under TCG Opal SSC for NVMe® class of Storage Devices. Self-Encrypting Drives (SED) perform continuous encryption on user accessible data based on contiguous LBA ranges per namespace. This is done at interface speeds using a small number of keys generated/held in persistent media by the storage device. KPIO will allow large numbers of encryption keys to be managed and securely downloaded into the NVM subsystem. Encryption of user data then occurs on a per command basis (each command may request the use a different key). This provides a finer granularity of data encryption that enables a granular encryption scheme in order to support the following use cases:

1) Easier support of European Union’s General Data Protection Regulations’ (GDPR) “Right to be forgotten”.

2) Easier support of data erasure when data is spread over many disks (e.g., RAID/Erasure Coded)

3) Easier support of data erasure of data that is mixed with other data needing to be preserved.

4) Assigning an encryption key to a single sensitive file or host object.

The presentation will include a brief introduction to the architectural differences between traditional SEDs and the KPIO SSC, followed by an overview of the proposed TCG KPIO SSC specification, and the features in the NVMe commands to allow use of KPIO. The talk will conclude by summarizing the current state of the standardization proposals with in NVM Express.org and the TCG Storage WG.

  • Attendees would get an overview of the new TCG security initiative to address the enterprise server use cases
  • Learn to participate in new, advanced security for key management in the cloud server applications
  • Comprehend the methodology presented to improve the performance and security of the enterprise storage systems

Watch video: