DMTF’s Security Protocol and Data Model (SPDM) protocol is a widely used set of standards that enable secure communication and device authentication for platform-level security. This session will give an update on major developments by the SPDM Working Group, and where the group is going over the next year. In the past year, DMTF has released SPDM version 1.4, the first version to support CNSA 2.0 algorithms for post-quantum cryptography.

The Key Per IO (KPIO) project is a joint initiative between NVM Express® and the Trusted Computing Group (TCG) Storage Work Group to define a new KPIO Security Subsystem Class (SSC) under TCG Opal SSC for NVMe® class of Storage Devices. Self-Encrypting Drives (SED) perform continuous encryption on user accessible data based on contiguous LBA ranges per namespace. This is done at interface speeds using a small number of keys generated/held in persistent media by the storage device. KPIO will allow large number of encryption keys to be managed and securely downloaded into the NVM subsystem.

Almost everyone understands that systems and data both have lifecycles that typically include a disposal phase (i.e., what you do when you do not need something anymore). Conceptually, data needs to be eliminated either on a system or entirely (everywhere stored) as part of this disposal. Failure to correctly eliminate certain data can result in costly data breach scenarios. Selecting the form of storage sanitization that is appropriate to the sensitivity of the data sensitivity and that also considers circular business models is something that many organizations are pursuing.

About 80% of enterprises have experienced at least one firmware attack in the last two years* What is firmware resilience, how does it apply to SSDs to address these threats? - Not a new concept.

Ransomware attack mitigation has been a high profile problem and is getting more visibility in recent years due to the high payback from victims to have their data released. This proposal implements a series of ‘recognition’ triggers within a layered file system on Windows, which forces a caller through a form of 2FA to potentially reduce the impact of the attack. The approach taken by Thales, within the layered file system implementation for data protection, leverages several layers to recognize when a potential threat is executing.

The Quantum computing paradigm shift has changed the way we look at data security these days, especially the long-term security of data. Soon, the fast algorithms will be designed to run on quantum computers which can break some of the most widely used cryptosystems, making them vulnerable. However, to address this issue, Chaos theory is actively being studied as a basis for post-quantum era cryptosystems and advancement has been made in the domain of study. The unique characteristic of chaotic systems can be leveraged to produce highly secure cryptographic systems.

2022 has been an interesting and challenging year for storage security. The cyber threat landscape has witnessed large numbers of attacks impacting data and increased nation state activities directed at critical infrastructure. The regulatory landscape is undergoing change as well (e.g., EU Directive 2009/125/EC also known as LOT 9) and potentially imposing requirements that necessitate adjustments to security capabilities, controls, and practices to reflect new realities. By the end of 2022 there will be significant changes to security standards and specifications relevant to storage.