Key Per IO Security Subsystem Class for NVM Express Storage Devices

Explore the Key Per IO (KPIO) Security Subsystem Class for NVM Express Storage Devices in this informative conference talk from USENIX Vault '20. Delve into the joint initiative between NVMe and TCG to define a new KPIO Security Subsystem Class under TCG Opal SSC. Learn about the architectural differences between traditional Self-Encrypting Drives (SED) and KPIO SSC, and discover how KPIO allows for management and secure downloading of large numbers of encryption keys into NVM subsystems. Understand the benefits of per-command data encryption, including support for GDPR compliance, easier data erasure in RAID/Erasure Coded systems, and granular encryption for sensitive files or host objects. Gain insights into the proposed KPIO SSC standard, its subtle features, and the current state of standardization efforts with NVMe and TCG working groups. Cover topics such as key provisioning, security capabilities, discovery, key tagging, and command structures. Conclude with a discussion on technical proposals for SCSI and SATA implementations, followed by a Q&A session.