Wednesday, August 9th
9:45-10:50 AM
NVME-202-1: How to Use an Encryption Key Per IO and Flexible Data Placement (NVM Express Track)
Paper Title: How to Use an Encryption Key Per IO

Paper Abstract: The Key Per IO (KPIO) project was a joint initiative between NVM Express and the Trusted Computing Group (TCG) Storage Work Group to define a new KPIO Security Subsystem Class (SSC) under TCG Opal SSC for NVMe® technology class of Storage Devices. Self-Encrypting Drives (SED) perform continuous encryption on user accessible data based on contiguous LBA ranges per namespace. This is done at interface speeds using a small number of keys generated/held in persistent media by the storage device. KPIO allows a large number of encryption keys to be managed and securely downloaded into the NVM subsystem. Encryption of user data then occurs on a per command basis (each command may request to use a different key). These specifications are now available. This presentation will examine how to use this new capability to support use cases such as Support of EU - GDPR Support of data erasure when data is spread over many disks, support of data erasure of data that is mixed with other data needing to be preserved (multitenancy), assigning an encryption key to a single sensitive file or host object.

Paper Author: Festus Hategekimana, SSD Security Architect, Solidigm

Author Bio: Festus Hategekimana is an SSD security architect at Solidigm and is currently serving in TCG Storage Workgroup as the editor of the TCG Key Per IO SSC specification. Festus holds a PhD in computer engineering from the University of Arkansas where he focused on developing systems security frameworks for enabling secure FPGA sharing in multi-tenants cloud systems