Paper Title: Key per IO - Fine Grain Encryption for Storage

Paper Abstract: The Key Per IO (KPIO) project is a joint initiative between NVM Express and Trusted Computing Group (TCG) Storage Work Groups (WGs) to define a new KPIO Security Subsystem Class (SSC) under TCG Opal SSC for NVMe class of Storage Devices. Self-Encrypting Drives (SED) perform continuous encryption on user accessible data based on contiguous LBA ranges per namespace. This is done at interface speeds using a small number of keys generated/held in persistent media by the storage device. KPIO will allow large numbers of encryption keys to be managed and securely downloaded into the NVM subsystem. Encryption of user data then occurs on a per command basis. This provides a finer granularity of data encryption that enables a granular encryption scheme in order to support several use cases that the presentation will review. The presentation will introduce the architectural differences between traditional SEDs and the KPIO SSC, provide an overview of the proposed TCG KPIO SSC spec and the features in the NVMe commands to allow use of KPIO, and conclude by summarizing the current state of the standardization proposals in NVM Express and the TCG Storage WG.

Paper Author: Fred Knight, , NetApp

Author Bio: Fred Knight's Biography: Frederick Knight is a Principal Standards Technologist at NetApp Inc. Fred has over 40 years of experience in the computer and storage industry. He currently represents NetApp in several National and International Storage Standards bodies and industry associations, including NVM Express, SCSI (T10), Fibre Channel (T11), ATA (T13), IETF (iSCSI), SNIA, and JEDEC. He has authored documents at NVM Express, SNIA, the IETF, JEDEC, and the INCITS T10/T11/T13 committees . He is also the editor for several INCITS standards and the Convenor for the ISO/IEC JTC-1/SC25/WG4 international committee (overseeing the international standardization of T10/T11/T13 documents). Fred has received several NetApp awards for excellence and innovation and is the holder of several patents. He also received the INCITS Technical Excellence Award for his contributions to both T10 and T11 and the INCITS Merit Award for his longstanding contributions to the international work of INCITS. He also developed the first native FCoE target device in the industry. At NetApp, he contributes to technology and product strategy and serves as a consulting engineer to product groups across the company. Prior to joining NetApp, Fred was a Consulting Engineer with Digital Equipment Corporation, Compaq, and HP where he worked on clustered operating system and I/O subsystem design. Festus Hategekimana's Biography: Festus Hategekimana is a security architect at Solidigm Technology where he focuses on driving the development and adoption of TCG Technologies for enterprise SSDs. In TCG, Festus is currently serving as the editor of the TCG’s Key Per I/O SSC specification. Festus holds a PhD in Computer Engineering with a focus on security isolation architectures and their application to multi-tenant cloud systems.