The Key Per IO (KPIO) project is a joint initiative between NVM Express® and the Trusted Computing Group (TCG) Storage Work Group to define a new KPIO Security Subsystem Class (SSC) under TCG Opal SSC for NVMe® class of Storage Devices. Self-Encrypting Drives (SED) perform continuous encryption on user accessible data based on contiguous LBA ranges per namespace. This is done at interface speeds using a small number of keys generated/held in persistent media by the storage device. KPIO will allow large number of encryption keys to be managed and securely downloaded into the NVM subsystem.

Almost everyone understands that systems and data both have lifecycles that typically include a disposal phase (i.e., what you do when you do not need something anymore). Conceptually, data needs to be eliminated either on a system or entirely (everywhere stored) as part of this disposal. Failure to correctly eliminate certain data can result in costly data breach scenarios. Selecting the form of storage sanitization that is appropriate to the sensitivity of the data sensitivity and that also considers circular business models is something that many organizations are pursuing.

About 80% of enterprises have experienced at least one firmware attack in the last two years* What is firmware resilience, how does it apply to SSDs to address these threats? - Not a new concept.

Ransomware attack mitigation has been a high profile problem and is getting more visibility in recent years due to the high payback from victims to have their data released. This proposal implements a series of ‘recognition’ triggers within a layered file system on Windows, which forces a caller through a form of 2FA to potentially reduce the impact of the attack. The approach taken by Thales, within the layered file system implementation for data protection, leverages several layers to recognize when a potential threat is executing.

The Quantum computing paradigm shift has changed the way we look at data security these days, especially the long-term security of data. Soon, the fast algorithms will be designed to run on quantum computers which can break some of the most widely used cryptosystems, making them vulnerable. However, to address this issue, Chaos theory is actively being studied as a basis for post-quantum era cryptosystems and advancement has been made in the domain of study. The unique characteristic of chaotic systems can be leveraged to produce highly secure cryptographic systems.

2022 has been an interesting and challenging year for storage security. The cyber threat landscape has witnessed large numbers of attacks impacting data and increased nation state activities directed at critical infrastructure. The regulatory landscape is undergoing change as well (e.g., EU Directive 2009/125/EC also known as LOT 9) and potentially imposing requirements that necessitate adjustments to security capabilities, controls, and practices to reflect new realities. By the end of 2022 there will be significant changes to security standards and specifications relevant to storage.

A nation-state attack on the SolarWinds network management system in December 2020 compromised the supply chains of over 18,000 organizations, including the Pentagon and the Department of Homeland Security. As these supply chain security attacks continue, there is an increased focus on securing the supply chain. Organizations are seeking to understand their risk exposures from third parties and products they acquire and use. For products, security certifications can be useful to demonstrate security functionality as well as to assure security efficacy.

Zero Trust is a collection of security methodologies that work together to enforce access, with the view that your network has already been compromised, and using contextual information from identity, security, and IT infrastructure, along with risk and analytics tools, to enable dynamic enforcement of security policies uniformly across the corporate network. This session will highlight the main attributes of Zero Trust, and why it is important for storage developers.

The Storage Work Group under the Trusted Computing Group is active in security technologies related to data storage and focuses on data at rest encryption mechanisms. Over the course of 2022 and 2023, TCG SWG has been very active and has released many new specifications and reference documents. This talk will cover various documents released and gives a preview of some of the work underway. Somethings we will cover are SIIS updates, CNL, Test case documents. KPIO and app note for KPIO.

DMTF has released SPDM version 1.3, with a number of enhancements to the protocol. These include: - Support for multiple keys - Event notification - Improvements in measurement handling - A hash-extended measurement mechanism - Endpoint identification - Even more support for extensibility by industry partners Status of libspdm, an open source implementation of the SPDM protocol on github. These changes enable new capabilities to be built on top of SPDM to enable a variety of solutions. Work on SPDM v1.4 is already underway.