This course covers the Key Per IO Security Subsystem Class for NVM Express Storage Devices, focusing on the KPIO proposal to enhance data encryption at a finer granularity. The learning outcomes include understanding the architectural differences between traditional SED and KPIO SSC, key provisioning, security capabilities, benefits, standardization, and various use cases. The course teaches about managing large numbers of encryption keys, securely downloading them into the NVM subsystem, and encrypting user data on a per command basis. The teaching method involves a talk that provides an overview of the KPIO SSC standard and its features, concluding with the current state of the standardization proposal. The intended audience for this course includes professionals interested in data security, encryption technologies, and NVM Express storage devices.
Key Per IO Security Subsystem Class for NVM Express Storage Devices
Overview
Syllabus
Introduction
Encryption
Disclaimers
Concept
Use Cases
Key Provisioning
Security Capabilities
Benefits
Standardization
Discovery
Key Tag
Commands
Write Command
Recap
Hosts
Air Handling
Technical Proposal
Scuzzy and SATA
Questions
Raw Encrypted Data
Taught by
USENIX
