《SNIA-SDC23-Hibbard-Key-Per-IO.pdf》由会员分享,可在线阅读,更多相关《SNIA-SDC23-Hibbard-Key-Per-IO.pdf(23页珍藏版)》请在三个皮匠报告上搜索。
1、1|2023 SNIA.All Rights Reserved.Virtual ConferenceSeptember 28-29,2021How to use an Encryption Key per I/OEric Hibbard,CISSP,FIP,CISASamsung Semiconductor,Inc.Presented by2|2023 SNIA.All Rights Reserved.Key per I/O(KPIO)IntroSection Subtitle3|2023 SNIA.All Rights Reserved.Basic Data At Rest Protecti
2、on Model:Properties:Encrypt all user accessible data all the time,at interface speedsKeys generated&stored in NVM by the storage deviceMedia Encryption Key(MEK)associated with contiguous LBA ranges or NamespacesOpal/Enterprise SSC*deliver passwords to drive in the clear(when not using Trusted Comput
3、ing Group(TCG)*-Secure Messaging)Background on Self Encrypting Drives(SEDs)*Other names and brands may be claimed as the property of others.4|2023 SNIA.All Rights Reserved.Key Per I/OFine-grain data at rest encryption using storage devices(SSDs)Encryption engine in the storage deviceKey management c
4、ontrolled by the hostAlignment with OASIS Key Management Interoperability Protocol(KMIP)Version 2.xSpecificationIndustry Standard BodyStatusNVMe TP4055NVM ExpressRatifiedTCG Key Per I/O SSC v1.00TCGPublishedTCG Key Per I/O Application Note v1.00TCGIn Public ReviewTCG SIIS v1.11TCGPublishedTCG Key Pe
5、r I/O Test CasesTCGUnder Development5|2023 SNIA.All Rights Reserved.Key Per I/O Technology OverviewEnables Storage Devices(SDs)support of Host-Managed(i.e.,Customer-managed)Storage Encryption Use Cases.Hosts no longer need to encrypt-at-compute with host/customer supplied encryption keys.They can no
6、w parallelize encryption across SDs with host-supplied Media Encryption Keys(MEKs)to increase storage systems performance&bandwidth.Encrypted MEKs are injected into Self Encrypting Drive(SED)s key cache and assigned a“Key Tag”by host software.Subsequent I/O can use the“Key Tag”to identify the MEK to
7、 encrypt/decrypt data to/from the SD in a non-contiguous fashion.MEKs are encrypted(wrapped)by a Key Encryption Key(KEK).KEKs may be supplied encrypted via RSA-based Key Wrapping.MEKs are not stored in the NVM of the drive and are lost on power loss.Cryptographic erase is done by deleting the MEK fr
8、om the Key Manager and the SSDs key cache or by sanitizing entire SD.NVM Subsystem/NVMe SSDController ASICAES-XTSObject AObject BObject CDataAES-KWKEKKey ManagereMEKWrapped Key6|2023 SNIA.All Rights Reserved.Key Per I/O-Aware Host Management ApplicationKey Per I/O-Aware Host I/O ManagerHosts Storage
9、 Front EndStorage DeviceNVMe User Data PathNVMe SecuritySend/ReceiveKMIPKey Per I/OSecurityProviderKey Cache&Encryption SubsystemNVMe NSKMIPInject KeysREAD/WRITE(Data,NS,Key Tag)MEK Load SyncVM1/CN1VM2/CN2VM3/CN3READ/WRITE(Data,NS,Key Tag)Tenant 1Tenant 2Tenant 3KMIPKey Management Service7|2023 SNIA
10、.All Rights Reserved.Using Key Per I/O(KPIO)Section Subtitle8|2023 SNIA.All Rights Reserved.Setting up KPIO(one time setup):Capabilities Discovery NVMe Device Identify Discovery Identify ControllerKey Per I/O Capabilities fieldKey Per I/O Supported(KPIOS)bitKey Per I/O Scope(KPIOSC)bitIdentify Names
11、paceKey Per I/O Status fieldKey Per I/O Supported in Namespace(KPIONS)bitKey Per I/O Enabled in Namespace(KPIOENS)bitMaximum Key Tag(MAXKT)fieldKey Per I/O Data Access Alignment and Granularity(KPIODAAG)field TCG Discovery(via NVMe Security Receive)Feature Level0 DiscoveryKey Per I/O Security Protoc
12、ols&ComIDsSecurity properties for secure encryption key transport(RSA-OAEP wrapping,AES-GCM wrapping,etc.)Number of Key Tags Supported(Globally vs Per-Namespace)Maximum Supported Key Unique Identifier for Encryption KeysEtcNamespace Level0 Discovery Managed By Key Per I/O bitNumber of Allocated Key
13、Tags9|2023 SNIA.All Rights Reserved.Setting up KPIO(One Time Setup):Enabling KPIOSupported ComIDs for KPIO,Supported Optional Features,Supported Encryption Keys Transportation Security Algorithms,Encryption Key sizes,etcKPIO Feature DescriptorHOSTSDNVMe Identify Controller.KPIO Capabilites.IsKPIOSup
14、ported?IsKPIOSupported ResultNVMe Security Send/Receive TCG Host/TPer Communication Properties SyncStatusNVMe Security Receive TCG KPIO Level0 DiscoveryNVMe Security Send/Receive TCG Take Ownership of Key Per I/O SEDStatusNVMe Security Send/Receive TCG Activate Key Per I/OStatusNOTE:Exact command to
15、kenization details can be found in the TCG Key Per I/O Application Note10|2023 SNIA.All Rights Reserved.Setting up KPIO(One Time Setup):Enabling KPIOSupported ComIDs for KPIO,Supported Optional Features,Supported Encryption Keys Transportation Security Algorithms,Encryption Key sizes,etcKPIO Feature
16、 DescriptorHOSTSDNVMe Identify Controller.KPIO Capabilites.IsKPIOSupported?IsKPIOSupported ResultNVMe Security Send/Receive TCG Host/TPer Communication Properties SyncStatusNVMe Security Receive TCG KPIO Level0 DiscoveryNVMe Security Send/Receive TCG Take Ownership of Key Per I/O SEDStatusNVMe Secur
17、ity Send/Receive TCG Activate Key Per I/OStatusNOTE:Exact command tokenization details can be found in the TCG Key Per I/O Application NoteNOTE:Transitioning MEKs ownership to the host implies loss of SD-generated MEKs for namespaces managed by Key Per I/O(SD-generated MEKs are retained for namespac
18、es not managed by Key Per I/O).SDs Volatile Key Cache/Table State On Cmd Completion if KPIO SCOPE is all of the NVM Subsystem(Example)NSID0KeyTag0EMPTYNSID1KeyTag0EMPTYNSID1KeyTag1EMPTY.NSIDNNKeyTagMEMPTYSDs Volatile Key Cache/Table State On Cmd Completion if KPIO SCOPE is per Namespace(Example)NSID
19、0N/ASDs Factory Key0NSID1N/A.NSIDNNN/ASDs Factory Key1SDs Factory KeyNN11|2023 SNIA.All Rights Reserved.Setting up KPIO(One Time Setup):Configuring KPIO Update Admin Credentials from defaults Configure Key Per I/O Policies Table(e.g.,enable Replay Protection,enable RSA Wrapped KEKs,Disable Plaintext
20、 KEKs,etc.)Configure Key Tag Allocation Table(e.g.,allocate Number of Key tags for each KPIO namespace,enable additional namespaces for KPIO,etc.)HOSTSDNVMe Security Send/Receive TCG SET Configure Key Per I/O Security Provider NOTE:Exact command tokenization details can be found in the TCG Key Per I
21、/O Application NoteStatus12|2023 SNIA.All Rights Reserved.Host Management of the SDs Key Cache:Initial Loading of KEKs&MEKs Batch all KEKs&MEKs in a single KMIP message to the driveHOSTSDNVMe Security Send/Receive TCG GET KPIO Public Key Certificate NOTE:Exact command tokenization details can be fou
22、nd in the TCG Key Per I/O Application NoteStatusNVMe Security Send/Receive TCG KMIP IMPORT Keys StatusNVMe Security Send/Receive TCG SET Specify Allowed Key Encryption Keys UIDs for the KPIO Managed Namespace GET KEK Key UID,Key Wrapping Specification(Encrypt with KPIO Public Key)GET MEK Key UID,Key
23、 Wrapping Specification(Encrypt with KEK(Key UID)StatusGET Keys UIDs from KeyUIDs Key Store13|2023 SNIA.All Rights Reserved.Host Management of the SDs Key Cache:Initial Loading of KEKs&MEKs Batch all KEKs&MEKs in a single KMIP message to the driveHOSTSDNVMe Security Send/Receive TCG GET KPIO Public
24、Key Certificate NOTE:Exact command tokenization details can be found in the TCG Key Per I/O Application NoteStatusNVMe Security Send/Receive TCG KMIP IMPORT Keys StatusNVMe Security Send/Receive TCG SET Specify Allowed Key Encryption Keys UIDs for the KPIO Managed Namespace GET KEK Key UID,Key Wrapp
25、ing Specification(Encrypt with KPIO Public Key)GET MEK Key UID,Key Wrapping Specification(Encrypt with KEK(Key UID)StatusGET Keys UIDs from KeyUIDs Key StoreKPIOs KMIP BATCH ITEM FORMATKPIOs Key Type-Related Attributes(e.g.,NSID,Key Tag,TCG UIDs,etc.)14|2023 SNIA.All Rights Reserved.Host Management
26、of the SDs Key Cache:Initial Loading of KEKs&MEKs Batch all KEKs&MEKs in a single KMIP message to the driveHOSTSDNVMe Security Send/Receive TCG GET KPIO Public Key Certificate NOTE:Exact command tokenization details can be found in the TCG Key Per I/O Application NoteStatusNVMe Security Send/Receive
27、 TCG KMIP IMPORT Keys StatusNVMe Security Send/Receive TCG SET Specify Allowed Key Encryption Keys UIDs for the KPIO Managed Namespace GET KEK Key UID,Key Wrapping Specification(Encrypt with KPIO Public Key)GET MEK Key UID,Key Wrapping Specification(Encrypt with KEK(Key UID)StatusGET Keys UIDs from
28、KeyUIDs Key StoreKPIOs KMIP BATCH ITEM FORMATKPIOs Key Type-Related Attributes(e.g.,NSID,Key Tag,TCG UIDs,etc.)Authenticate&Unwrap,Extract Keys and their attributes,Load Key CacheSDs Volatile Key Cache/Table State On Cmd Completion(Example)NSID0KeyTag0Key 0NSID1KeyTag0Key 2NSID1KeyTag1Key 3.NSIDNNKe
29、yTagMKey P15|2023 SNIA.All Rights Reserved.Host Management of the SDs Key Cache:Selecting MEKs to Use During I/ONVMe TP4055 defines new KPIO-related Command Extension Type(CETYPE)in DWORD12 and Command Extension Value(CEV)in DWORD13 fields for all read and write I/O commands to indicate to the Stora
30、ge Device:Key Tag Presence(CETYPE!=0).Key Tag Value(CEV=KEYTAG)associated with MEK to be used for encryption or decryption of data in that I/O command.16|2023 SNIA.All Rights Reserved.Host Management of the SDs Key Cache:Selecting MEKs to Use During I/ORead/Write IO Example:Key Lookup SDs Volatile K
31、ey Cache/Table At RuntimeHOSTSDNVMe I/O QueueWrite(NSID1,Data,DWORD12 19:16=1,DWORD1315:00=KeyTag1)Write(NSID1,Data,DWORD12 19:16=1,DWORD1315:00=KeyTag2)Write(NSID0,Data,DWORD12 19:16=1,DWORD1315:00=KeyTag0)Read(NSID0,Data,DWORD12 19:16=1,DWORD1315:00=KeyTag0)NSID0KeyTag0Key 0NSID1KeyTag0Key 2NSID1K
32、eyTag1Key 3.NSIDNNKeyTagMKey PStatus 3rd command fails with Invalid Key Tag Error CodeAES-XTSUser DataUser DataUser DataUser DataCiphertext User Data to/from NVMNVMPlaintext User Data17|2023 SNIA.All Rights Reserved.Host Management of the SDs Key Cache:Updating the Key Cache Batch all new MEKs in a
33、single KMIP message to the driveHOSTSDNOTE:Exact command tokenization details can be found in the TCG Key Per I/O Application NoteNVMe Security Send/Receive TCG KMIP IMPORT Keys StatusGET KEKs and MEKs UIDs from KeyUIDs Key StoreGET MEK Key UID,Key Wrapping Specification(Encrypt with previously inje
34、cted KEK(Key UID)SDs Volatile Key Cache/Table State On Init Key Cache LoadNSID0KeyTag0Key 0NSID1KeyTag0Key 2NSID1KeyTag1Key 3.NSIDNNKeyTagMKey PNOTE:Updating Key Cache does NOT clear data written by previous keys!New/Additional MEKs are loaded using previously established KEKs.SDs Volatile Key Cache
35、/Table State After NSID0 Keys UpdateNSID0KeyTag0Key 1NSID1KeyTag0Key 2NSID1KeyTag1Key 3.NSIDNNKeyTagMKey PKEY UPDATE18|2023 SNIA.All Rights Reserved.Host Management of the SDs Key Cache:Selecting new MEKs to Use During I/OKey Lookup Updated SDs Volatile Key Cache/Table At RuntimeHOSTSDNVMe I/O Queue
36、Write(NSID1,Data,DWORD12 19:16=1,DWORD1315:00=KeyTag1)Write(NSID1,Data,DWORD12 19:16=1,DWORD1315:00=KeyTag2)Write(NSID0,Data,DWORD12 19:16=1,DWORD1315:00=KeyTag0)Read(NSID0,Data,DWORD12 19:16=1,DWORD1315:00=KeyTag0)NSID0KeyTag0Key 1NSID1KeyTag0Key 2NSID1KeyTag1Key 3.NSIDNNKeyTagMKey PStatus 3rd comm
37、and fails with Invalid Key Tag Error CodeAES-XTSUser DataUser DataUser DataUser DataCiphertext User Data to/from NVMNVMPlaintext User DataData Protected By Key 1Old Data Protected By Key 0 19|2023 SNIA.All Rights Reserved.Host Management of the SDs Key Cache:Locking the Key Cache(All NSes vs.Per NS
38、Locking)HOSTSDNVMe Security Send/Receive TCG CLEAR ALL MEKs NOTE:Exact command tokenization details can be found in the TCG Key Per I/O Application NoteStatusNOTE:Clear All MEKs command on all KPIO-Managed NSes clears their Key Cache and does not affect data.NVMe Security Send/Receive TCG CLEAR SING
39、LE MEK NOTE:Clear Single MEK Command targets a single slot of the key cache for a particular NS.No impact to the data.StatusOR.SDs Volatile Key Cache/Table State After Clearing Single Key(Example)NSID0KeyTag0Key 1NSID1KeyTag0EMPTYNSID1KeyTag1Key 3.NSIDNNKeyTagMKey PSDs Volatile Key Cache/Table State
40、 After Clearing all KPIO Keys(Example)NSID0KeyTag0EMPTYNSID1KeyTag0EMPTYNSID1KeyTag1EMPTY.NSIDNNKeyTagMEMPTY20|2023 SNIA.All Rights Reserved.Disabling KPIOHOSTSDNVMe Security Send/Receive TCG REVERT to purge all keys from the drive&Deactivate Key Per I/O Usage NOTE:Exact command tokenization details
41、 can be found in the TCG Key Per I/O Application NoteStatusNOTE:Disable on all KPIO NSes.A successful REVERT execution makes host user data irretrievable even if the same keys are re-injected into the SD after re-enabling Key Per I/ONVMe Security Send/Receive TCG SET KeyTagAllocationTable to transit
42、ion management of namespace from KPIO NOTE:Disable Per KPIO NS(NSID0 for ex).A successful SET execution makes host user data irretrievable even if the same keys are re-injected into the SD after re-enabling Key Per I/OStatusORSDs Volatile Key Cache/Table State On Cmd Completion(Example)NSID0N/ASDs G
43、enerated Key0NSID1N/A.NSIDNNN/ASDs Generated Key1SDs Generated KeyNNSDs Volatile Key Cache/Table State On Cmd Completion(Example)NSID0N/ASDs Generated Key0NSID1KeyTag0Key 2NSID1KeyTag1Key 3.NSIDNNKeyTagMKey P21|2023 SNIA.All Rights Reserved.SummarySection Subtitle22|2023 SNIA.All Rights Reserved.Con
44、clusionsKey Per I/O enabled drives offer another encryption option at the drive levelExternal key management allows storage drives to support multiple tenants(VM and containers);may offer customer options for cloud implementationsDrives impose no limits on the number of MEKs used to protect data;hosts can use large numbers of MEKs(e.g.,a unique MEK for each user,file,etc.)23|2023 SNIA.All Rights Reserved.Please take a moment to rate this session.Your feedback is important to us.