2019 Storage Developer Conference. © Intel Corporation. All Rights Reserved. 1

Data-At-Rest Protection at Data Center Scale with NVMeand Opal

Andrzej JakowskiAdrian PearsonIntel Corporation

2019 Storage Developer Conference. © Intel Corporation. All Rights Reserved. 2

Legal Disclaimer

All information provided here is subject to change without notice. Contact your Intel representative to obtain the latest Intel product specifications and roadmaps.

The products described in this document may contain design defects or errors known as errata which may cause the product to deviate from published specifications. Current characterized errata are available on request.

Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No computer system can be absolutely secure. Check with your system manufacturer or retailer or learn more atintel.com.

Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

Software and workloads used in performance tests may have been optimized for performance only on Intel microprocessors. Performance tests, such as SYSmark and MobileMark, are measured using specific computer systems, components, software, operations and functions. Any change to any of those factors may cause the results to vary. You should consult other information and performance tests to assist you in fully evaluating your contemplated purchases, including the performance of that product when combined with other products. For more complete information visit www.intel.com/benchmarks.

Cost reduction scenarios described are intended as examples of how a given Intel-based product, in the specified circumstances and configurations, may affect future costs and provide cost savings. Circumstances will vary. Intel does not guarantee any costs or cost reduction.

Intel does not control or audit third-party data. You should review this content, consult other sources, and confirm whether referenced data are accurate.

Intel, the Intel logo, and other marks are trademarks of Intel Corporation in the U.S. and/or other countries.

© Intel Corporation.

Other names and brands may be claimed as the property of others.

2019 Storage Developer Conference. © Intel Corporation. All Rights Reserved. 3

Agenda

Motivations for Data-At-Rest Security TCG Opal family for SEDs Sedcli – new open source utility for SED

management for data center scale (and client) Sedcli roadmap Call to action

2019 Storage Developer Conference. © Intel Corporation. All Rights Reserved. 4

Motivations for Data-at-Rest security

Data breaches continue to grow in scale and cost to organizations

Governments are responding by developing new regulations such as the EU GDPR and Lot 9 requirements

Provisions in these laws discuss topics such as user data rights for data retention, access control, knowledge of who has access to data, etc

GDPR, in particular, mentions encryption as a path to potential mitigation in the event of data breach.

Lot 9 requires Secure Data Deletion

https://securityintelligence.com/posts/whats-new-in-the-2019-cost-of-a-data-breach-report/

2019 Storage Developer Conference. © Intel Corporation. All Rights Reserved. 5

Motivations for Data-at-Rest security

All user data, regardless of wear leveling, is encrypted as of the first LBA write to the drive

Data erasure using drive commands ensures erasure of all data – regardless of wear leveling

SW-FDE does not provide these guarantees

Increasingly, SED’s are deployed to ensure “last mile” compliance and ensure that physical theft does not cause a data breach

SW FDE vs. SED

All Data

Drive Overprovisioning

SED

All encryptedUser DataSW FDE

May be encrypted, depending on time of activation of SW FDECannot be directly erased through overwrite by the host

2019 Storage Developer Conference. © Intel Corporation. All Rights Reserved. 6

Appliance

Where encryption is done?

Encryption can be done on different levels. Factors to consider: Protection against threat Performance impact Regulations Impact on other processes:

Encrypted data may not be compressible

Compute

Network

Application

SED Drive (SSD)

HBA, HW RAID

Network switch

Encryption NIC

SW encryption

2019 Storage Developer Conference. © Intel Corporation. All Rights Reserved. 7

SW encryption versus on-disk encryption SW encryption: Intel® Advanced Encryption

Standard New Instructions (Intel® AES-NI) provide near full bandwidth crypto for SW FDE for large transfers However, software overhead

remains, adding extra latency –especially for 4K transfers

On disk encryption: SED AES performance provides

low latency and bandwidth at interface speeds for all transfer sizes

-

100,000

200,000

300,000

400,000

500,000

600,000

1 2 4 8 16 32

IOPS

Queue depth

SW encryption vs on-disk encryption(4KiB Random Read, 2 Threads)

SW encryption On-disk encryption

Source: Intel. System Configuration: Intel ® Xeon Platinum 8200L CPU @ 2.70GHz, DRAM 4GB, Intel DC P4800X 800GB SSD, Debian (Linux 4.9.0-11-amd64 x86_64) with and without SW encryption using LUKS. Results have been estimated based on internal Intel analysis and are provided for informational purposes only. Any difference in system hardware or software design or configuration may affect actual performance. For more complete information about performance and benchmark results, visit www.intel.com/benchmarks Performance results are based on testing as of 9/17/2019 and may not reflect all publicly available security updates. See configuration disclosure for details. No product or component can be absolutely secure

Difference in IO efficiency

2019 Storage Developer Conference. © Intel Corporation. All Rights Reserved. 8

Key management in Opal

KDF

Authentication Key (PIN)

Encrypted MEK(K_AES Table)

Decrypt KEK

HardwareAES Engine

MEK

Ciphertext Plaintext

SED SATA/NVMeinterface

Regular IO

Security Send/Security Receive path

2019 Storage Developer Conference. © Intel Corporation. All Rights Reserved. 9

Client usages and data center usages are different

Client: Usually requires user to supply key (password) to the disk Pre-Boot-Authentication via Shadow MBR

Data center: Need for automated key management during initial provision

and auto unlock on day-to-day operation due to the scale Need for periodic key rotation Need for key backup

2019 Storage Developer Conference. © Intel Corporation. All Rights Reserved. 10

Shift to NVMe and the need for new SW tooling

Host

- data path- key management path

Host

HBA/HW RAIDTCG enterprise

App (e,gdatabase)

Mgmt SW(e.g. RAID)

RAID Mgmt SW

KMIP client

Opal mgmt SW

- Needed “glue” code

HostRAID Mgmt SW

e.g. TPM SW

Opal mgmt SW Security chip (e.g TPM)

Local key management w/ security chip assist

Centralized key management w/ dedicated appliance

App (e,gdatabase)

App (e,gdatabase)

Direct attached NVMe SSD w/TCG Opal

Direct attached NVMe SSD w/TCG Opal

2019 Storage Developer Conference. © Intel Corporation. All Rights Reserved. 11

Sedcli SW proposalSupport for data center usages: Auto-provision on hot insert or OS

boot Auto-unlock on hot insert or OS

boot Support for multiple key managers

(OASIS KMIP, TPM) Key backup functionalityKey SW components: Sedcli – modular architecture

allowing multiple key managers: OASIS KMIP TPM

Libsed - enables extensions

libsed

sedcli

TPM SW stack

KMIP client lib

KMIP plugin TPM pluginFile plugin …

Backup

Key management Disk management

Source code available on https://github.com/sedcli

2019 Storage Developer Conference. © Intel Corporation. All Rights Reserved. 12

Envisioned data center auto-provision flowServer

sedcli

Admin/operator

1. Disk hot-inserted or server booted

2. Platform key (PEK) created or obtained from KMS

4. DEK used to provision NVMe SSD, wrapped disk key stored in Opal datastore

3. Disk key (DEK) created on server and wrapped using PEK

2019 Storage Developer Conference. © Intel Corporation. All Rights Reserved. 13

Envisioned data center auto-unlock flowServer

sedcli

Admin/operator

1. Disk hot-inserted or server rebooted

2. PEK obtained from KMS

3. Wrapped DEK read from Opal data store

4. DEK unwrapped w/ PEK

5. Disk unlocked w/ DEK

2019 Storage Developer Conference. © Intel Corporation. All Rights Reserved. 14

Sedcli status and next steps

sedcli v1.0September 2019

sedcli v2.02019/2020

sedcli v3.0

Data center usages (KMS):• OASIS KMIP key manager• Auto initial provision• Auto unlock• Key backup

Client usages:• Initial provision• Explicit locking and

unlocking• Changing key for

Admin1• Revert TPER

sedcli v2.5Late 2020

Data center usages (TPM):• TPM 2.0 based key

manager• Auto initial provision• Auto unlock• Key backup

Support for emerging DAR security standards such as NVMe/TCG Key Per IO

2019 Storage Developer Conference. © Intel Corporation. All Rights Reserved. 15

Call to action

Encourage usage and contributions to https://github.com/sedcli

Provide feedback/additional usage models Reach out to us to learn more