In defense of data

Today’s secure storage technologies help deliver mission-critical information in the hands of awaiting defense and aerospace personnel, while maintaining various levels of data security.

BY Courtney E. Howard

Battles increasingly are fought with information—with bits and bytes, rather than with bullets. Competitive advantages are gained by the abilities not only to tap into the stored data of adversaries, but also to protect and defend one’s own data storage. In this new kind of information warfare, offensive tactics most often are classified, yet defensive approaches are the subject of much discussion, debate, and attention.

Data at rest

Defense and aerospace organizations must secure data in transit (DIT), that which is being transmitted or communicated, and data at rest (DAR), which is being stored. “Protecting classified data at rest is a complex issue,” admits Shubhagat Gangopadhyay, director of business development at Curtiss-Wright Controls Embedded Computing in Ashburn, Va.

“Broadly speaking, there are really two ways to secure data storage: by removing the memory from its unsecure environment [where it is being used] to a secure location [such as under lock and key] or encrypting the data such that risk of compromise is vanishingly zero,” Gangopadhyay continues. “In situations where there are potentially hundreds of memory devices to be managed (e.g., a tactical deployment by the Army), the burden of physically securing every bit of unencrypted classified data is logistically cumbersome, thus increasing the risk of compromise.”

Encryption of data in transit has been around for decades, but the application of encryption technology for DAR is relatively new and “brought on by huge capacities that can no longer be destroyed or wiped in a timely manner,” notes Thomas Bohman, senior product manager at Curtiss-Wright Controls Electronic Systems in Santa Clarita, Calif.

“In the past year, there has been a significant increase in demand for mil-aero systems with data storage encryption, as well as rugged, high-speed, high-capacity characteristics,” Bohman adds. “With encryption, only the small key and authentication data needs to be purged to render the data useless to adversaries that capture the storage device.”

Lockheed Martin Aeronautics selected Curtiss-Wright’s Vortex Compact Network Storage (CNS) subsystems for the C-130J Super Hercules airlifter program.

Encryption explained

Developing and certifying the technology and policies for encryption of U.S. Department of Defense (DOD) classified data is managed by the National Security Agency (NSA), Gangopadhyay explains. The NSA National Information Assurance Glossary, defines and certifies four levels of encryption products and keys: Types 1 through 4. Type 1 product is defined as: “cryptographic equipment, assembly, or component classified or certified by NSA for encrypting and decrypting classified and sensitive national security information when appropriately keyed; developed using established NSA business processes and containing NSA-approved algorithms; and used to protect systems requiring the most stringent protection mechanisms.”

“For large deployments, the cost of such encrypted devices makes it cost-prohibitive,” Gangopadhyay laments. “Additionally, the certification process can be quite long, sometimes resulting in the underlying technol- ogy becoming obsolete prior to the completion of certification.” Type 1 certification is considered a rigorous process in which myriad elements—cryptographic security, functional security, tamper resistance, emissions security (EMSEC/TEMPEST), and security of product manufacturing and distribution processes—are tested and formally analyzed.

NSA officials also define two suites of security algorithms: Suite A and Suite B. Suite A encryption, used for highly sensitive, national-security information, refers to “a specific set of classified cryptographic algorithms used for the protection of some categories of restricted mission-critical information,” according to the National Information Assurance Glossary. Suite B, applied to a majority of data and devices, is “a specific set of cryptographic algorithms suitable for protecting classified and unclassified national-security systems and information throughout the U.S. government and to support interoperability with allies and coalition partners.”

Security guidelines, procedures, and certifications help secure stored data and information at various classification levels. Yet, the growing implementation of commercial off-the-shelf (COTS) devices and systems in mil-aero applications is exacerbating the secure data storage challenge.

COTS conundrum

Defense organizations are increasing ly adopting COTS solutions, such as computer tablets, which is driving the need for a layered approach to securing stored information.

“In the current environment of DOD fiscal austerity, and for devices where technology is experiencing rapid technological change, such as solid-state memory, we see a trend toward using commercial solutions for tactical classified data,” Gangopadhyay says, “especially if the data gets stale in a relatively short time and the encryption technology is based on Suite B cryptography. By using a layered approach toward securing the memory, such technologies can be used for data up to Secret.”

“In the commercial world, several schemes have been developed and are available to meet data security requirements,” Gangopadhyay says. Seagate Technology in Cupertino, Calif., offers several lines of self- encrypting hard drives, for example.

The general trend is that for high-volume and lower-level security needs, techniques based on commercial technology are deemed “good enough,” Gangopadhyay explains. For applications on aircraft or spacecraft, where there is a threat of falling into an enemy’s territory or the data is of high value, more robust techniques will be used. “Therefore, the trend going forward is to split the data storage security into two realms: the lower level based on commercial solutions but with certain additional augmentations, and a higher level.

“The ‘good enough’ solution for securing classified data is an interesting challenge,” Gangopadhyay admits. The encryption part is often straightforward, given that most commercial solutions use a SATA controller with built-in AES-256 (256-bit Advanced Encryption Standard). “The real work is to figure out the key management aspect of deployment, including authentication and key recovery—features that are not always available in a commercial solution. The other part is to put in one or more additional layers of security beyond what is available commercially, making the solution suitable for data up to the Secret level.”

Solving security challenges

The increased use of COTS devices capable of information storage in mil-aero applications and environments has driven the need for increased security considerations and measures. In response to this need, officials at the NSA/CSS (Central Security Service) launched the NSA/CSS Commercial Solutions Center (NCSC). The NCSC is designed to address “the strategic needs of the NSA/CSS and the national security community by harnessing the power of U.S. commercial technology."

Concurrently, officials at the National Institute of Standards & Technology (NIST) Computer Security Division manage “the certification of solutions for securing less sensitive data via the Federal Information Processing Standards (FIPS) certification process,” Gangopadhyay says.

Four major defense and aerospace programs have adopted data-at-rest products from Curtiss-Wright Controls Electronic Systems. Among them are the company’s 3U VPX Flash Storage Module and half-ATR Compact Network Storage (CNS) rugged file server for airborne and ground vehicle DAR applications. “Critical to these programs was the NIST FIPS 140-2 certified encryption technology,” Bohman explains.

“Devices such as tablets and tactically deployed computers in Army vehicles, which will be enormous in number, can use [FIPS] techniques. For handling data at a classification beyond Secret or that needs to be secured for a longer time, Type 1 methods will continue to be used.”

Curtiss-Wright’s CNS is incorporated in the avionics on C-130J aircraft.

Airborne applications

Lockheed Martin Aeronautics personnel in Marietta, Ga., have selected Vortex Compact Network Storage (CNS) subsystems from Curtiss-Wright Controls for the C-130J Super Hercules airlifter program. The initial order, placed last month, is valued at $800,000, with a potential lifetime contract value of roughly $7.5 million.

Curtiss-Wright’s Vortex CNS will serve as the network file server in the U.S. Air Force Air Combat Command’s MC-130J special mission aircraft, as well as the Air Force Special Operations Command’s HC-130J personnel recovery aircraft. The new HC/MC-130J Super Hercules extended-range transport aircraft are designed for special missions, including search and rescue (SAR) and combat search and rescue (CSAR).

The rugged, conduction-cooled Vortex CNS network attached storage device enables critical data to be shared over the aircraft’s internal network. The solution, designed to optimize file sharing in military platforms deployed in harsh environments, stores data securely on solid- state memory encrypted with the AES-256 algorithm. Staff at Curtiss-Wright Controls Electronic Systems are designing the CNS in Dayton, Ohio, and manufacturing the subsystems in Littleton, Mass.

Expense at issue

“In today’s environment of defense budget cuts, we see a trend to lower security requirements,” Gangopadhyay relays. “Further, not many low-cost solutions for data storage security will also satisfy DOD needs.

“The situation is temporary and, in the longer term as more ‘good enough’ solutions are developed, every data storage device—even for unclassified data—will be secured via encryption,” Gangopadhyay continues. Already, in the unclassified laptops of military and DOD contract personnel, as well as those of some commercial companies, the hard drives are software-encrypted to protect sensitive data.

As encryption technology is increasingly applied to data-at-rest protection problems, new, better, and faster products will emerge, predicts Bohman. “As important, the market will become more educated on all the issues involved and, hence, make better decisions about the cryptographic characteristics required to protect sensitive information from compromise, and not interfere with the performance of the mission.”

Curtiss-Wright’s XMC/PMC-552 is an example of a high-performance security encrypted solid-state drive for rugged military applications.

In the cloud

With military organizations under pressure to do more with less, secure data storage in cloud computing is becoming more and more popular, says Pete Stoneberg, deputy chief information officer, Government Cloud, RightNow Technologies in Bozeman, Mont. (Oracle Corp. in Santa Clara, Calif., is acquiring RightNow Technologies.)

“Cloud-based knowledge management systems not only reduce costs for the Department of Defense at a time when they are experiencing severe budget cuts, but they ensure consistency of information, increase uptime and system availability, and enable shorter implementation times and exceptional scalability,” Stoneberg continues. “For military organizations, meeting security requirements and accreditation standards are essential to providing usable information storage solutions.”

RightNow’s defense-ready hosting capabilities conform to DOD security requirements, enabling the DOD to reap the cost-saving benefits of a secure cloud, says Stoneberg. The RightNow Secure Government Cloud uses the DOD Information Technology Security Certification and Accreditation Process and the DOD Information Assurance Certification and Accreditation Process to ensure compliance with DOD Instruction 8500.2 and U.S. Federal security standard Federal Information Security Management Act (FISMA) NIST 800-53.

U.S. Air Force Personnel Center (AFPC) managers sought to improve the accessibility and consistency, while maintaining the security, of personnel information for members of the Air Force. AFPC officials found their solution at RightNow Technologies, employing multiple components of the RightNow CX suite. They also converted from an on-premise solution to a hosted, Software as a Service (SaaS) model using RightNow’s secure Department of Defense Cloud.

“For the more than 1.5 million active-duty military personnel serving overseas, defending our nation is a 24/7 job. To serve these customers, the DOD will increasingly need to implement multi-channel contact center and Web self-service solutions that allow warfighters to promptly access accurate information at any time from anywhere in the world,” Stoneberg explains. “We see secure software solutions becoming more prevalent for federal government and military agencies alike.”

RightNow CX replaced AFPC’s previous case and knowledge management systems, described as old, outmoded, and poorly integrated. The initial priority was to create a secure Web environment with a user-friendly interface. Recent and significant staff reductions also drove the need for a more efficient system.

“Given the lack of functional personnel in the field due to recent reductions, we needed to get more efficient, and the Web quickly became a critical component in our strategy,” says Captain Michelle Richards, AFPC customer relationship management operations chief. The AFPC, using RightNow CX, reduced the average customer inquiry time from 20 minutes to two minutes, while increasing utilization of the Web knowledge base from 180,000 to 2 million hits per week. The system modernization enables Air Force personnel to dedicate more time to accomplishing missions, rather than spending time hunting for personnel data or performing in-person personnel actions.

Security without sacrifice

Performance is paramount in defense and aerospace applications, and as important as security. Mil-aero personnel, applications, and budgets increasingly require robust systems that meet strict size, weight, power, and cost (SWaP-C) limitations. Robert Day, vice president of marketing at LynuxWorks Inc. in Santa Barbara, Calif., sees “more consolidation, more security requirements, more mobile devices, and more multi-use systems using more standard hardware and software solutions to reduce costs and increase performance.” LynuxWorks offers its LynxSecure Type 1 embedded hypervisor and separation kernel, to enable this next generation of system without compromising performance or security.

“Taking advantage of modern multi-core hardware with secure virtualization, like LynxSecure, allows tactical systems to consolidate from multiple physical systems to multiple secure virtual systems,” Day explains. It saves size, weight, and power for deployed systems without compromising security, as well as allows for the redeployment of multiple legacy software systems onto new hardware platforms without compromising security.

Day sees the requirement to use “standard” hardware and operating systems in tactical deployments, such as Google Android-based smartphones on the battlefield and Microsoft Windows- and Linux-based systems on standard laptop or desktop systems. “Using secure virtualization, commodity hardware and software solutions can be used, but with protection for both sensitive data and applications, as they can be isolated from one another.”

Consolidation and COTS adoption, as well the growing use of encryption to protect data stored on mobile computers, are all recent trends that call for “extra security without compromising on the performance or usability of systems,” Day affirms. Secure information storage challenges typically associated with legacy systems, the use of commercial systems, and the hosting data and personnel having different security levels and clearances on a single system can be met by using high-performance, secure software virtualization combined with modern multi-core hardware, he continues.

Engineers at LynuxWorks and Wave Systems in Lee, Mass., are collaborating on the use of self-encrypting drives (SEDs) with the LynxSecure separation kernel and hypervisor for running multiple operating systems simultaneously on a single endpoint. The solution links individual encrypted disk bands to different secure virtual domains provided by LynxSecure running on a single device.

Portable and mobile

The use of portable and mobile endpoints increase the risk of data compromise; yet, the collaborative use of SEDs and secure virtualization on an endpoint offers protection, says a LynuxWorks representative. “SEDs are a better option than traditional software encryption for protecting data when using virtualization on an endpoint, given that the encryption is ‘built in’ to the drive itself. Multi-banded SEDs feature separate bands on the disk, with each band separately encrypted for storing data with separate levels of security or sensitivity on a single system.”

An end-point device linked to secure virtualization enables multiple virtual machines on a single physical machine, enabling different operating systems and applications to run simultaneously. “Each OS and application set is held in its own secure partition, and the data for each is protected using encrypted drive bands with different encryption keys per partition,” Day explains. “This provides a true secure multi-use/multi-security level system housed in an industry standard endpoint.”

“The LynxSecure separation kernel and hypervisor is helping to bring new levels of protection to sensitive data held on portable endpoint devices,” says Robert Thibadeau, chief scientist/senior vice president at Wave.

The secure data storage needs of mil-aero organizations and end users are unlikely to subside as time wears on; rather, professionals will likely require greater access to data at an increasingly rapid pace on more robust, compact systems. Mil-aero technology firms are luckily working to deliver on future needs and demands.


COMPANY INFO

Aitech Defense Systems

www.rugged.com
Barracuda Networks
barracudanetworks.com
Cavium Networks
www.caviumnetworks.com
Crystal Group
www.crystalrugged.com
Conduant
www.conduant.com
Curtiss-Wright Controls Electronic Systems
cwcelectronicsystems.com
Curtiss-Wright Controls Embedded Computing
www.cwcembedded.com
DRS Technologies
www.drs.com
Elma Electronic
www.elmasystems.com
Emphase
www.emphase.com
Extreme Engineering Solutions (X-ES)
www.x-es.com
Galaxy Data Storage Inc.
www.galaxystor.com
General Micro Systems
www.gms4sbc.com
Germane Systems
www.germane.com
Green Hills Software
www.ghs.com
Kontron
www.us.kontron.com
Targa Systems
www.targasystems.com
LynuxWorks
www.lynuxworks.com
Nexsan
www.nexsan.com
Phoenix International
www.phenxint.com
RightNow Technologies
www.rightnow.com
SANBlaze Technology
www.sanblaze.com
Themis Computer
www.themis.com
Vanguard Rugged Storage
www.vanguard-rugged.com
VersaLogic Corp.
www.versalogic.com
Western Digital
www.wdc.com
Wind River
www.windriver.com

More Military & Aerospace Electronics Current Issue Articles
More Military & Aerospace Electronics Archives Issue Articles



Easily post a comment below using your Linkedin, Twitter, Google or Facebook account.


The Innovation That Matters™ Quiz

Innovation is one of the key drivers in the Defense industry. View this short video of Leon Woo, VP of Engineering at Mercury Systems, on the role of innovation. Then, answer 3 simple questions correctly to be entered into a drawing to win an Eddie Bauer fleece jacket!

CONGRATULATIONS TO OUR TWO MOST RECENT WINNERS. "Nick from SPARWAR" and "Bridget from AOC."


Featured Slideshow

Evolution of the American soldier

The American soldier has come a long way since the beginning of the Republic 237 years ago. While uniforms for early soldiers were based on cost and utility, soldiers' clothing eventually considered ballistic protection, increasing storage space, protection from poison gas and other contaminants.

Related Products

RR2P Removable Canister RAID System

Transportable data storage for mobile field use aboard planes, ships and ground transport. 2U, du...

API DC Link Power Film Capacitors

High reliability DC link capacitors for power inverter applications which require superior life e...

XPort9200 Conduction- or Air-Cooled 12-Channel High-Speed CAN Bus XMC or PMC

The XPort9200 is a conduction- or air-cooled 12-channel CAN bus XMC or PMC module. Each high-spee...

Related Companies

Winchester Systems Inc

At its founding in 1981, Winchester Systems introduced its first 5 MB disk system for Intel development system users....

API Technologies Corp

Who We Are API Technologies is a dominant technology provider of RF/microwave, microelectronics, and security technol...

Extreme Engineering Solutions Inc (X-ES)

 Extreme Engineering Solutions, Inc. (X-ES) is a leader in the design, manufacture, and support of standard and ...

Most Popular Articles

Webcasts

On Demand Webcasts

Engineering the VPX high-speed data path for physical and signal integrity

Join Arrow Electronics and TE Connectivity, for an overview webinar of the standards, technologies and trends involving VITA and TE.

Design Strategy Considerations for DO-178C Certified Multi-core Systems

Join Wind River to learn how system architecture and design choices can minimize your DO-178C certification challenges.

Sponsored by:

Flying, Sailing or Driving - The Rugged, Embedded Intel-based Server that goes where you need it!Flying Sailing or Driving

Leveraging the power of server-class processors is no longer relegated to the confines of data centers. Through several innovations, Mercury Systems has ruggedized Intel’s server-class chips for deployment. ...
Sponsored by:

social activity

All Access Sponsors


Mil & Aero Magazine

February 2014
Volume 25, Issue 2
file

Download Our Apps



iPhone

iPad

Android

Follow Us On...



Newsletters

Military & Aerospace Electronics

Weekly newsletter covering technical content, breaking news and product information
SUBSCRIBE

Defense Executive

Monthly newsletter covering business news and strategic insights for executive managers
SUBSCRIBE

Embedded Computing Report

Monthly newsletter covering news on embedded computing in aerospace, defense and industrial-rugged applications
SUBSCRIBE

Unmanned Vehicles

Monthly newsletter covering news updates for designers of unmanned vehicles
SUBSCRIBE