Sensors span the battlefields, producing a wealth of mission-critical data that must be kept at once readily available and secure.
By Courtney E. Howard
Information, it has been said, is more powerful than military hardware. Indeed, no battle is fought without data. It is a prerequisite to virtually any military action, both on and off the battlefield. At perhaps no other time in history, however, has data been so prevalent and so critical.
Today’s battlefields are replete with advanced electronics–digital video cameras, sensors, electro-optics, and global positioning and geospatial intelligence systems, and more–all of which actively capture vast amounts of data.
The focus of the network-centric battlefield, toward which the U.S. Department of Defense strives, is information–gathering, sharing, exploiting, and archiving it, and doing so securely. Military personnel throughout the ranks rely on immediate, reliable, and secure access to this mission-critical information.
Both of these factors, the sheer amount of data being acquired and its importance to military decision-makers, are driving the demand for secure information storage.
The goal of the network-centric battlefield is to deliver “the right information to the right person at the right time.” Loosely translated, net-centricity requires high data accessibility and security in real time.
“I see two major aspects of secure information storage: the ability to have continued access to the info (i.e., data availability through redundant components and systems), and security with regard to denial of access to unauthorized personnel through data encryption, multi-level security (MLS), and the ability to quickly sanitize or destroy the info,” explains Amos Deacon III, president of military data storage provider Phoenix International in Orange, Calif.
“To accomplish the former, data redundancy can be accomplished using RAID [redundant array of inexpensive disks] storage technology, continuous data protection (CDP) back-up routines, and data replication,” Deacon explains. “Multiple paths to the data via several direct connections or networks also are required to ensure uninterrupted access to this info. More typically, people think of the latter case when discussing information security, because the idea is to keep the info from falling into the wrong hands.”
Get it to go
Makers of rugged storage servers for military and aerospace environments are designing systems with removable drives for a multitude of reasons, none more important than to deliver secure data storage.
“Removable drives are paramount in rugged servers–both for the ability to rapidly declassify a system and the ability to swap out large amounts of storage,” says Chip Thurston, technical director/chief architect at rugged storage provider Crystal Group in Hiawatha, Iowa. “Removable drives also help fix logistical issues with sparing, as systems can be configured using the same hardware, with the only differentiator being software. This allows you to spare one chassis and four sets of hard disks, reducing the costs associated with the sparing effort,” says Chip Thurston, technical director/chief architect at Crystal Group in Hiawatha, Iowa.
Warfighters can instantly eject removable drives housing classified information as they evacuate a failing Humvee, for example. Removable drives can still fall into the wrong hands, however, so another layer of security–data encryption–is advantageous.
Removable storage media is especially vulnerable, admits Carlos Martinez, Hewlett-Packard StorageWorks security product manager in Palo Alto, Calif. Removable drives, often on-the-go, are almost always outside a firewall. As a result, entities such as intelligence agencies and government contractors have “an increasing need to encrypt data at rest to guard the privacy of confidential information,” he says.
HP engineers infused HP StorageWorks XP24000 and XP20000 disk arrays with disk-encryption features and improved key management. The enhanced products reduce the risk of security breaches by protecting the data stored on each disk drive in the array.
The encryption delivers extreme security to data stored in an XP disk array by eliminating the possibility of a security breach resulting in unauthorized access to data stored, says an HP representative. With the HP encryption feature in place and enabled, data written to the XP is encrypted by the processors that write the data to the disk. If a drive is removed from the array, whether due to failure or through unauthorized access, the data on the drive will be meaningless to anyone attempting to read the data.
“If an array is decommissioned or individual disk drives are disposed, the information is encrypted, thus removing the need for physically destroying the drives,” Martinez says of the embedded encryption capability.
As the data passes through the XP, it is written to disk by a disk control adapter (DKA), which applies an Electronic Codebook Advanced Encryption Standard (AES) 256-bit encryption algorithm to the data.
“AES 256-bit encryption capability delivers strong privacy when used in combination with FIPS (Federal Information Processing Standard) 140-2 validated key management and separation of roles between the storage administrators and information security officers,” Martinez adds.
The addition of security tools like encryption to a data storage solution often results in a reduction in performance. It is a trade-off many users have made in the past, and one that HP engineers are set on overcoming. Encryption and decryption of the data on the XP systems happen with no measurable performance influence to the array.
Customers can be confident that data at rest–information not traversing the network–is secure and easily accessible, says an HP representative. “If disks are removed or stolen, the encrypted data is inaccessible and, therefore, protected. This encryption safeguards against loss of intellectual property and private information, and helps to protect corporate revenue and reputation.”
HP’s Secure Key Manager (SKM) hardware solution, which has been submitted for rigorous U.S. government FIPS 140-2 security revalidation, aids firms in meeting regulatory compliance by providing identity-based access, administration, and logging; lifetime key archival; and automatic multisite key replication.
“To protect critical information, HP has increased the complexity of storage security available to mitigate risk by encrypting XP arrays and expanding key capacity on the SKM,” adds Bob Wilson, vice president of the Storage Platforms division of HP.
HP engineers have upgraded the company’s SKM with a 20x increase in key capacity and a 40 percent reduction in entry cost, Martinez explains. SKM generates and manages encryption keys for HP LTO-4 enterprise tape libraries. This product combination is deployed by an aerospace company (one which cannot be revealed for security reasons) to deliver an encrypted tape solution for a public sector agency.
“The future for data-at-rest privacy includes secure centralized encryption key management in heterogeneous environments with high-availability configurations, while being agnostic to the location and type of encryption clients,” Martinez predicts. “HP is aggressively working to drive key management industry standards such that heterogeneous key exchange becomes a reality in a secure manner.”
Decisive data recording
Officials at Curtiss-Wright Controls Embedded Computing in Leesburg, Va., and at VMETRO, a Curtiss-Wright Company in Houston, say they agree that encryption is necessary–and not just at the storage level.
Military and aerospace systems designers, among others, are “requiring encryption of data, both at the recorder level and in storage devices,” says Tom Bohman, vice president of recorder products business development at Curtiss-Wright Controls Embedded Computing. “Associated with the need for encryption, solid-state disk (SSD) users require purge, fast erase, secure erase, or destruction-erase functions. Because these SSD functions are not instantaneous, it is often beneficial for secure data storage to be performed by the data recorder. Encrypting the data prior to recording it to disk ensures that the data is not accessible without the correct encryption keys and the storage media is not classified.”
Many different encryption algorithms are available, describes Paul Davis, director of sales and marketing for data communications at Curtiss-Wright. “In order for the encryption algorithms to be transparent to a data-recording application, the algorithms need to include length-preserving transform and they must operate as a fixed-size unit of data, separately and independently from other units. Length-preserving transform means that the length in bits of the encrypted data remains the same as the length of the original plain text (unencrypted) data; thus, the data is not bloated when it is encrypted.”
Using encryption techniques prior to storage offers benefits to the military, Bohman affirms. For example, the use of storage devices that are not classified makes handling, shipping, and clearing the devices easier.
More mil-aero prerequisites
Military and aerospace end users require more of their data storage solutions than just security. For starters, warfighters on the ground, in the air, and at sea have little use for a storage system unable to withstand harsh environments, such as extreme temperature ranges, fine desert sand or dust, and shock and vibe.
“Traditionally, systems that need to be able to take vibration and operate through it with no degradation in performance were limited to using solid-state hard disks,” Crystal Group’s Thurston mentions. “With advancements in vibration tolerance and careful vibration isolation at the chassis level, often rotational disks can be made to handle vibration, depending on the vibration level. If the amount of vibration is substantial, solid-state disks are still the logical step.
“Recent changes in the flash industry have allowed solid-state disks to become more affordable, while still maintaining phenomenal vibration tolerance,” Thurston continues. “As flash advancements move forward, we will start seeing better capacity, much faster speeds, and better reliably.”
Officials at Curtiss-Wright have introduced the SANbric JBOD (just a bunch of disks) storage system and shock isolation units for helicopters. The SANbric rugged, removable storage system enables the use of commercial off-the-shelf (COTS) Fibre Channel disks for high-speed, streaming data-recording applications in harsh and high-altitude environments.
The SANbric can house as many as six hard drives and 2.7 terabytes of storage capacity mounted in a sealed, metal shock isolation unit (SIU). During deployment, the SIU is mounted in airplanes, pods, and similar locations and isolates the SANbric JBOD from harsh operating conditions.
The SANbric’s internal circuit boards continuously monitor the internal environment, including each hard-drive case temperature and internal pressure. Based on this data, the internal microcontroller can activate thermal-compensation devices, such as external fans or internal heater elements, or shut down internal drives in the event of critical environmental conditions.
Each SIU is subjected not only to RTCA (RTCA Inc. at www.rtca.org) DO-160 Curve C and T testing, but also crash shock tests. These tests combined resemble MIL 810 standard testing (dust, shock, vibration, rain, salt, and fog), says a company representative.
“Size, weight, and power (SWaP) restrictions are always a high priority in rugged deployed applications for the military,” Curtiss-Wright’s Bohman notes.
The Small Form Factor Special Interest Group (SFFSIG), a Boston-based international collaboration of 18 suppliers of embedded components, boards, and system technologies, has announced the MiniBlade Specification. Created by suppliers for embedded applications, the MiniBlade specification is considered the first step toward standardizing an ultra-small, mass storage solution for the small-form-factor, embedded system market, according to a repre-sentative.
The MiniBlade specification, scheduled to be published soon, will define the mechanical form factor and interface pin definitions for upcoming MiniBlade devices. MiniBlade is an enhanced version of the SiliconDrive II Blade specification for small, rugged subsystems, such as mass storage and other I/O (input/output) technologies, that was developed by SiliconSystems Inc. in Aliso Viejo, Calif., together with Samtec Inc. in Albany, Ind.
SFFSIG’s next-generation industry standards are intended to speed and simplify the development of small embedded systems, many of which are employed in military and aerospace systems.
Mechanical or solid-state
The military and aerospace market has proponents on both sides of a long-standing storage debate: whether mechanical hard disks (also referred to as rotating or spinning media) or rival solid-state devices are better suited to military and aerospace applications. To date, both mechanical and solid-state media are employed in military and aerospace systems; no one technology has prevailed over the other. Solid-state, being the younger of the two technologies, is found in fewer military and aerospace systems than mechanical drives today, however.
Some vendors serving the industry continue to offer and to advance both technologies, whereas many have chosen and dedicated their product portfolio to one storage option. Hybrid systems are available, enabling users to employ both mechanical and solid-state drives.
Curtiss-Wright engineers have increased the storage capacity of the company’s VMDrive, a solid-state disk available with rotating media options. The VMDrive is for military and aerospace recording applications in rugged, conduction-cooled, or commercial air-cooled environments. Available in VME and CompactPCI form factors, VMDrive 6U products come in rotating media or larger-capacity, solid-state storage configurations.
At the same time, L-3 Communications-East in Camden, N.J., offers the Strategic/Tactical Airborne Recorder (S/TAR) product line with advanced solid-state and magnetic disk recording systems designed for military and commercial applications.
S/TAR systems are employed by the Department of Defense, prime contractors, and countries across the globe aboard aircraft, surface ships, and submarines. The S/TAR is meeting data storage needs in platforms ranging from the F-18 E/F fighter-bomber to the aircraft carrier USS Nimitz to tracked and wheeled vehicles. In fact, U.S. Navy officials have selected the S/TAR to record and store imagery collected aboard the F/A-18 aircraft within its shared reconnaissance pod. S/TAR has been flight proven in fighters and unmanned aerial vehicles (UAVs), and it uses Reed-Solomon Error Detection and Correction to ensure that data remains valid, from recording until post mission playback.
Advancing solid state
Investments into advancing solid-state storage technology continue, and they are expected to bring about cost reductions. “Dramatic reductions in the cost of solid-state solutions with built-in encryption and fast-secure erase features will enable much broader application of this technology in the military and aerospace markets,” Bohman says.
Grandis Inc. in Milpitas, Calif., won a $6 million award from the Defense Advanced Research Projects Agency (DARPA) to research the development of spin-transfer torque random access memory (STT-RAM) chips, a universal and scalable memory solution. “STT-RAM is a next-generation, solid-state memory technology that is dense, fast, non-volatile, and radiation-hard, making it suited for defense applications,” says a Grandis staffer.
The program is being carried out by Grandis and the Universities of Virginia and Alabama. If all phases of the development program are completed, the contract could reach $14.7 million over four years. “The goal of this program is to deliver dense, high-performance, cost-universal memory chips employing STT [spin-transfer torque technology],” Devanand Shenoy, program manager in DARPA’s Microsystems Technology Office, explains.
STT-RAM has been recognized by major semiconductor companies as the leading memory solution for the 45 nm [nanometer] technology node and beyond, according to Farhad Tabrizi, chief executive officer and president of Grandis. “Grandis and its partners are committed to making STT-RAM technology available to DARPA’s defense contractors, and believe that this program will provide leading-edge innovations that strengthen U.S. leadership in this critical technology.”
Network attached storage (NAS) is rapidly gaining acceptance in the military and aerospace market, says Curtiss-Wright’s Davis. Company officials have expanded the company’s product portfolio to include VPX NAS, a network attached storage blade based on the VITA 46 (VPX) standard.
VPX NAS, providing shared storage between disparate processors over an Ethernet network, is available in rugged, deployable configurations, Bohman adds. In mission-critical environments, clustered hosts access shared storage over a Network File System (NFS) without an external shared SCSI or Fibre Channel disk. The VPX NAS is designed to provide high data availability, consistent performance, and system-level redundancy for data-critical applications.
Engineers at L-3 Communications Canada Inc.’s Targa Systems in Ottawa are delivering a NAS data-transfer utility (DTU) for an F-16 jet fighter airborne DB-110 reconnaissance pod. The DB-110 from Goodrich Corp. ISR Systems in Chelmsford, Mass., enables pilots to capture images with electro-optical sensors during both day and night.
Images can be transmitted back for real-time analysis, and then stored in Targa’s COTS Series 3 PC Card NAS Data Transfer System. The system, equipped with a ruggedized door, fulfilled all customer requirements and met the necessary environmental specifications, says a representative.
The onboard DB-110 system, in use on Greek and Polish air force F-16s, can be operated autonomously, controlled by the pod’s reconnaissance management system. It has been considered to be the most advanced electro-optical infrared (EO/IR) reconnaissance pod available for the F-16.
Similarly, Targa’s COTS Series 4 NAS Data Transfer System stores images captured by crews and sensors aboard the P-8 Poseidon maritime patrol aircraft, formerly the Multimission Maritime Aircraft (MMA). The NAS system sports a removable 40-gigabyte flash disk.
Network-attached or direct-attached, mechanical or solid-state, advanced storage systems are as critical to mission success as the classified information they house.
Innovative platforms, electronics, and military minds continue to expand the use of digital imagery and intelligence, and therefore increase the need for reliable, secure information storage. If the network-centric battlefield is to work, secure data storage solutions must be a component, delivering mission-critical data to those who need it, when they need it–without compromise.
Use of the Advanced Encryption Standard (AES) is widely accepted. AES is considered secure enough for most security applications, including many classified U.S. government projects.
AES is a 128-bit cipher that supports three key sizes: 128, 192, and 256 bits. It uses an algorithm operating on a 4-by-4 array of bytes.
The Institute of Electrical and Electronic Engineers (IEEE) 1619 “Standard for Cryptographic Protection of Data on Block-oriented Storage Devices” provides a more-sophisticated approach to data encryption. It utilizes an XTS-AES (XTS stands for XEX-based Tweaked CodeBook mode with CipherText Stealing) adjustable block cipher that acts on data of 128 bits or more and includes the AES block cipher as a subroutine.
Storage survives freezing temperatures, desert conditions
Seagate engineers design the company’s ruggedized hard drives to operate reliably in extreme environments–wherever digital content needs to be reliably delivered and stored in extreme environments, says a representative. Seagate commercial off-the-shelf (COTS), ruggedized drives–deployed in combat vehicles, aircraft, remote drones, submarines, helicopters, and missile systems–have undergone considerable testing in extreme operating conditions to ensure data is available despite harsh weather, terrain, and ensuing battles.
Seagate’s rugged 2.5-inch EE25 Series drive has been subjected to a number of punishing applications. “These hard drives are in everything from navigation devices in oceangoing vessels to laptops on the battlefield,” says Bill Clark, senior program manager for consumer electronics at Seagate in Scotts Valley, Calif.
The EE25 Series drive stored valuable images during two mountaintop summit attempts–one to Mt. Everest and another to Cho Oyu in Tibet. The storage hardware operated reliably, enabling climbers to check and send e-mail, search the Internet, update expedition blogs and Web sites, and store breathtaking imagery-despite temperatures as low as -20 degrees F and an altitude of 18,600 feet (5,670 meters).
The ruggedized drives also hold up under challenging desert situations, ensuring the hardware is well suited to life on present-day battlefields. Engineers mounted an EE25 rugged drive in Exatel Visual Systems’ VA PRO2000 compact, DVR-based surveillance systems on a dune buggy. As the dune buggy traversed the Baja desert, Exatel’s system recorded video and that data was then stored in the Seagate drive.
“We had to develop a recording system that could withstand all the harsh conditions of the road, but still offer high capacities,” says Tom Curran, CEO of Exatel, a maker of surveillance systems for the security, intelligence, and military markets.
In addition to being rugged, the Seagate EE25 hard drives had to provide considerable storage capacity to handle longer recording cycles, considering vehicles could download video content only once or twice a week.
“Dune buggies really fly over those hills during a race, so the DVR had to handle not only the dry desert heat, but the impact of the jumps,” says Mike Staiano, an integration and qualification expert at Seagate. “For our tests, we ran the audio and video while we banged away at the DVR on vibration tables.”