Lowering the costs of encrypted data storage in trusted computing

ASHBURN, Va. – With the use of unmanned vehicles increasing dramatically in the air, on the ground, and sea, protecting sensitive data on those platforms has become a critical challenge. Until recently, Type 1 encryption devices were the only choice available to protect data-at-rest.

By Paul Davis
By Paul Davis

ASHBURN, Va. – With the use of unmanned vehicles increasing dramatically in the air, on the ground, and sea, protecting sensitive data on those trusted computing platforms with has become a critical challenge. Until recently, Type 1 encryption devices were the only choice available to protect data-at-rest.

The lengthy development times and high costs of new Type 1 encryptors increase program schedule risk. Due to constraints on the U.S. federal budget, even large programs are having difficulty funding new Type 1 encryption developments.

A solution that speeds the deployment and lowers the cost of protecting data-at-rest comes from the new two-layer encryption approach outlined in the National Security Agency’s (NSA) Commercial Solutions for Classified (CSfC) process to allow the use of commercially sourced technologies for data encryption.

Related: A guide to international authorities for global trusted computing standards certification

Today, two-layer encryption has the support of commercial off-the-shelf (COTS) data storage solution vendors, so system integrators can use them to reduce their program schedules, costs, and development risk. Designers can capitalize on two-layer encryption with COTS network-attached storage systems to obtain quick NSA approval of new storage solutions.

Protecting data-at-rest

Data-at-rest encryption is a fundamental feature of most network-attached storage systems engineered for deployed platforms. Using data-at-rest encryption, the network-attached storage can protect data stored in persistent storage media, such as a solid-state drive (SSD) in a rugged network-attached data storage file server.

In some systems, Type 1 encryptors protect data-at-rest before sensitive data stores on the drive. designers can deploy a network-attached storage system with an embedded Type 1-certified encryptor with confidence because it uses a known encryption methodology that protects and secures classified information with the assurance of NSA approval.

Certified Type 1 encryption devices contain approved NSA algorithms defined into two groups -- Suite A and Suite B.

Suite A algorithms are classified and not available for commercial use, yet Suite B algorithms are openly known and are commercially available. As an example, most smartphones employ one or more of these Suite B algorithms. Type 1 devices and their network-attached storage products are available for use in the U.S. Outside of the U.S. they are subject to export restrictions in accordance with International Traffic in Arms Regulations (ITAR).

Related: Introduction to certification authorities for trusted computing in military and avionics products

The Suite B cryptographic algorithms, which are commercially available and intended for unclassified and classified use include:

-- Advanced Encryption Standard (AES) with key sizes of 128 and 256 bits;

-- Elliptic Curve Digital Signature Algorithm (ECDSA) — digital signatures;

-- Elliptic Curve Diffie–Hellman (ECDH) — key agreement; and

-- Secure Hash Algorithm 2 (SHA-256 and SHA-384) — message digest.

Achieving Type 1 certification for a new data-at-rest encryptor is a necessarily rigorous process that includes testing and the formal analysis of a variety of criteria, including cryptographic security, functional security, tamper resistance, emissions security, and even the security of the product manufacturing and distribution process. This level of certification requires a significant investment in development time and cost for the hardware and software that will provide secure data storage.

Related: Establishing a trusted supply chain for embedded computing design

On the other hand, the CSfC process enables designers to use commercial components in layered solutions to protect classified National Security Systems (NSS) information; designers can use commercially sourced encryption technologies. The NSA provides architectures, component criteria, and configuration of the solution to meet an information-assurance requirement. The CSfC process also includes the means for vendors to get their components on the CSfC Components List, making them eligible for use in a layered CSfC solution.

The CSfC approach makes it faster and more cost-effective than ever before for system designers to deploy a solution with approved encrypted data protection. In fact, it reduces the certification process to just a matter of months and a fraction of the cost when compared to the several years and millions of dollars typically required previously.

The CSfC approval process

To achieve NSA approval and placement on the CSfC Components List, COTS encryption components must undergo Common Criteria evaluation by the National Information Assurance Partnership (NIAP) -- created by the NSA and National Institute of Science and Technology (NIST) to evaluate commercial encryption components for inclusion in CSfC solutions.

Common Criteria validate COTS information technology products to ensure they conform to the international Common Criteria Evaluation and Validation Scheme (CCEVS), which is recognized around the world by 17 certificate-producing countries and by 11 certificate-consuming countries. Once that Common Criteria process is formally underway, the COTS component vendor must establish a memorandum of agreement with the NSA.

Related: Decomposing system security to prevent cyber attacks in trusted computing architectures

NIAP ensures that commercial products meet NSA standards for security by testing the products in certified labs against stringent security standards called collaborative protection profiles. NIAP oversees U.S. implementation of the Common Criteria certification of commercial IT products for use in national-security systems.

COTS solution for CSfC protection

In a recent example, the Curtiss-Wright Corp. Defense Solutions division in Ashburn, Va., has completed the Common Criteria certification process for its Data Transport System (DTS1) network-attached storage device.

This is a COTS data-at-rest storage device designed to support two layers of full-disk encryption in a single device. It weighs 3 pounds and measures 1.5 by 5 by 6.5 inches, and yet delivers as much as four terabytes of solid-state data storage with two layers of certified encryption.

Designed to store and protect large amounts of data on helicopters, unmanned aerial vehicles (UAVs), unmanned underwater vehicles (UUVs), unmanned ground vehicles (UGVs), and intelligence surveillance reconnaissance (ISR) aircraft that require the protection of sensitive data-at-rest, the small-form-factor data recorder uses commercially available Commercial National Security Algorithm Suite (formerly Suite B) cryptographic algorithms which can protect top-secret data.

The unit was designed with NSA’s data-at-rest capability package as a template and is based on the hardware and software full-disk encryption approach. Having received Common Criteria certification, the hardware and software full-disk encryption layers are listed on the U.S. NIAP product compliant list.

Related: The trusted computing implications of interfaces, and how they can influence system performance

Curtiss-Wright officials also obtained NSA approval for use of the two Common Criteria-certified full-disk encryption layers as CSfC components. As a result, the product’s two encryption layers are listed on the NSA’s CSfC components list and can be proposed as a data-at-rest solution. Selecting a pre-approved device from the CSfC components list enables system architects to reduce the time and cost to design a COTS encryption solution, and enables them to begin system development immediately, while also reducing their program risk.

CSfC component list benefits

The CSfC component list enables system integrators to identify products that are in evaluation, or are already certified, for use in a data-protection solution. System integrators then apply to the NSA identifying the proposed product from the component list and the application details.

This approach enables system integrators to begin developing and testing their data-security architecture quickly. With leading COTS suppliers investing in the development and certification process, solution integrators will find a reduction in program cost, risk, and schedule for protecting critical deployed data-at-rest by taking advantage of NSA’s CSfC approach.

For more information contact Curtiss-Wright Defense Solutions online at www.curtisswrightds.com/technologies/trusted-computing.

Paul Davis is director of product management at The Curtiss-Wright Corp. Defense Solutions division in Ashburn, Va. Contact him by email at pdavis@curtisswright.com.

Ready to make a purchase? Search the Military & Aerospace Electronics Buyer's Guide for companies, new products, press releases, and videos

More in Computers