Today’s military data storage goes far beyond rugged

NVMe, which is poised to take leadership in the aerospace and defense data storage market from the older SATA bus technology, “lowers latency, and is a high-performance alternative to SATA, and I see data storage going in that direction,” Deacon says. “The majority of military data storage applications are moving from SATA to NVMe.”

Deacon points out that NVMe increases data read and write speeds over SATA by at least three times — sometimes even more. As an example, he says SATA reaches its upper-speed limits at about 600 megabytes per second, while NVMe can sustain read and write performance of more than 3 to 3.5 gigabytes per second.

NVMe does have its drawbacks, however. First, it’s a much newer technology than SATA, and some systems designers are reluctant to move to revolutionary new technologies — especially as they consider the need to upgrade legacy systems over many years.

In addition, “the NVMe product draws a lot of power, and that can hurt you in two ways,” Deacon says. “You have to dissipate the heat, and that heat can affect drive performance; if you don’t cool it, the drive will throttle-back.”

Other users and manufacturers of rugged data storage in military and aerospace applications also are singing the praises of NVMe. “These drives enable you to capture data directly from the PCI lane, at very high speeds,” says Matt Young, business unit director for data solutions at the Curtiss-Wright Corp. Defense Solutions division in Dayton, Ohio.

“Traditionally we have done a lot of SATA interface work, but the need for higher speed has pushed us to PCI Express and NVMe technology,” Young says. “All our offerings today are in NVMe and PCI Express.”

SATA does have enduring niches in aerospace and defense applications — particularly when it comes to longevity and upgrades over several generations of legacy systems. “There are a lot of legacy SATA systems to support,” Young says.

Still, demands for increased speeds is making moving to NVMe an obvious choice. “With advanced sensors at higher bandwidths, like with multiple cameras and ever-increasing sophistication of those sensors, that drives more data, and that’s why we are seeing the higher-speed stuff,” Young says.

Don Bizios, senior product line manager of secure solid-state drive products at the Mercury Systems Advanced Microelectronics Center in Phoenix, points out the industry’s migration from SATA to NVMe. “Close to 95 percent of new designs are using NVMe now, and we also are moving in that direction.”

There are data storage companies serving aerospace and defense applications, however, that are not ready to commit wholly to NVMe. “SATA is still very strong,” says Scott Phillips, vice president of marketing at rugged data storage specialist Virtium LLC in Rancho Santa Margarita, Calif.

“You will hear that NVMe is where everything is going, because the big providers are going that way,” Phillips says. “But it requires newer Windows and Linux versions, and many military and aerospace designers started their projects years ago, and for them, SATA is just fine.”

Among SATA’s other advantages over NVMe is its relatively low power consumption,” Phillips continues. “Although NVMe has some low-power modes, typically military and aerospace designers are more concerned that the data drive comes on-line quick. SATA also has more ability to be ruggedized and do secure erase a little easier than NVMe. You can do that with NVMe, but it takes a special skillset to do it.”

The need for security

One of the biggest trends in data storage is security — not only for safeguarding the data itself, but also for ensuring the ability to erase data quickly and securely, and prevent tampering if the drive falls into the wrong hands.

Encryption for data storage comes in several different levels of security, spelled out in standards from international authorities; the U.S. Department of Defense’s National Security Agency (NSA) at Fort Mead, Md.; and the U.S. Department of Commerce National Institute of Standards and Technology (NIST) in Gaithersburg, Md.

Perhaps the most accessible commercial encryption standards are the Security Requirements for Cryptographic Modules standard, outlined in Federal Information Processing Standard (FIPS) 140-2; and the Advanced Encryption Standards (AES), outlined in FIPS 197. These commercial-level encryption standards are administered by NIST.

FIPS 140-2 is a U.S. government computer security standard to coordinate the requirements and standards for approving cryptographic modules that maintain the confidentiality and integrity of encrypted information.

The AES, meanwhile, specifies a FIPS-approved cryptographic algorithm that is a symmetric block cipher that can encrypt and decrypt information. It can use cryptographic keys of 128, 192, and 256 bits (AES 256) to encrypt and decrypt data in blocks of 128 bits.

The Opal Storage Specification from the non-profit Trusted Computing Group (TCG) in Beaverton, Ore., is a set of security specifications to apply hardware-based encryption to storage devices. Storage devices that comply with TCG Opal can provide enhanced performance, security, and management, compared with software-based encryption. All security functions happen within the device itself.

Another encryption approach is the Common Criteria for Information Technology Security Evaluation, administered by the NSA’s National Information Assurance Partnership (NIAP). Common Criteria is a technically demanding international set of guidelines for security certification recognized by the U.S. and 27 other governments worldwide for protecting sensitive stored data. It provides assurance that the process of specification, implementation, and evaluation happens in a rigorous, standard, and repeatable manner.

Common Criteria certification also is one of the first steps toward implementing the NSA’s Commercial Solutions for Classified (CSfC) two-layer encryption for

protecting classified information in aerospace and defense applications.

CSfC is intended to be a cost-effective way to use layered commercial encryption technologies in trusted data storage. The NSA has established the CSfC program as an alternative to the agency’s more-stringent and more expensive Type 1 encryption.

NSA officials developed the CSfC program to deliver secure solutions using commercial encryption to get trusted data solutions to industry quickly. It works on the assumption that properly configured, layered solutions can provide adequate protection of classified data in selected applications.

The most demanding encryption available for trusted data storage is NSA Type 1, which is an encryption device or system certified by the NSA for use in securing classified military or other government information as Type 1-certified encryptors are available only from a handful of certified providers. Type 1 certification is a rigorous process that includes testing and formal analysis of cryptographic security, functional security, tamper resistance, emissions security, and security of the product manufacturing and distribution process.

Secure data storage needs more than just encryption to safeguard information properly. Security experts particularly are interested in denying an adversary physical access to data drives if systems fall into the wrong hands.

Anti-tamper technology is intended to prevent not only unauthorized access to stored data, but also to keep an adversary from reverse-engineering data drives or storage systems. Anti-tamper mechanisms come in several different layers.

Secure design approaches

“One of the things that has really not changed is security,” Mercury’s Bizios points out. “AES 256 is something people are comfortable with, as is FIPS 140-2. The other area that is very high on the requirements list is the CSfC. The new thing now is mobile data servers that will go on Humvees and into the field, and requirements for higher capacity and security for data at rest becomes very critical.”

Requirements for security in data storage used in military and aerospace systems have become common over the past four or five years.

Perhaps the most attractive aspect of CSfC is its multiple layers of encryption. “The idea is if there is something wrong with one, then there is not with another,” says Bob Lazaravich, director of secure storage at the Mercury Systems Advanced Microelectronics Center in Phoenix. “CSfC is more popular now, as more and more customers are moving in that direction; CSfC is getting a lot of traction.”

Designers at rugged computer specialist Crystal Group in Hiawatha, Iowa, are using FIPS 140-2 encryption at the software level, and TCG Opal at the hardware level in their data storage systems, says Jim Shaw, executive vice president of engineering at Crystal.

In addition, Crystal relies on AES 256 to handle self-encrypting in data drives that require instant secure erase for anti-tamper protection.

Curtiss-Wright systems designers rely on the CSfC standard for demanding security in data storage that falls short of the stringent requirements of NSA Type 1 encryption. “We’ve heard from various armed services who are requiring encryption options in the future, and there are options besides Type 1,” says Steve Petric, senior product manager for data storage solutions at Curtiss-Wright Defense Solutions in Dayton, Ohio.

“We have seen customer mindsets changing, and they are beginning to be more open and comfortable with the alternatives” to NSA Type 1, Petric says. Despite its status as the gold standard for military data encryption, NSA Type 1 is starting to receive some technical criticism in the data storage marketplace.

“We are seeing a lot of concern about using Type 1 encryption in systems that require low latency,” says Mike Flander, technical director at Crystal Group. “It can be limited in data input, and the industry is longing for something that isn’t Type 1, such as CSfC, that has better data throughput.”

The need for rugged

There’s one common thread to military and aerospace data storage systems: they all have to be sufficiently rugged to resist the effects of shock, vibration, temperature extremes, and all manner of electromagnetic interference.

Crystal Group purchases commercial-grade solid-state drives from manufacturers like Seagate Technology in Cupertino, Calif., and then ruggedizes these drives

with processes that involve conformal coating, extensive quality screening, and shock-isolating packaging.

“We add an extremely rugged conformal coating that provides a seal for humidity protection, and some ruggedization resilience,” says Crystal Group’s Shaw. “We don’t need to do a lot of structure modification to these drives, until we get into the high-performance NVMe drives that generate a lot of heat. Getting the heat out is a focus of our research and development group at Crystal.”

Virtium has announced the company’s XR — short for extra rugged — line of 2.5-inch and slim SATA solid-state drives, as well as an XR DIMM memory module. “We use special connectors with extra gold on the fingers for endurance against shock and vibration,” says Virtium’s Phillips. The company has a request for gold SATA with thick barrel pins that fit in very tight spaces to eliminate shock and vibration issues.

Curtiss Wright designers often let economics drive their approaches to ruggedizing data storage drives, depending on the application. “We don’t always use ruggedized drives; sometimes we use commercial-grade drives in an engineered box designed to support those drives,” says Curtiss-Wright’s Young.

Often it’s best to consider the application before ruggedizing data drives, says Phoenix International’s Deacon. “It boils down to economics,” Deacon says. “It’s all application-driven. What is good enough for the application, and how much money do I have to pay for it?”