Speed and security for military data storage

Jan. 6, 2021
Rugged data storage systems for aerospace and defense applications are moving to new data interfaces for unparalleled speed and capacity, while trusted computing and information security are driving trends.

NASHUA, N.H. - Demands on rugged data storage for aerospace and defense applications never have been higher, driven by the proliferation of sensors, tactical cloud computing, high-speed networking, and the need for real-time actionable intelligence.

In response, the embedded-computing and data-storage industries are responding with a wide variety of open-systems architectures, trusted computing and cyber security for data at rest and for data in motion, every-increasing capacities and speeds of data storage, power and thermal management, packaging for low size, weight, power consumption, and cost (SWaP), and cutting-edge data storage interfaces to optimize today’s military embedded computing systems.

Storage capacity and speed

“Among the trends we are seeing is the increased number of sensors going inside of unmanned vehicles and manned planes driving faster data throughput and
higher capacities,” says Steve Petric, senior product manager of data solutions at the Curtiss-Wright Corp. Defense Solutions division in Dayton, Ohio. “This is driven by the need for more sensors, collecting more data, and increasing data-storage capacities in the same amount space — or even smaller.”

One technological innovation that helps increase read and write speeds to data storage media is Non-Volatile Memory Express, better-known as NVMe. This approach enables data storage media such as solid-state drives to access processors via the PCI Express databus. It also enables host hardware and software to capitalize on levels of parallelism possible in modern solid-state drives.

“We have been seeing NVMe with PCI Express,” Petric says. “The type of data is moving from SATA to NVMe, and it’s starting to get more adoption and traction in the defense market.” SATA — short for Serial AT Attachment — is a computer bus interface that connects host bus adapters to data storage devices like hard disk drives, optical drives, and solid-state drives.

“The need for higher amounts of storage continues to evolve as sensors and cameras become faster and improve in resolution,” says Brian Rinehart, systems and compliance engineering manager at rugged computer expert Crystal Group Inc. in Hiawatha, Iowa. “We can get more and more data storage in smaller and smaller products.”

NVMe can increase data read and write speeds over SATA by four to five times — sometimes even more. As an example, SATA reaches its upper-speed limits at about 600 megabytes per second, while NVMe can sustain read and write performance of more than 3 to 3.5 gigabytes per second.

One principle behind NVMe is switching from serial to parallel data interfaces to increase data throughput. “As access times are shorter, those serial interfaces become saturated, “ says Crystal’s Rinehart. “Then we start running parallel serial interfaces, which is the principle behind NVMe. the pipe just gets larger and larger, and the pipe between processing and storage comes immaterial.”

Stuffing higher storage capacities into the same- or smaller-sized devices is a primary market driver, says Aneesh Kothari, vice president of marketing at rugged computing expert Systel Inc. in Sugar Land, Texas.

“From where we sit, the drivers are higher capacities in the same form factors and higher speeds so you can move from typical SATA drives to PCI Express and NVMe,” Kothari says. “Designers can use that enhanced speed to move from Gigabit Ethernet to 25-to-40-Gigabit Ethernet.”

Driving these higher data-storage speeds revolve around drastically increasing numbers of sensors that aerospace and defense designers envision. “What’s driving this is the idea that all these platforms are being so sensored, and you can collect massive amounts of data every second,” Kothari says. You can ingest that data at close to real-time speeds; you have so much data coming in to capture and store, and use hot-swap drives to keep up. More speed and higher capacities may require fewer hot swaps during a mission.”

The advantages of NVMe in capacity and speed are obvious, but systems designers also must consider technology and cost tradeoffs as they decide what kinds
of data storage systems they need.

“Last year one of the big buzzes was the NVMe interface, which seemed to be the next big thing, but I have not seen the level of people going to that technology that I had expected,” says Amos Deacon III, president of rugged data storage expert Phoenix International in Orange, Calif.

“The implementation of that technology is slower than I expected — a little bit because of the pandemic, but also because the technology is impeded by the existing storage infrastructures like SATA and Serial Attached SCSI (SAS). The capacities of NVMe drives are increasing like crazy; there are 15-to-16-terabyte NVMe drives now, but they are still pricey.”

It’s not only price that causes some systems designers to shy-away from NVMe; there are thermal-management issues to consider, as well.

“One of the issues with NVMe is they are very power-hungry,” Phoenix’s Deacon says. “They draw a lot of current, and that is challenging for an embedded computing environment. Because of the heat generated in a lot of applications, they have to throttle-back the system speed. Some systems can’t run at PCI Gen 3 speeds; they have to go to Gen 2 because we can’t get the system cool enough.”

One customer of Phoenix decided the heat issues of NVMe were too challenging, and instead decided to go with SATA, despite its noticeably slower read-and-write speeds, Deacon says. “We had to find alternatives, and our customer stuck with SATA because we know it works.”

Overall, however, Deacon says the future is still bright for NVMe. “In the future that’s where we’re going; we already are seeing low-power NVMe devices, and I think NVMe will overcome the temperature issues. It’s started to happen now.”

Future availability of thermally and power- efficient NVMe data storage systems couldn’t come quickly enough for some designers. “The tradeoff is in your thermals,” says Systel’s Kothari. “The faster you go, and the more capacity you have, the hotter the system runs. You can have the fastest, fattest drives possible, but if it overheats, it really doesn’t do you any good. If that heat is not accounted for, the heat can become a single point of failure.”

Encryption and security

Encryption for data storage comes in several different levels of security, spelled-out in standards from international authorities; the U.S. Department of Defense’s
National Security Agency (NSA) at Fort Mead, Md.; and the U.S. Department of Commerce National Institute of Standards and Technology (NIST) in Gaithersburg, Md.

Perhaps the most accessible commercial encryption standards are the Security Requirements for Cryptographic Modules standard, outlined in Federal Information Processing Standard (FIPS) 140-2; and the Advanced Encryption Standards (AES), outlined in FIPS 197. These commercial-level encryption standards are administered by NIST.

FIPS 140-2 is a U.S. government computer security standard to coordinate the requirements and standards for approving cryptographic modules that maintain the confidentiality and integrity of encrypted information.

The AES, meanwhile, specifies a FIPS-approved cryptographic algorithm that is a symmetric block cipher that can encrypt and decrypt information. It can use cryptographic keys of 128, 192, and 256 bits (AES 256) to encrypt and decrypt data in blocks of 128 bits.

The Opal Storage Specification from the non-profit Trusted Computing Group (TCG) in Beaverton, Ore., is a set of security specifications to apply hardware-based encryption to storage devices. Storage devices that comply with TCG Opal can provide enhanced performance, security, and management, compared with software-based encryption. All security functions happen within the device itself.

Another encryption approach is the Common Criteria for Information Technology Security Evaluation, administered by the NSA’s National Information Assurance Partnership (NIAP). Common Criteria is a technically demanding international set of guidelines for security certification recognized by the U.S. and 27 other governments worldwide for protecting sensitive stored data. It provides assurance that the process of specification, implementation, and evaluation happens in a rigorous, standard, and repeatable manner.

Common Criteria certification also is one of the first steps toward implementing the NSA’s Commercial Solutions for Classified (CSfC) two-layer encryption for protecting classified information in aerospace and defense applications.

CSfC is intended to be a cost-effective way to use layered commercial encryption technologies in trusted data storage. The NSA has established the CSfC program as an alternative to the agency’s more-stringent and more expensive Type 1 encryption.

NSA officials developed the CSfC program to deliver secure solutions using commercial encryption to get trusted data solutions to industry quickly. It works on the assumption that properly configured, layered solutions can provide adequate protection of classified data.

The most demanding encryption available for trusted data storage is NSA Type 1, which is an encryption device or system certified by the NSA for use in securing classified military or other government information. It’s expensive and time-consuming to implement, and Type 1-certified encryptors are available only from a handful of certified providers.

Secure data storage needs more than just encryption to safeguard information properly. Security experts particularly are interested in denying an adversary physical access to data drives if systems fall into the wrong hands.

Anti-tamper technology is intended to prevent not only unauthorized access to stored data, but also to keep an adversary from reverse-engineering data drives or storage systems.

Demand for security

It used to be that data encryption and trusted computing capability in data storage was a nice-to-have option instead of a necessity. Today that’s no longer the case. “Security and encryption are part of every conversation we are having,” says Curtiss-Wright’s Petric. “People ask if we have NSA Type 1, CSfC, or something else.”

Curtiss-Wright offers the Unattended Network Storage (UNS) system — a rugged network-attached storage (NAS) device — that works with the KG 204 NSA Type 1 encryptor from General Dynamics Mission Systems in Fairfax, Va. “Type 1 is much more expensive, and the general contention is the up-front costs of a Type 1 are much more than a CSfC solutions. Overall, the cost at the end is CSfC is cheaper.”

In addition to encryption, user authentication, key management, and the ability to destroy data quickly also are driving concerns in military data storage, says Crystal Group’s Rinehart.

Key management describes a piece of information used together with an algorithm to transform plain text into encrypted test to encrypt and decrypt data. “Registering those keys is important,” Rinehart says. “You need to rotate the keys so they don’t become stagnant, and revoke those keys when they become obsolete or at risk.”

Although the U.S. military and prime defense contractors do not always require top-level and expensive data storage encryption, at least some level of government-approved encryption is becoming the norm. “The number-one thing we see is some level of FIPS certification, in the drives themselves or in the transport of that device,” Rinehart says.

Systel’s Kothari says he agrees that some level of security is essential in today’s aerospace and defense data storage. “We need to be able to store that data securely, whether it is for off-platform missions or during the mission for exploitation,” he says. “That includes if you are swapping drives out, taking that data and sending it downstream somewhere, taking the data back to your base. We need to take that data off the platform securely and take it to a place where you can do something with it. You have to ensure the data is not corrupted and is secure.”

Voice your opinion!

To join the conversation, and become an exclusive member of Military Aerospace, create an account today!