Curtiss-Wright’s Defense Solutions division has announced the embedded industry’s first commercial off the shelf (COTS) data-at-rest (DAR) storage solution to support Commercial Solutions for Classified (CSfC) 2-Layer Encryption, an NSA approved approach for protecting classified National Security Systems (NSS) information in aerospace and defence applications using cost-effective commercial encryption technologies in a layered solution.
Curtiss-Wright now supports CSfC 2-Layer Encryption on its Data Transport System (DTS1), a rugged single-slot Network Attached Storage (NAS) storage device. With data breaches and state sponsored cyber attacks on the rise, the protection of sensitive data becomes increasingly critical.
To help drive and widen the protection of top secret data, the NSA has approved 2-Layer Encryption as an alternative approach to Type 1 encryption. 2-Layer Encryption significantly reduces the cost and time to develop and deploy DAR solutions.
Typically, the development and certification of an NSA Top Secret Type 1 Encryptor can cost as much as $5m and take up to 36 months to complete. Similar to a Type 1 encryptor, the new CSfC 2-Layer Encryption approach also uses two layers of commercially available Suite B cryptographic algorithms.
Following a Common Criteria evaluation by the National Information Assurance Partnership (NIAP), an approved 2-Layer Encryption end user device (EUD) is listed on the NSA’s CSfC Components List, enabling system designers to rapidly architect a COTS encryption solution and begin their system development. Because COTS EUDs listed on the CSfC Components List are pre-certified, significant development cost and time can be saved.
"We are excited to announce that our DTS1 is the industry’s first rugged network attached storage device to support two layers of encryption as described in NSA’s Data-at-Rest Capability Package," said Lynn Bamford, Senior Vice President and General Manager, Defence Solutions division.
"The DTS1, with its software and hardware encryption layers, provides developers with a cost-effective alternative to Type 1 encryption that greatly speeds time to deployment."
The small form factor SWaP-optimised DTS1 is designed to store and protect large amounts of data on helicopters, Unmanned Aerial Vehicles (UAV), Unmanned Underwater Vehicles (UUV), Unmanned Ground Vehicles (UGV), and Intelligence Surveillance Reconnaissance (ISR) aircraft that require the protection of sensitive DAR.
The single-slot NAS device, which weighs only 4.0lb and measures only 1.5in x 5.0in x 6.5in (38.1mm x 127mm x 165.1mm), delivers up to 2TB of solid state storage (SSD). What’s more, the DTS1 supports PXE protocol so that all network clients on a vehicle or aircraft can quickly boot from the encrypted files on the DTS1’s removable memory cartridge (RMC). This approach both increases security and significantly improves SWaP by eliminating the need for individual hard disks to support each network client.
Curtiss-Wright is initially offering 2-Layer Encryption support on two variants of the DTS1, the VS-DTS1SL-FD, which is designed for use with DZUS chassis, and the VSDTS1SL-F, which uses L-brackets to support flexible mounting within a space-constrained platform.
The DTS1 enables any network-enabled device to retrieve stored data or save new captured data. Networked devices using heterogeneous operating systems (Linux®, VxWorks® and Windows®) or CPUs that support industry standard protocols (NFS, CIFS, FTP, or HTTP) can store data on the DTS1. The DTS1 is ideal for rugged applications that require the storage, removal, and transport of critical data such as cockpit data (mission, map, maintenance), ISR (camera, I&Q, sensors), mobile applications (ground radar, ground mobile, airborne ISR pods), heavy industrial (steel, refinery), and video / audio data collection (flight test instrumentation).
The lightweight, low-power DTS1 is easily integrated into network centric systems, providing an easy to use, turnkey, rugged NAS.
The DTS1 houses one RMC that provides a quick offload of data. The RMC can store from 128GB to 2TB of data and can be easily removed from one base station DTS1 and installed into any other vehicle-mounted DTS1, providing seamless full data transfer between one or more networks in separate locations, while Suite B encryption protects the data.
It also supports a packet capture software (PCAP) option. This Ethernet recording capability allows DTS1 users to record all Ethernet packets flowing over a platform’s LAN during the course of a mission. This enables the system to record network traffic for later analysis. The DTS1 also supports iSCSI protocol so that network clients can store, share, and retrieve block data.
Unlike competing systems that use proprietary memory devices, Curtiss-Wright data transport systems (DTS1/3) uniquely use commercial off-the-shelf 2.5in SATA solid state drives to lower costs and free system integrators from a single source.
With a wide variety of SSDs, the DTS memory can be scaled to meet the application needs. Each disk consumes only 2W to 3W of power and weighs only 0.7lb (317g).
An RMC is small enough to fit in a shirt or flight-suit pocket and yet rugged enough for transport. Error correction, wear-leveling, and bad block management are performed to ensure data integrity.