Supporting 2-Layer Encryption for Protecting Classified Data-at-Rest
Curtiss-Wright’s Defense Solutions division has announced the commercial off the shelf (COTS) data-at-rest (DAR) storage solution to support Commercial Solutions for Classified (CSfC) 2-Layer Encryption, an NSA approved approach for protecting classified National Security Systems (NSS) information in aerospace and defence applications using cost-effective commercial encryption technologies in a layered solution. Curtiss-Wright now supports CSfC 2-Layer Encryption on its Data Transport System (DTS1), a rugged single-slot Network Attached Storage (NAS) storage device. With data breaches and state sponsored cyber attacks on the rise, the protection of sensitive data becomes increasingly critical.
To help drive and widen the protection of Top Secret data, the NSA has approved 2-Layer Encryption as an alternative approach to Type 1 encryption. 2-Layer Encryption significantly reduces the cost and time to develop and deploy DAR solutions. Typically, the development and certification of an NSA Top Secret Type 1 Encryptor can cost as much as $5 million and take up to 36 months to complete. Like a Type 1 encryptor, the new CSfC 2-Layer Encryption approach also uses two layers of commercially available Suite B cryptographic algorithms.
Following a Common Criteria evaluation by the National Information Assurance Partnership (NIAP), an approved 2-Layer Encryption end user device (EUD) is listed on the NSA’s CSfC Components List, enabling system designers to rapidly architect a COTS encryption solution and begin their system development. Because COTS EUDs listed on the CSfC Components List are pre-certified, significant development cost and time can be saved.
“We are excited to announce that our DTS1 is the industry’s first rugged network attached storage device to support 2 layers of encryption as described in NSA’s Data-at-Rest Capability Package,” Lynn Bamford, Senior Vice President and General Manager, Defense Solutions division, said. “The DTS1, with its software and hardware encryption layers, provides developers with a cost-effective alternative to Type 1 encryption that greatly speeds time to deployment.”
About the DTS1
The single-slot NAS device, which weighs only 4.0 lb. and measures only 1.5 x 5.0 x 6.5” (38.1 x 127 x 165.1 mm), delivers up to 2 TB of solid state storage (SSD). What’s more, the DTS1 supports PXE protocol so that all network clients on a vehicle or aircraft can quickly boot from the encrypted files on the DTS1’s removable memory cartridge (RMC). This approach both increases security and significantly improves SWaP by eliminating the need for individual hard disks to support each network client. Curtiss-Wright is initially offering 2-Layer Encryption support on two variants of the DTS1, the VS-DTS1SL-FD, which is designed for use with DZUS chassis, and the VSDTS1SL-F, which uses L-brackets to support flexible mounting within a space-constrained platform.
The DTS1 enables any network-enabled device to retrieve stored data or save new captured data. Networked devices using heterogeneous operating systems (Linux®, VxWorks®, Windows®, etc.) or CPUs that support industry standard protocols (i.e, NFS, CIFS, FTP, or HTTP) can store data on the DTS1. The DTS1 is ideal for rugged applications that require the storage, removal, and transport of critical data such as cockpit data (mission, map, maintenance), ISR (camera, I&Q, sensors), mobile applications (ground radar, ground mobile, airborne ISR pods), heavy industrial (steel, refinery), and video/audio data collection (flight test instrumentation).
The lightweight, low-power DTS1 is easily integrated into network centric systems,
providing an easy to use, turnkey, rugged NAS. The DTS1 houses one RMC that provides quick off load of data. The RMC, which can store from 128GB to 2 TB of data, can be easily removed from one base station DTS1 and installed into any other vehicle-mounted DTS1, providing seamless full data transfer between one or more networks in separate locations while Suite B encryption protects the data. It also supports a packet capture software (PCAP) option. This Ethernet recording capability allows DTS1 users to record all Ethernet packets flowing over a platform’s LAN during the course of a mission. This enables the system to record network traffic for later analysis. The DTS1 also supports iSCSI protocol so that network clients can store, share, and retrieve block data.
The COTS Solid State Memory Advantage
Unlike competing systems that use proprietary memory devices, Curtiss-Wright data transport systems (DTS1/3) uniquely use commercial off-the-shelf 2.5” SATA solid state drives to lower costs and free system integrators from a single source. With a wide variety of SSDs, the DTS memory can be scaled to meet the application needs. Each disk consumes only 2-3W of power and weighs only 0.7 lb (317 g). An RMC is small enough to fit in a shirt or flight-suit pocket and yet rugged enough for transport. Error correction, wear-leveling, and bad block management are performed to ensure data integrity.