COTS NAS From Curtiss-Wright to Support 2-Layer Encryption

Curtiss-Wright‘s Defense Solutions division has announced the embedded Commercial Off The Shelf (COTS) Data-At-Rest (DAR) storage solution to support Commercial Solutions for Classified (CSfC) two-layer encryption, an NSA approved approach for protecting classified National Security Systems (NSS) information in aerospace and defense applications using cost-effective commercial encryption technologies in a layered solution.

Data Transport System DTS1

The company supports CSfC two-layer encryption on its Data Transport System (DTS1), a rugged single-slot NAS storage device. With data breaches and state sponsored cyber attacks on the rise, the protection of sensitive data becomes increasingly critical.

To help drive and widen the protection of secret data, the NSA has approved two-layer encryption as an alternative approach to type one encryption. Two-layer encryption reduces the cost and time to develop and deploy DAR solutions. Typically, the development and certification of an NSA secret type one encryptor can cost as much as $5 million and take up to 36 months to complete.

Like a type one encryptor, the CSfC 2-layer encryption approach also uses two layers of commercially available suite B cryptographic algorithms. Following a Common Criteria evaluation by the National Information Assurance Partnership (NIAP), an approved two-layer encryption end user device (EUD) is listed on the NSA’s CSfC Components List, enabling system designers to rapidly architect a COTS encryption solution and begin their system development. Because COTS EUDs listed on the CSfC components list are pre-certified, significant development cost and time can be saved.

“We are excited to announce that our DTS1 is the industry’s first rugged NAS device to support 2 layers of encryption as described in NSA’s Data-at-Rest Capability Package,” said Lynn Bamford, SVP and GM, defense solutions division. “The DTS1, with its software and hardware encryption layers, provides developers with a cost-effective alternative to Type 1 encryption that greatly speeds time to deployment.“

Click to enlarge

About DTS1
The small form factor SWaP-optimized DTS1 is designed to store and protect large amounts of data on helicopters, Unmanned Aerial Vehicles (UAV), Unmanned Underwater Vehicles (UUV), Unmanned Ground Vehicles (UGV), and Intelligence Surveillance Reconnaissance (ISR) aircraft that require the protection of sensitive DAR. The single-slot NAS device, which weighs at 4.0lb. and measures 1.5×5.0 x6.5″ (38.1x127x165.1mm), delivers up to 2TB of SSD.

The DTS1 supports PXE protocol so that all network clients on a vehicle or aircraft can quickly boot from the encrypted files on the DTS1’s removable memory cartridge (RMC). This approach both increases security and improves SWaP by eliminating the need for individual HDDs to support each network client. The company is initially offering two-layer encryption support on two variants of the DTS1, the VS-DTS1SL-FD, which is designed for use with DZUS chassis, and the VSDTS1SL-F, which uses L-brackets to support flexible mounting within a space-constrained platform.

The DTS1 enables any network-enabled device to retrieve stored data or save new captured data. Networked devices using heterogeneous OSs (Linux, VxWorks, Windows, etc.) or CPUs that support industry standard protocols (i.e, NFS, CIFS, FTP, or HTTP) can store data on the DTS1.

The DTS1 is for rugged applications that require the storage, removal, and transport of critical data such as cockpit data (mission, map, maintenance), ISR (camera, I&Q, sensors), mobile applications (ground radar, ground mobile, airborne ISR pods), heavy industrial (steel, refinery), and video/audio data collection (flight test instrumentation).

The lightweight, low-power DTS1 is easily integrated into network centric systems, providing a turnkey, rugged NAS. The DTS1 houses one RMC that provides quick off load of data. The RMC, which can store from 128GB to 2TB of data, can be removed from one base station DTS1 and installed into any other vehicle-mounted DTS1, providing data transfer between one or more networks in separate locations while suite B encryption protects the data. It also supports a packet capture software (PCAP) option. This Ethernet recording capability allows DTS1 users to record all Ethernet packets flowing over a platform’s LAN during the course of a mission. This enables the system to record network traffic for later analysis. The DTS1 also supports iSCSI protocol so that network clients can store, share, and retrieve block data.

COTS solid state memory advantage
Unlike competing systems that use proprietary memory devices, company’s data transport systems (DTS1/3) uniquely use commercial off-the-shelf 2.5″ SATA SSDs to lower costs and free system integrators from a single source. With a variety of SSDs, the DTS memory can be scaled to meet the application needs. Each disk consumes 2-3W of power and weighs 0.7lb (317 g). An RMC is small enough to fit in a shirt or flight-suit pocket and yet rugged enough for transport.

Error correction, wear-leveling, and bad block management are performed to ensure data integrity.