COTS data recorders with FIPS 140-2 encryption provide secure lockdownStory
September 10, 2013
In deployed defense and aerospace applications, Data Recorders (DRs) are used to capture critical data. DRs are often deployed in harsh military environments, on platforms such as fixed-wing aircraft, helicopters, and armored vehicles that require a hi...
In deployed defense and aerospace applications, Data Recorders (DRs) are used to capture critical data. DRs are often deployed in harsh military environments, on platforms such as fixed-wing aircraft, helicopters, and armored vehicles that require a high level of system ruggedization. The recorded data, which may be captured from sensors or subsystems located on the platform, is extremely valuable; its value is related to the cost of individual missions for that type of aircraft or vehicle and the length of flight or mission time. In addition to its economic value, the data is often sensitive and must be protected from unauthorized access both during and after the mission. Types of DRs include mission recorders, built into aircraft or mobile vehicles, and instrumentation recorders that are used to capture data on test vehicles or subsystems. One effective method for handling the recorded data is via removable storage units that enable the data to be transported safely onto and off the platform. While Type 1 encrypted storage may be required for data classified up to Top Secret (TS), Type 3 encrypted storage can be used for Sensitive But Unclassified (SBU) data. The following focuses on capturing and storing SBU data.
Encryption protects mission data
After valuable mission data is recorded, it must be protected appropriately, which can involve the use of encryption. The decision regarding which level of encryption is needed is the responsibility of the program’s Designated Approving Authority (DAA). The DAA must trade off costs, schedule, risks, and operational constraints to approve and select a specific encryption approach. For SBU data, the National Institute of Standards and Technology (NIST) established the Cryptographic Module Validation Program (CMVP) in 1995. NIST and the Communications Security Establishment Canada (CSEC) worked together on CMVP, which validated cryptographic modules to Federal Information Processing Standards (FIPS) 140-1 Security Requirements for Cryptographic Modules, and other FIPS cryptography-based standards. Released on May 25, 2001, the FIPS 140-2, Security Requirements for Cryptographic Modules, supersedes FIPS 140-1. The FIPS 140-2 encryption standard offers an internationally recognized approach that can be pursued by COTS storage subsystems vendors. Modules validated as conforming to FIPS 140-1 and FIPS 140-2 are accepted by the federal agencies of the United States and Canada for the protection of sensitive information.
To test their modules, developers of cryptographic modules use independent, accredited Cryptographic and Security Testing (CST) laboratories. The CST laboratories use the Derived Test Requirements (DTR), Implementation Guidance (IG), and applicable CMVP programmatic guidance to test cryptographic modules against the applicable standards. NIST’s Computer Security Division (CSD) and CSEC jointly serve as the validation authorities for the program, validating the test results and issuing certificates.
The basic steps involved for a COTS storage company to become validated under FIPS 140-2 include:
- The COTS company hires a FIPS consultant in order to avoid costly design mistakes and schedule slips.
- The COTS company and consultant work in concert to architect the hardware and firmware designs.
- The COTS company and consultant determine which part of the product is to be validated. This means defining the “encryption envelope.”
- The COTS company develops the storage product under company-paid IRAD.
- The COTS company hires a NIST-accredited testing lab.
- The COTS company sends the product to the testing lab.
- The COTS company makes changes as discovered by the testing lab.
- The COTS company locks down the exact configuration.
- The testing lab submits a report directly to NIST.
- The COTS company and the testing lab respond to any concerns from NIST and wait until the report is accepted and the validation certificate is issued.
The process for development and FIPS validation of a storage product is both costly and time consuming. Steps 1 through 9 might take up to 2 years to accomplish depending on the product complexity. Step 10 can take up to a year just for awaiting the actual certificate.
To protect SBU data, a lower-risk and less-costly approach is to utilize COTS products that have already been validated to FIPS 140-2. An example of a COTS data recorder with FIPS 140-2 validated storage is the Curtiss-Wright Vortex 3U FIPS Data Recorder, a rugged, open architecture COTS-based data recording system. Curtiss-Wright’s 3U OpenVPX flash memory-based Vortex Storage Module (FSM) provides the FIPS 140-2 validated encryption. It is combined with an Intel-based single board computer running Linux and a recorder application. By including this FIPS recorder system in a rugged four-slot VPX chassis, the recorder memory is scalable from 1 TB to 6 TB. Utilizing such a data recorder system with FIPS 140-2 validated storage, SBU data-at-rest can be secured to a recognized standard with no schedule risk.
Paul Davis Director of Product Management Curtiss-Wright Controls Defense Solutions www.cwcdefense.com