MIL TECH INSIDER

COTS data recorders with FIPS 140-2

encryption provide secure lockdown
By Paul Davis
An industry perspective from Curtiss-Wright Controls Defense Solutions
In deployed defense and aerospace applications, Data
Recorders (DRs) are used to capture critical data. DRs are
often deployed in harsh military environments, on platforms
such as fixed-wing aircraft, helicopters, and armored vehicles
that require a high level of system ruggedization. The recorded
data, which may be captured from sensors or subsystems
located on the platform, is extremely valuable; its value is
related to the cost of individual missions for that type of aircraft or vehicle and the length of flight or mission time. In addition to its economic value, the data is often sensitive and must
be protected from unauthorized access both during and after
the mission. Types of DRs include mission recorders, built into
aircraft or mobile vehicles, and instrumentation recorders that
are used to capture data on test vehicles or subsystems. One
effective method for handling the recorded data is via removable storage units that enable the data to be transported safely
onto and off the platform. While Type 1 encrypted storage may
be required for data classified up to Top Secret (TS), Type 3
encrypted storage can be used for Sensitive But Unclassified
(SBU) data. The following focuses on capturing and storing
SBU data.
Encryption protects mission data
After valuable mission data is recorded, it must be protected
appropriately, which can involve the use of encryption. The
decision regarding which level of encryption is needed is
the responsibility of the programs Designated Approving
Authority (DAA). The DAA must trade off costs, schedule,
risks, and operational constraints to approve and select a
specific encryption approach. For SBU data, the National
Institute of Standards and Technology (NIST) established the
Cryptographic Module Validation Program (CMVP) in 1995.
NIST and the Communications S
ecurity Establishment Canada
(CSEC) worked together on CMVP, which validated cryptographic modules to F
ederal Information Processing Standards
(FIPS) 140-1 Security Requirements for Cryptographic Modules,
and other FIPS cryptography-based standards. Released
on May 25, 2001, the FIPS 140-2, Security Requirements for
Cryptographic Modules, supersedes FIPS 140-1. The FIPS
140-2 encryption standard offers an internationally recognized
approach that can be pursued by COTS storage subsystems
vendors. Modules validated as conforming to FIPS 140-1 and
FIPS 140-2 are accepted by the federal agencies of the United
States and Canada for the protection of sensitive information.
To test their modules, developers of cryptographic modules use
independent, accredited Cryptographic and Security Testing
(CST) laboratories. The CST laboratories use the Derived Test
Requirements (DTR), Implementation Guidance (IG), and applicable CMVP programmatic guidance to test cryptographic
modules against the applicable standards. NISTs Computer
Reprinted from September 2013

Security Division (CSD) and CSEC jointly serve as the validation authorities for the program, validating the test results and
issuing certificates.
The basic steps involved for a COTS storage company to
become validated under FIPS 140-2 include:
1. The COTS company hires a FIPS consultant in order to
avoid costly design mistakes and schedule slips.
2. The COTS company and consultant work in concert to
architect the hardware and firmware designs.
3. The COTS company and consultant determine which part
of the product is to be validated. This means defining the
encryption envelope.
4. The COTS company develops the storage product under
company-paid IRAD.
5. The COTS company hires a NIST-accredited testing lab.
6. The COTS company sends the product to the testing lab.
7. The COTS company makes changes as discovered by the
testing lab.
8. The COTS company locks down the exact configuration.
9. The testing lab submits a report directly to NIST.
10. The COTS company and the testing lab respond to any
concerns from NIST and wait until the report is accepted
and the validation certificate is issued.
The process for development and FIPS validation of a storage
product is both costly and time consuming. Steps 1 through
9 might take up to 2 years to accomplish depending on the
product complexity. Step 10 can take up to a year just for
awaiting the actual certificate.
To protect SBU data, a lower-risk and less-costly approach
is to utilize COTS products that have already been validated
to FIPS140-2. An example of a COTS data recorder with
FIPS140-2 validated storage is the Curtiss-Wright Vortex 3U
FIPS Data Recorder, a rugged, open architecture COTS-based
data recording system. Curtiss-Wrights 3U OpenVPX flash
memory-based Vortex Storage Module (FSM) provides the
FIPS140-2 validated encryption. It is combined with an Intelbased single board computer running Linux and a recorder
application. By including this FIPS recorder system in a rugged
four-slot VPX chassis, the recorder memory is scalable from 1TB
to 6 TB. Utilizing such a data recorder system with FIPS140-2
validated storage, SBU data-at-rest can be secured to a recognized standard with no schedule risk.

MILITARY EMBEDDED SYSTEMS

Paul Davis
Director of Product Management
Curtiss-Wright Controls Defense Solutions
www.cwcdefense.com