The 5S’s of Secure Storage for Military Embedded Computing Systems

As sensors and processing continue to do more in shrinking spaces, system architects are looking beyond just file and endpoint encryption.

How does a system architect design secure data storage into a military embedded system?  Software encryption comes to mind immediately for most people. Many robust file and endpoint encryption packages are easily and quickly upgradable and deployable across a large network of devices. However, software running on the operating system can be altered, hacked, and possibly even removed—leaving data vulnerable to adversarial capture. When mission critical, classified and top secret data needs protection, there are other far more secure methods to consider. Self-encrypting hardware provides the ultimate data security. In this article, we’ll explore the “five S’s” of secure data storage for military embedded systems: size, weight, and power (SWaP), Speed, Security, Sanitize, and Self-Destruct.

Data Protection Where SWaP is at a Premium
With the rise of unmanned and mobile communication systems in modern warfare, board and system architects are challenged to pack more sensor and processing capabilities into these SWaP-constrained environments. There is less room for conventional storage like hard disk drives with rotating magnetic media. Solid-state drives (SSD) using non-volatile NAND flash memory offer substantially higher sustained read and write speeds. The SSDs keep power consumption low, with the ability to customize consumption for each unique application. By utilizing advanced miniaturization and three-dimensional stacking technologies, high-speed, high-capacity, and low-power data storage can be realized in a variety of form factors, including ultra-compact ball grid array (BGA) packages. Military-grade BGA SSD devices incorporate both security and ruggedization, thereby providing assured reliability in harsh military environments. These secure SSD devices are the ideal solution for data protection in SWaP-constrained embedded systems such as avionics, unmanned vehicles, mobile communication systems, wearable man-packs, laptops, and tablets.

Figure 1: Mercury Systems’ TRRUST-Stor BGA is an example of successfully implementing the five S’s of secure data storage.

Avoiding Speed Degradation
Data speed is vital to most military embedded computing applications. However, using a virtual private network (VPN) or other encryption applications can slow computing functions, as these applications use the host CPU to encrypt every data packet. This approach consumes bandwidth and slows normal computer functions, including data acquisition. The same speed degradation occurs when file encryption or endpoint encryption software is employed. However, moving functionality from the software level and implementing it at the hardware level causes laptop or work station performance to be unaffected by the encryption process. A secure SSD has dedicated hardware to manage the encryption and decryption processes, leaving the performance of the host system uncompromised.

Military systems require reliable high-speed data transfer rates to capture, process, and disseminate sensor data in both benign and harsh environments. Read and write speeds of a military-grade SSD parallels that of non-encrypting commercial drives. When used in forward-deployed defense systems, military-grade SSD devices surpass their commercial counterparts with the ability to maintain sustained read/write operations rates during (1) extreme temperature exposure, (2) thermal shock conditions, (3) mechanical shock conditions, (4) high vibration conditions, or any combination of the above. Military-grade SSD devices are engineered with rugged enclosures, military-grade components, and NAND flash from trusted sources.

Two Independent Encryption Layers for Security
All secure SSD devices use cryptographic algorithms built into the controller to encrypt every bit of data stored. Most self-encrypting drives are designed with Advanced Encryption Standard (AES) 256-bit in XTS block cipher mode to protect data. With a high entropy key value, AES 256-bit XTS encryption is virtually impossible to break, even by the fastest supercomputers today.

Programs securing highly sensitive or classified data require assurance that the cryptographic algorithms have been correctly implemented. This assurance process is conducted through validation and certification at organizations such as the  National Institute of Standards and Technology (NIST) and the National Information Assurance Partnership (NIAP). These organizations oversee the Federal Information Process Standards (FIPS) that certify the proper implementation of encryption algorithms, key management, authentication algorithms, and the Common Criteria certification of encryption protection profiles. Hardware full disk encryption components obtaining these certifications can be eligible for the National Security Agency’s (NSA) Commercial Solutions for Classified (CSfC) program for the protection of classified, secret, and top secret data at rest.

The CSfC program provides solution-level specifications called Capability Packages (CP) to deliver data security solutions using a two-layer approach. In the Data at Rest (DAR) CP, data protection is accomplished by integrating an inner and outer layer of hardware and software encryption. The SSD device is the inner layer, while a file encryption or software full disk encryption solution is the outer layer. Two independent encryption layers eliminate the likelihood that a single vulnerability can be exploited in both security layers. Classified, secret, and top secret data can be safely stored if all of the CSfC program requirements are successfully validated per the CP criteria defined by the NSA, including using only hardware and software approved by the NSA that is on the NSA’s CSfC component list/.

Other security aspects for sensitive military applications should be considered. As a hypothetical scenario, consider a commercial SSD built with a controller designed and manufactured outside of the United States. This SSD is then integrated into the flight system of a military UAV. After integration into the platform, all quality checks have passed. The UAV’s flight system is operational. At a later time, this UAV is executing a mission where a terrorist training facility must be surveyed. As the drive’s total power-on time changes from 0200 to 0201 hours, a backdoor installed into the SSD’s controller is triggered. The flight system immediately shuts down. The mission is aborted, and the UAV is brought down in unfriendly territory. Sourcing an SSD with a NAND controller designed and manufactured in a domestic, trusted environment mitigates the risk of backdoors and unauthorized data access.

Figure 2: Mercury Systems’ ASURRE-Stor is the only Full Disk Encryption hardware eligible for the NSA’s CSfC program.

Fast Erase and Sanitize
As discussed, there are a number of advanced methods employed to secure data and eliminate the possibility of unauthorized access. However, there are scenarios when data must be rapidly wiped from the drive upon demand.

The fast erase and sanitization protocols integrated into military-grade SSDs address this scenario. The fast erase clears a drive’s encryption key within a fraction of a second and all NAND flash within a couple of seconds. Sanitization occurs when all blocks of the drive are erased and overwritten with random data as part of a  process that is repeated numerous times. This can take minutes to tens of minutes to complete depending on the number of overwrite operations.

This is best illustrated by considering another hypothetical scenario. An aircraft using a secure SSD is forced to land in a known hostile territory. As the pilot is landing the aircraft, she sees enemy soldiers approaching. She presses the sanitize button which initiates all sanitization protocols. Enemy soldiers detain her for questioning, while others search the aircraft for data storage devices. Once the SSD is found, it is transported to a high-tech analytical lab for data retrieval. The drives power on, but no useful data is found.

Readily Implementing Self-Destruct
In some military scenarios, it may be desirable to render the drive completely nonfunctional. Heat and chemical reactions are known mechanisms to physically destroy the memory cells of an SSD device, but this destruction mechanism can cause collateral damage if, for example, a fire spreads beyond the SSD device.

High-power magnetic exposure can be used to render conventional rotating media nonfunctional. However, this practice is not applicable to NAND flash. Even in the case of conventional rotating drives, such an approach may not be practical for forward-deployed embedded systems.

Non-thermal self-destruct mechanisms are the only way to ensure the safe destruction of the device without risking innocent life and inflicting collateral damage. Sophisticated implementations of non-thermal self-destruct can be readily implemented in state-of-the-art military-grade SSD devices. After a specified number of failed attempts to authenticate, the device can initiate the non-thermal self-destruction process. The device now has no strategic value to both friendly and adversarial forces.

Wrap Up/Conclusion
Challenges when designing truly secure data storage in modern military embedded systems can be solved with both hardware and software solutions. When considering the five S’s: SWaP, Speed, Security, Sanitize, Self-Destruct, no solution provides greater flexibility, reliability, and protection than a military-grade secure SSD.


White Paper: Safeguarding Mission Critical Data with Secure Solid State Drives.[1]


Jennifer Keenan is the Senior Product Marketing Manager for the Microelectronics Secure Solutions group of Mercury Systems in Phoenix, Arizona. She received her Bachelor of Science degree in Marketing from Florida State University in Tallahassee, Florida


Extension Media websites place cookies on your device to give you the best user experience. By using our websites, you agree to placement of these cookies and to our Privacy Policy. Please click here to accept.