Leveraging High-Speed NVMe Storage for CSfC Encrypted Data-at-Rest

Leveraging High-Speed NVMe Storage for CSfC Encrypted Data-at-Rest

Published in Military Embedded Systems
Written by Steven Petric

Today’s advanced military intelligence, surveillance, and reconnaissance (ISR) platforms generate large amounts of highly sensitive data that must be captured and securely stored without impacting performance. System designers must ensure that data-capture systems can handle large amounts of data in as close to real time without interruption or bottlenecks that might otherwise affect performance. When this critical data is stored, it’s considered data-at-rest (DAR).

DAR can be threatened from different vectors, some internal and some external. For example, in deployed DAR applications (e.g., manned and unmanned vehicles), platforms may be lost during a mission. DAR can also be lost during transport from a deployed vehicle while it travels back and forth to the ground station. Once mission data has been safely downloaded and stored on a network, it is still at risk from malicious actors. To protect ISR DAR from falling into adversarial hands when unattended – in other words, not guarded by an armed soldier – that very important data must be properly and securely encrypted.


One way to take optimal advantage of the increased performance of the NVMe storage devices is to use an NVMe-based in-line hardware encryptor, a physical device that sits between the data source and the NVMe storage destination, so it can encrypt incoming data at near line-rate without adding burdensome overhead. The NVMe protocol can deliver transmission and storage performance improvements of nearly 50% over SATA (bus)-based alternatives.

An example of a high-speed, high-capacity NAS device is a new variant of the Curtiss-Wright HSR10, a high-speed, high-capacity NAS device that features the industry’s first NVMe in-line hardware full disk encryptor. The compact rugged unit’s dual 10 Gigabit Ethernet interfaces eliminate data bottlenecks on sensor-rich platforms while supporting two-layers of encryption to protect up to 32 Tbytes of critical data. The NVMe in-line hardware encryptor provides a path to NSA CSfC Components List approval. Because the HSR10’s hardware encryption technology is NVMe-based, the unit provides near line-rate data throughput, which is significantly faster than SATA-based alternatives.

Read the full article.