Video Recording, Storage, and Encryption

Blog
April 27, 2022

Video Recording, Storage, and Encryption

Deployed Sensors and Cameras

Modern aircraft are being equipped with an increasing number of sensors. The aircraft range from fixed wing versions like fighters, ISR (intelligence, surveillance, and reconnaissance), transport, and refuelers to rotary wing versions like helicopters. In addition to onboard sensors, many aircraft are also being equipped with external pods that hold additional modular instrumentation under the wing or the fuselage. While many aircraft have an onboard crew, an increasing number are now unmanned.

In addition to radar and other similar sensors, many cameras are now being included in the sensor suite. Whether they're infrared for nighttime operations or traditional daytime cameras, they have higher resolution than ever and continuously stream data (frames). This video is being used by the onboard crew in manned vehicles or by the ground crew in unmanned vehicles. The video is also saved for post-mission analysis.

deployed aircraft, camera, rmc, DTS1, encryption,

Figure 1: Transport of Unclassified RMC

However, cameras and other sensors stream data continuously and at increasing volumes.  Sensor data may be sent directly to single board computers (SBC) or digital signal processors (DSP) for refinement and distribution.  Sensor data may also be stored first in network attached storage (NAS) or direct attached storage (DAS) devices.  Increasingly, NAS devices are being used based on Ethernet protocols.  All data on the aircraft are at increasing to exploitation.  See the Curtiss Wright whitepaper regarding such threats:  Data-At-Rest Encryption Series: Data Threats and Protection White Paper.

For the stored data on aircraft, known as data-at-rest (DAR), there are several problems to solve.  Data storage is one problem which can be solved by adding storage capacity (more or larger disks).  Data speed is another problem which can be solved by faster processors, faster disks, and faster networks.  Data security is another problem which is increasing solved with innovative encryption techniques like that used in the NAS example in Figure 2.  Data format is another problem for system designers.

This blog focuses on the problem of camera data format but also touches on the capacity, speed, and security. 

Capturing Video Streams

Modern aircraft are now deployed with Ethernet networks, which require a NAS device (also called a network file server) to store data. Network clients (including mission computers, sensor management computers, digital signal processors, radars, other sensors, and cameras) can store data on, and retrieve it from, the NAS.  Gigabit Ethernet (1GbE) is very commonly used and supported by NAS devices like the example in Figure 2.

DTS1, NAS device,

Figure 2: Curtiss-Wright DTS1 NAS Example

The high-resolution cameras stream video using Moving Picture Experts Group Transport Stream (MPEG-TS) packets with H.264-encoded video. MPEG-TS is an industry-standard video format for transmitting and storing audio and video data. MPEG-TS is widely used by the military and by commercial broadcasters. MPEG-TS was originally developed for the motion picture industry. H.264, also known as Advanced Video Coding (AVC) or MPEG-4 Part 10, is a video compression standard which reduces the amount of data required to be transmitted.  There is a wide base of industry support for MPEG-TS and H.264.

The Curtiss-Wright Data Transport System 1 slot (DTS1) product shown in Figure 2 is an example of a modern NAS device. The DTS1 is a very small, rugged NAS system currently deployed by numerous United States government entities on manned and unmanned aircraft. The DTS1 protects top secret data with two layers of AES256 encryption prior to storage.  Information regarding the DTS1 can be found in Appendix I and at: DTS1 Data Transport System – NIAP Common Criteria certified, NSA CSfC approved.

In addition to supporting numerous standard network storage protocols (NFS, CIFS, FTP, HTTP, iSCSI), the DTS1 simultaneously accepts multiple real-time protocol (RTP) streams with MPEG-TS packets. It supports a variety of video formats, including 720p30 and 1080p30. The RTP streams can be received on either of the two GbE ports while standard protocols are also being used.  

While the standard network protocols use Transmission Control Protocol (TCP), RTP instead uses User Diagram Protocol (UDP).  TCP is more reliable with guaranteed delivery but is slower.  UDP is less reliable but is faster than TCP.  This speed difference is critical for video streaming via Ethernet.   

In the DTS1, the H.264 compressed video data is processed, translated into files, encrypted (by both hardware and software layers), and stored on a removable memory cartridge (RMC). Both encryption layers are approved by the National Security Agency (NSA) for use in deployed solutions. These layers have been designed and tested to meet the requirements of the NSA's Commercial Solutions for Classified (CSfC)3 program. Appendix II provides a few more details regarding CSfC. 

The video files can also be retrieved for playback while being stored using Windows applications like VLC.

The DTS1 has room for one RMC. After encryption, the video data is stored on the RMC, which has a capacity of up to 8 TB. The RMC can then be removed from the DTS1 in the aircraft and transported safely back to a base or ground station for post-mission analysis, as shown in Figure 3.

The RMC is considered unclassified after being removed and while unpowered during transport. This is important for deployed vehicles, where classified data must be transported to and from the vehicle, as in Figure 2.

It is important to note that the RMC has no encryption mechanisms2 and has no power source other than the DTS1. The two commercial encryption layers reside in the DTS1 only. Two separate layers of AES256-bit encryption have encrypted the data residing on the RMC.

Once the RMC is at the ground station, it is plugged into another DTS1. The H.264 video files are then decrypted and become available to network clients for analysis.

Summary

High-definition video streams can now be captured by a rugged NAS that is also being used as a standard file server. Critically for deployed applications, the video files are protected with NSA-approved encryption up to and including top-secret level.

With 8 TB of storage capacity in the DTS1, many video files can be stored and safely transported from the deployed aircraft to the base station, where they can be analyzed.

Appendix I: DTS1 Encryption Details

The DTS1 as seen in Figure 2 includes two certified layers of commercial encryption to protect data-at-rest (DAR). The outer encryption layer is hardware full disk encryption (HWFDE), and the inner layer is software full disk encryption (SWFDE).

After the data is encrypted by two layers of AES256-bit encryption, the data is stored on a solid-state drive housed inside a specially designed RMC. The RMC comes in various capacities, up to 8 TB. The RMC can even be removed while the DTS1 still has power applied. This capability is known as "hot-swapping," which is important so that the deployed vehicle does not have to be powered down. Before removing the RMC, the operator opens the latched door and then presses a button on the front of the RMC. This button initiates a shutdown procedure stopping data flow to that RMC so that data does not become corrupted. When the LED indicators on the RMC light up in a proper sequence, the RMC is ready to be removed for transport. A new, fresh RMC may be inserted at that time.

The RMC is considered unclassified when removed from the DTS1 and safely transported from the aircraft to the ground station.

Appendix II: CSfC Details

Commercial Solutions for Classified (CSfC)3 is essential for the NSA strategy to deliver secure cybersecurity solutions. The CSfC program leverages commercial encryption technologies and products to provide much-needed cybersecurity solutions quickly. Commercial encryption technologies are employed in many technologies today, such as automobiles, mobile phones, tablets, and home security systems.

To achieve mission objectives, U.S. Government (USG) customers increasingly require immediate use of the market's most modern commercial hardware and software technologies within National Security Systems (NSS). Consequently, the National Security Agency/Central Security Service (NSA/CSS) has developed ways to leverage emerging technologies to deliver more timely cybersecurity solutions for rapidly evolving customer requirements.

The CSfC program was established to protect classified NSS data with commercial products in layered solutions. Solutions handling Top Secret/Sensitive Compartmentalized Information (TS/SCI) have been approved. CSfC provides efficiency and security. Efficiency through the ability to securely communicate based on commercial standards and security through an NSA-managed program that offers a solution that can be fielded in months, not years.

For more details regarding the CSfC program, reference the Curtiss-Wright white paper "DAR Series Part 2: Commercial Solutions for Classified (CSfC)."

1  Choosing the Best Location for Your Data-At-Rest Encryption Technology

2 Commercial Solutions for Classified Program (CSfC)

Paul Davis

Paul Davis

Director, Product Management

Paul Davis began his career for Curtiss-Wright as a Research Manager for the Dayton, OH facility in 1997. Paul has held positions including Director of Engineering managing a staff of 40+ engineers, managers, technicians, and co-op students; Product Manager for the switches, recorders, and various board-level products; and then Director of Product Management. Now retired, Paul worked in engineering and engineering management positions for 19 years.

Protecting critical data-at-rest (DAR) from unauthorized access

The choice of encryption location can determine how difficult it is for adversaries to decrypt sensitive data and use it to their advantage.