Partitioning with Software Full Disk Encryption

October 01, 2018 | BY: Paul Davis

Download PDF

Most modern unmanned vehicles, ISR aircraft and mobile ground vehicles are built around a network-centric architecture that enables connected storage (NAS) to communicate with multiple systems and:

  • Provide mission maps
  • Collect mission data during the mission
  • Provide boot files to network clients (see whitepaper) upon startup using PXE protocol
  • Collect or record Ethernet traffic using PCAP
  • Act as an iSCSI target for iSCSI initiators on the network

This NAS data is often of a sensitive nature and requires AES-256 encryption while keeping the data and files separate with different access rights.  This is achievable by setting up separate partitions for each function and then applying software full disk encryption (SWFDE) to each partition.  Curtiss-Wright has developed a clever approach to ensuring the data on the DTS1 is protected with AES-256 encryption while maintaining the devices separate files and functionality, uniquely accessible by different personas.

DTS1: 1-slot Rugged Network Attached File Server

DTS1: 1-slot Rugged Network Attached File Server

With a removable solid state drive (SSD) drive of up to 4 TB, the DTS1 provides enough storage for data intensive IRS applications.  All data going to the SSD is encrypted with in-line FIPS certified encryption using AES-256, with additional support for software encryption using Linux operating system and the Linux Unified Keying System (LUKS) feature, provided.  After logging in and authentication, the administrator can set up different partitions on the SSD. Then a  LUKS container with a unique passphrase is applied to each unique partition.  This enables the system architect to set up different partitions with their own SWFDE, thus controlling access.

An example of such a partition is show in Table 1

Partition Partition/
1 Mission data ‘mission_data_123’ NFS
2 Boot files for clients ‘boot_files_789’ PXE
3 iSCSI target ‘iscsi_target_462’ iSCSI
4 Ethernet packet capture for Ethernet port 1 ‘eth_port_1’ PCAP


This approach enables the use of a single device for multiple functions but still providing access control:

  • Network attached storage during the mission
    • Clients can save data on DTS1 in files
    • Large mission maps can be accessed when needed during the mission
  • Netbooting of clients
    • Upon startup, clients with local disks identify themselves and receive boot files
  • Serving as an iSCSI target drive
    • iSCSI initiators can control block data access of data on iSCSI partition
  • Capture of all Ethernet traffic
    • Troubleshoot problems
    • Look for anomalies

This approach to protecting each partition with AES-256 encryption ensures each person has different passphrase and cannot access partitions they don’t have the passphrase for, providing a separation of responsibilities and additional security. The DTS1 provides this encryption partitioning as well as hardware encryption, ensuring sensitive data is secure and only accessible by the right people.    

Read our white paper, “COTS Encryption for Data-at-Rest”, or read "Getting Up to Speed on NSA-approved Two-layer Commercial Encryption" to learn more about COTS data at rest encryption.

Author’s Biography

Paul Davis

Director, Product Management - Data Solutions

Paul Davis began his career for Curtiss-Wright as a Research Manager for the Dayton, OH facility in 1997. Paul has held positions including: Director of Engineering managing a staff of 40+ engineers, managers, technicians, and co-op students; Product Manager for the switches, recorders, and various board level products; and now Director of Product Management. Prior to joining Curtiss-Wright, Paul worked in engineering and engineering management positions for 19 years.

Share This Article

  • Share on Linkedin
  • Share on Twitter
  • Share on Facebook
  • Share on Google+
Want to add a comment? Please login
Connect With Curtiss-Wright Connect With Curtiss-Wright Connect With Curtiss-Wright


Contact our sales team today to learn more about our products and services.





Our support team can help answer your questions - contact us today.