Securing Telemetry Data with Commercial Encryption Standards
Data privacy is an increasing concern for everyone, and securing data can be complex for both those attempting to implement security systems and the end-users. Recent attacks, such as the Solarwinds hack that targeted business, education, and government organizations, or the Facebook data breach that led to the leaking of half a billion users’ data, have highlighted how everyone is a target. These attacks are not just led by curious hackers or criminals, but also by state actors. Military organizations are susceptible to having a system hacked or losing data due to the criticality of the systems or data for national defense.
Data privacy is not a new concept and has been around for as long as there has been competition between countries and between private companies in protecting some recipe, secret, or intellectual property. This is certainly true for commercial aerospace organizations where stolen aircraft development data could lose a competitive advantage, or intercepted communications could compromise passenger privacy or safety.
As the world realizes that all of our data is at risk of being exploited, organizations are under pressure to protect it, no matter the classification. However, this can be expensive and time-consuming, or limit foreign military sales, depending on the approach. Often, the most rigorous encryption scheme, such as the National Security Agency (NSA) Suite A cryptography, is not necessary, may be chosen due to uncertainties about other solutions. This paper describes strategies for encrypting data at rest and in motion, with a particular emphasis on encrypting telemetry data for applications such as flight tests.