Using Software Full Disk Encryption and Disk Partitioning to Protect and Isolate Network Attached Storage Functions
Unmanned vehicles are ideal for intelligence, surveillance, and reconnaissance (ISR) missions due to the amount of data a vehicle can gather without the risk to human life. As they are increasingly being used to gather large amounts of different types of data, the need for data storage versatility and data security rises. However, the risk of data loss or corruption grows as the number of systems using different protocols connecting to the device rises. Additionally, as the use of unmanned vehicles for deployed applications increases, so does the risk of highly sensitive data being lost or captured in hostile territory. Through disk partitioning and commercial off-the-shelf (COTS) data-at-rest (DAR) encryption, this paper proposes a solution that reduces the risk of data loss, corruption, and accessibility if intercepted.
Most modern unmanned vehicles, ISR aircraft, and ground vehicles are built around a network-centric architecture that facilitates communication between the onboard, connected, network-attached storage (NAS), and other onboard systems. This Ethernet-based communication enables the NAS to do more than just collect data; for example, the networked architecture enables the device to serve files, such as mission maps, mission plans, or boot files, to any network client. By supporting a number of industry-standard protocols such as file serving (NFS, CIFS, FTP, HTTP), block (iSCSI), recording (PCAP), and boot (PXE, DHCP), a modern NAS can provide a range of functionality beyond simple storage, but this added functionality increases the risk of data loss or corruption. To meet the challenging needs of today's platforms, NAS systems must provide robust, reliable data storage with minimal loss or corruption, in addition, to secure encryption, preventing access in the event of system loss or capture.
Login and download the white paper to learn more.
- Network-attached storage
- NAS protocols
- Block data – iSCSI
- Packet Capture (PCAP)
- Disk partitioning
- Full disk encryption