Protecting Critical Data on Unmanned Underwater Platforms
Emerging mission requirements from global defense forces are driving new programs and applications for Unmanned Underwater Vehicle (UUV) platforms. Like their airborne counterparts, UUVs are ideal for deploying Intelligence, Surveillance and Reconnaissance (ISR) mission payloads. To speed the development of these autonomous vehicles, system designers are turning to small form factor (SFF) Commercial off the Shelf (COTS) technologies previously proven in Unmanned Aerial System (UAS) deployments. These low-power SFF subsystems, including miniature network switches and mission computers, are ideal for use in UUVs for which any additional weight or power consumption can have significant detrimental effects on mission distance and duration. By selecting proven rugged COTS solutions, already tested and qualified to the extreme demands of MIL-STD-810G, MIL-STD-461, MIL-STD-704 and/ or RTCA/DO-160G standards for environmental, power, and EMI compliance, UUV system developers have found that they can greatly accelerate their program integration and reduce overall risk.
Another important concern for UUV platforms is how to protect the critical data that they capture during an ISR mission. To protect sensitive data-at-rest (DAR), size, weight and power (SWaP) optimized COTS solutions, such as Network Attached Storage (NAS) devices that support data encryption, can mitigate the risk of mission data falling into an adversary's hands. Even better, supporting the NAS with Netbooting (NetBoot) techniques, further reduces SWaP by eliminating the need for multiple storage devices and increases data security.
In one recent example, a platform developer defined a common reference system architecture for a new family of Larger Diameter UUVs (LDUUV) using small form factor COTS mission processors, network switches, and NAS line replacement units (LRU). To support the various control, monitoring, and network functions of the UUV platform, the developer specified robust technical requirements for the mission computer and network switch LRUs. The processor systems required low-power multi-core Intel CPU architectures supported with a large number of Ethernet, serial, and digital I/O interfaces, together with a VxWorks realtime operating system (RTOS). The managed Ethernet switches, used to network the computers with onboard sensors and storage devices, required advanced Quality of Service (QoS) traffic prioritization and IEEE-1588 Precision Timing Protocol (PTP) support to enable time stamping with nanosecond accuracy.
For the platform's mission computer and network switch requirements, which needed to be able to meet the program's rigorous technical, cost, and schedule requirements, the UUV developer selected multiple Curtiss-Wright SFF COTS-based systems. The LDUUV's mission computer processing is provided by two Parvus DuraCOR 311 units, one of the smallest rugged mission processors on the market. Network switch functionality is provided by a miniature “pocket-sized” Parvus Du-raNET 20-11 8-port Gigabit Ethernet switch, which weighs a mere half a pound (0.23 kg). The fully managed 10/100/1000Base-T switch provides carrier-grade network management together with IEEE-1588v2 precision timing capabilities. Both the mission computer and network switch were pre-qualified to a very comprehensive range of MIL-STD-810, DO- 160, MIL-STD-704, and MIL-STD-461 tests for extreme environmental and EMI conditions.
To protect the onboard mission data, the platform developer required a NAS device that could encrypt DAR to national standards using Government Off the Shelf (GOTS) Type 1 devices or commercial encryption methods able to meet NSA guidelines. Hosting the Operating System (OS) software for the LDUUV's embedded computers on a NAS server, instead of on local media, would enable the elimination of multiple Direct-Attached Storage (DAS) devices, which delivers the benefits of significantly reducing SWaP and simplifying maintenance and future software upgrades.
The NAS device also needed to support NetBoot of network clients. The combination of encryption and NetBoot would ensure that the runtime software used to boot all of the platform's embedded computers was secure. Without encryption, if the UUV was captured, the deployed software on each module or system could be susceptible to intrusion, potentially enabling it to be reverse-engineered. By using a single NAS server that encrypts all of its data, the likelihood of malicious access is eliminated or greatly reduced. The use of NetBoot can limit the potential points of intrusion to the single point of an encrypted server protected with higher levels of security.
To fulfill the LDUUV's data storage needs, the system developer selected a Data Transport System 3-slot (DTS3) COTS-based rugged NAS file server previously field-proven in mobile vehicles, field ground stations, and aircraft. The NAS features three high-density removable memory cartridges (RMC) that enable data to be quickly off-loaded after a mission. The RMC supports SSD memory and features a 100,000-insertion cycle connector that includes a SATA interface. It enables Ethernet-based mission storage from the mission computer's clients and other devices. Also, because the NAS system supports PXE Booting, a form of NetBOOT, it enables the platform's x86 network clients to boot directly from the NAS instead of needing to boot from each individual LRU.
With PXE Boot, multiple network clients can be centrally managed and updated from a single location. For data security, the NAS appliance uses two separate hardware and software encryption layers, meeting the program's encryption requirements. An AES-256 bit FIPS-certified ASIC encryptor on-board the NAS provides the first layer in the form of hardware full disk encryption, while a FIPS certified AES-256 bit algorithm provides software full disk encryption for the second layer. Because this two-layer encryption approach follows the NSA's guidelines set forth in their DAR Capability Package it was able to meet the LDUUV system designer's DAR security requirements.
These SFF COTS systems delivered the CPU performance needed to support the LDUUV's vehicle control and data processing, along with the fast networking and specialized I/O interfaces needed to support its current ISR mission. By using a modular, open architecture COTS-based design, the system developer “future proofed” the LDUUV's architecture, easing the need for any later integration of expanded mission payloads as more sensors are inevitably integrated onto the platform. Cost-effective processing, networking, and storage LRUs are ideal for unmanned maritime platform use, ensuring that SWaP is reduced as much as possible, missions are optimized and critical data is protected. Use of these types of small, compact subsystems will help enable future deployment of new capabilities by naval forces for a multitude of potential UUV missions.
This article was written by Mike South-worth, Product Manager, Small Form Factor Systems, Curtiss-Wright Defense Solutions (Ashburn, VA). For more information, visit here .