MDR Cyber Security Features
Be it a commercially sensitive or militarily aerospace development, the increasing threat of cyber-attacks in recent years has turned minds to protecting the data recorded and telemetered during flight test programs. For those addressing this threat, the Heim MDR flight test data recorder now supports key cyber security features such as Data At Rest Protection (DARP) and Data In Motion Protection (DIMP).
Data At Rest Protection (DARP)
Flight test data captured by the MDR recorder can be securely stored on either the RSM 500-S or RSM 4000-S rugged storage modules. Within these storage modules a FIPS-197 certified hardware-based AES-256 XTS encryption engine will encrypt data onto a FIPS-140-2 level 2 validated SSD.
The encrypted storage module, a Self Encrypted Device (SED), may be read on a GMDR ground recorder, or direct to a PC using USB Docking Station, Heim model DSU3-S.
To permit this, an administrator, typically called the Security Domain Administrator (SDA) will …
• Create a security domain and Domain Key Encryption Key (DKEK) on a PC.
• Enrol each device; i.e. MDR, GMDR or PC workstations, into the security domain using the shared Domain Key Encryption Key (DKEK).
• Protect the installed storage using a unique SED Access Key (SAK) which can be downloaded and shared as appropriate ready for decryption on other devices in the domain.
Advanced Encryption Standard (AES)
Seeking to replace Data Encryption Standard (DES) of 1977, the U.S. National Institute of Standards and Technology (NIST) established the Advanced Encryption Standard (AES) in 2001.
AES encryption works on blocks of 128 bits using a symmetrical key algorithm that may be one of three different key lengths; 128, 192, and 256 bits. This symmetrical key allows the same key to be used for both encryption and decryption of the data.
Whilst a key length of 128 bits is sufficient to protect classified information, and 192 or 256 bits Top Secret information, 256 bits as used in AES-256, is now the most frequently used method of encryption.
Data In Motion Protection (DIMP)
Flight test data captured by the MDR recorder can be simultaneously and securely telemetered using the MC10TAS, MTVEE-TMBB-SBAA, or MTVME-TM7B-SBAA cyber secure telemetry modules. These also encrypt telemetry data using the AES-256 algorithm but this time with the addition of Galois Counter Mode (GCM), hence AES-GCM-256. AES-GCM provides high speed encryption and data integrity for communication systems such as telemetry.
At the telemetry ground station a GMDR fitted with a MTVME-RGPG-SBAA cyber secure telemetry downlink module can decrypt the IRIG 106 Chapter 7 and output PCM for playback or broadcast over UDP.
Implementation of Data In Motion Protection by the Security Domain Administrator (SDA) is similar to that of securing the Data At Rest with the exception that a Telemetry Cipher Key List (TCKL) is created instead of the SED Access Key.
A Telemetry Cipher Key List (TCKL) may store up to 16 keys for PCM encryption. Each of the telemetered PCM channels may use one of the 16 keys.
For further information please contact our sales department.