Close
0%
0%

Transparently encrypting SD card adapter

An SD card that transparently encrypts data with a public key. Reading the data written requires the private key after a power cycle.

eywdck2leywdck2l
Following
Liked Like project

Just one more thing

To make the experience fit your profile, pick a username and tell us what interests you.

Pick an awesome username
hackaday.io/
Your profile's URL: hackaday.io/username. Max 25 alphanumeric characters.
Pick a few interests
Projects that share your interests
People that share your interests

We found and based on your interests.

Choose more interests.

OK, I'm done! Skip
Public Chat
Similar projects worth following
135 views
0 comments
1 followers
Public Chat
Most of the professional cameras can not encrypt the pictures they take.
So others can take your camera away and see all the pictures in the
card. Thus I am making this SD card adapter. It plugs in to a camera
like a regular SD card.

Here's how I intend the adapter to work. An RSA key pair is created on
a computer. The public key is written to a micro SD card which is then
put into the adapter. The adapter presents itself to a camera as a
regular SD card. When the camera is powered on, the adapter will add a
new image encrypted with AES XTS with a random key. The image key is
stored in the micro SD card encrypted with the public key provided. The
adapter will redirect writes and reads to the image. The image key
stored in registers is lost when power goes off. On the next power up,
the adapter will start a new image. Finally, the micro SD card is taken
out and read by a computer, which decrypts what has been written with
the secret key.

I don't have a prototype yet.  My plan is to use a Xilinx Artix FPGA and
a DRAM.  Why not a cheaper FPGA?  Because I want it to eventually
support SD Express (PCIe 3 with 1GB/s of throughput) without consuming
too much power.  The maximum power of a removable SD card is 1.80W (data
from SD simplified spec v6.00, might change in v7.0).  This adapter
should take a fraction of that.

A DRAM stores the grain mapping.  Encryption and decryption of the disk
image is done in hardware.  A soft CPU is also used for things like
initialization and updating image metadata.  I'm currently using the
Microblaze, but I don't mind switching.

Since I don't have a PCB yet, I am testing my code on a Digilent Arty
S7-50.  The connection is straightforward.  My connection is configured
in the file adapter/adapter.srcs/constrs_1/new/sd_host_if.xdc.  You'll
probably want to change it.  sd_host_if_dat, sd_host_if_cmd, and
sd_host_if_clk connect to the corresponding pins of an USB SD card
reader.  sd_host_if_dat3_pullup is connected to CD/DAT3 through a 47KOhm
resistor.

Some of the challenges to me:

I need a name for this project.

I don't have the latest SD full specification.  But the simplified
specification is badly written besides having some parts omitted.  This
problem is partly mitigated with the MMC specification.

I have to figure out how to fit everything in 2.1mm by 32mm by 24mm.  It
includes an FPGA, a DRAM, the voltage regulator, and a micro SD card
socket.

The adapter should present to the host a formatted disk.  We should also
allow it to present to the host a disk of size as big as the space left
on the micro SD card.  That means running mkfs on the adapter.  It is
possible to run Linux on a MicroBlaze.

I need a way to generate random keys.

Parts I have:

The storage format.  Some parts are still to be figured out.  And my
writing may be bad.

A mostly working AXI lite bus SD device interface.  It supports
generating responses in hardware.  But it only supports the SD bus.  We
also need SPI and UHS-II interfaces and possibly NVMe in the future.

The storage format: https://github.com/eywdck2l/cvtm-format

The code: https://github.com/eywdck2l/adapter-parts

  • Got some HDL code

    eywdck2l01/23/2020 at 01:40 0 comments

    We now have the SD card interface, SD host interface, and XTS-AES IP cores. Hopefully that means only a little more HDL coding is needed for the first prototype.

    The XTS-AES IP core saves keys in SRAM instead of flip-flops to save resources. We need to find out whether it comes with security implications.

  • SD device interface

    eywdck2l06/26/2019 at 22:25 0 comments

    We have a mostly working SD device interface connected to an AXI4 LITE

    bus.  It generates responses on its own.  There will be about 100ms at
    least for the CPU to react to commands that involve the CPU.

View all 2 project logs

Enjoy this project?

Share

Discussions

Similar Projects

2.3k
42
14
Attiny85-based device to enable and disable write-protection on any SD card.
Project Owner Contributor

sdlocker-tiny

NephielNephiel

208
1
2
UD is open standard that uses SD Card form factor but is not bound to SD card specification.
Project Owner Contributor

UD Universal Digital Card

Antti LukatsAntti Lukats

607
5
3
Secure SD to micro-SD Converter
Project Owner Contributor

Vaulty

Antti LukatsAntti Lukats

Does this project spark your interest?

Become a member to follow this project and never miss any updates

Going up?

About Us Contact Hackaday.io Give Feedback Terms of Use Privacy Policy Hackaday API

© 2020 Hackaday

Yes, delete it Cancel

Report project as inappropriate

You are about to report the project "Transparently encrypting SD card adapter", please tell us the reason.

Send message

Your application has been submitted.

Remove Member

Are you sure you want to remove yourself as a member for this project?

Project owner will be notified upon removal.