Transparently encrypting SD card adapter

An SD card that transparently encrypts data with a public key. Reading the data written requires the private key after a power cycle.

Public Chat
Similar projects worth following
Most of the professional cameras can not encrypt the pictures they take.
So others can take your camera away and see all the pictures in the
card. Thus I am making this SD card adapter. It plugs in to a camera
like a regular SD card.

Here's how I intend the adapter to work. An RSA key pair is created on
a computer. The public key is written to a micro SD card which is then
put into the adapter. The adapter presents itself to a camera as a
regular SD card. When the camera is powered on, the adapter will add a
new image encrypted with AES XTS with a random key. The image key is
stored in the micro SD card encrypted with the public key provided. The
adapter will redirect writes and reads to the image. The image key
stored in registers is lost when power goes off. On the next power up,
the adapter will start a new image. Finally, the micro SD card is taken
out and read by a computer, which decrypts what has been written with
the secret key.

I don't have a prototype yet.  My plan is to use a Xilinx Artix FPGA and
a DRAM.  Why not a cheaper FPGA?  Because I want it to eventually
support SD Express (PCIe 3 with 1GB/s of throughput) without consuming
too much power.  The maximum power of a removable SD card is 1.80W (data
from SD simplified spec v6.00, might change in v7.0).  This adapter
should take a fraction of that.

A DRAM stores the grain mapping.  Encryption and decryption of the disk
image is done in hardware.  A soft CPU is also used for things like
initialization and updating image metadata.  I'm currently using the
Microblaze, but I don't mind switching.

Since I don't have a PCB yet, I am testing my code on a Digilent Arty
S7-50.  The connection is straightforward.  My connection is configured
in the file adapter/adapter.srcs/constrs_1/new/sd_host_if.xdc.  You'll
probably want to change it.  sd_host_if_dat, sd_host_if_cmd, and
sd_host_if_clk connect to the corresponding pins of an USB SD card
reader.  sd_host_if_dat3_pullup is connected to CD/DAT3 through a 47KOhm

Some of the challenges to me:

I need a name for this project.

I don't have the latest SD full specification.  But the simplified
specification is badly written besides having some parts omitted.  This
problem is partly mitigated with the MMC specification.

I have to figure out how to fit everything in 2.1mm by 32mm by 24mm.  It
includes an FPGA, a DRAM, the voltage regulator, and a micro SD card

The adapter should present to the host a formatted disk.  We should also
allow it to present to the host a disk of size as big as the space left
on the micro SD card.  That means running mkfs on the adapter.  It is
possible to run Linux on a MicroBlaze.

I need a way to generate random keys.

Parts I have:

The storage format.  Some parts are still to be figured out.  And my
writing may be bad.

A mostly working AXI lite bus SD device interface.  It supports
generating responses in hardware.  But it only supports the SD bus.  We
also need SPI and UHS-II interfaces and possibly NVMe in the future.

The storage format:

The code:

  • Got some HDL code

    eywdck2l01/23/2020 at 01:40 0 comments

    We now have the SD card interface, SD host interface, and XTS-AES IP cores. Hopefully that means only a little more HDL coding is needed for the first prototype.

    The XTS-AES IP core saves keys in SRAM instead of flip-flops to save resources. We need to find out whether it comes with security implications.

  • SD device interface

    eywdck2l06/26/2019 at 22:25 0 comments

    We have a mostly working SD device interface connected to an AXI4 LITE

    bus.  It generates responses on its own.  There will be about 100ms at
    least for the CPU to react to commands that involve the CPU.

View all 2 project logs

Enjoy this project?



Similar Projects

Does this project spark your interest?

Become a member to follow this project and never miss any updates