Retrofitting Secure Storage

Retrofitting Secure Storage

April 20, 2018
Swissbit’s data-protection technology allows SD cards to provide features like encrypted, write-only operations.

Protecting data from corruption, attack, and errors can be done using simple storage managed by software that takes these issues into account and incorporates features and methodologies to mitigate these problems. Sometimes these features are included in hardware, such as self-encrypting drives (SEDs) that encrypt and decrypt data once the drive is unlocked. Unfortunately, SEDs need additional, albeit minimal, software interaction to operate.

Swissbit’s line of flash storage devices incorporates a number of useful security and reliability features, including the industrial data-protection (DP) edition (see figure). The DP edition implements these features by putting a secure microcontroller between the host and storage. As a result, different features can be utilized by an application, often without requiring software modification.

For example, the CD-ROM-style write-once read-many (WORM) operation allows an application to append new data, but not modify existing information. In turn, a DP SD card can be utilized by a system that already writes its data or log to an SD card, but it now becomes impossible to change what was written. This assumes the application doesn’t need to update anything, such as a directory entry.

Swissbit’s data-protection technology adds smart, secure storage management that can be transparent to existing applications.

A more advanced methodology can take advantage of the AES encryption support that can encrypt the data as it’s written. A key and software to enable decryption can be used on another system when the SD card is moved to it, allowing the data to be examined. Such capability is useful in many accounting applications from voting machines to cash registers. Again, the software creating the log must not need to examine it, although it could read and transmit the encrypted data that could then be decrypted.

Swissbit’s solution is configurable and supports additional features like PIN-protected storage and its own nonvolatile RAM (NVRAM) secure storage for keys. The approach used by the company can support features like secure update, since it’s able to authenticate information written to its storage and only allow authenticated data to be utilized. This requires configuring the storage media and providing encrypted data, but it can be done transparently to the application using the storage device.

Developers can take advantage of Swissbit’s products, though the idea of providing an intelligent front end to storage isn’t new. However, that task does tend to be overlooked.

Protection of serial nonvolatile storage is available from other vendors as well. Macronix has a password-protected SPI flash memory—protected blocks can only be written using the proper password. This allows secure-boot features to be incorporated into a system that boots from SPI storage.

By swapping an existing SPI or I2C memory device for a secure device like Microchip’s CryptoMemory, it’s possible to modify an application so that it can take advantage of the chip’s secure storage and authentication/encryption hardware. It’s not as transparent as some of the earlier approaches, but can be incorporated often with minimal software modification.

Another option is to replace a serial flash storage device with a microcontroller. This is a bit more complex and overkill for many applications, but it’s one way to retrofit custom security support similar functions found in Swissbit’s solution. It may also offer other possibilities in terms of providing custom functionality.

About the Author

William G. Wong | Senior Content Director - Electronic Design and Microwaves & RF

I am Editor of Electronic Design focusing on embedded, software, and systems. As Senior Content Director, I also manage Microwaves & RF and I work with a great team of editors to provide engineers, programmers, developers and technical managers with interesting and useful articles and videos on a regular basis. Check out our free newsletters to see the latest content.

You can send press releases for new products for possible coverage on the website. I am also interested in receiving contributed articles for publishing on our website. Use our template and send to me along with a signed release form. 

Check out my blog, AltEmbedded on Electronic Design, as well as his latest articles on this site that are listed below. 

You can visit my social media via these links:

I earned a Bachelor of Electrical Engineering at the Georgia Institute of Technology and a Masters in Computer Science from Rutgers University. I still do a bit of programming using everything from C and C++ to Rust and Ada/SPARK. I do a bit of PHP programming for Drupal websites. I have posted a few Drupal modules.  

I still get a hand on software and electronic hardware. Some of this can be found on our Kit Close-Up video series. You can also see me on many of our TechXchange Talk videos. I am interested in a range of projects from robotics to artificial intelligence. 

Sponsored Recommendations

Comments

To join the conversation, and become an exclusive member of Electronic Design, create an account today!