AESecureIO: Embedded Data Encryption and Decryption System
What is AESecureIO?
AESecureIO is an embedded system application developed on an STM32F401RET6 Nucleo-64 Development Board. It encrypts user-input data using AES-128 in Cipher Block Chain (CBC) Mode and stores it securely on an SD Card using the SDIO Interface. The application also supports the retrieval and decryption of data from the SD Card.
This device utilizes the STM32F401 Microcontroller's SDIO (Secure Digital Input/Output) interface and the USART (Universal Synchronous/Asynchronous Receiver/Transmitter) peripheral. The SDIO interface manages data transfer between the microcontroller and the SD Card, while the USART peripheral enables data input and output through a serial monitor, such as PuTTY.
The advantage of this device lies in the centralized approach to data encryption and decryption. By using a single point of encryption and decryption with a predefined 128-bit key, the device ensures that data retrieval can only be performed through it. This method grants the user exclusive ownership and access to the stored data, enhancing its security.
Application Features
Why AES in CBC Mode?
AES (Advanced Encryption Standard) is a symmetric encryption algorithm. AES-128 specifically uses a 128-bit (or, 16 byte) key for encryption. In Cipher Block Chaining (CBC) mode, each plaintext block is XORed with the previous ciphertext block before encryption. This ensures that even if two plaintext blocks are identical, the corresponding ciphertext blocks will be different.
Why not SPI over SDIO?
SDIO supports features like multiple data lines (4-bit or 8-bit), and hence offers faster data transfer rates compared to SPI. SD Cards are designed to work with the SDIO protocol, so using SDIO ensures better compatibility with SD Cards compared to using SPI. SDIO provides more room for future expansion and upgrades, supporting features like SDXC and UHS modes.
Working of AESecureIO
Flow of Execution
This flowchart illustrates the sequence of operations in the application triggered by the user pressing the Menu Button.
The user can choose to either Encrypt and Write Data to the SD Card or Read and Decrypt Data from the SD Card.
Encrypt and Write Data to SD Card
- The user enters data into the serial terminal (up to 512 bytes).
- Once the data is fully received, it is fed into the AES_Encryption function in 16-byte blocks.
- After each block is encrypted, it is stored in a buffer awaiting transfer to the SD Card.
- When all blocks are encrypted and stored in the buffer, they are transferred to the SD Card using the SDIO_SingleBlockWrite() function.
Read and Decrypt Data from SD Card
- The application reads data from the SD Card using the SDIO_SingleBlockRead() function, in 512-byte blocks.
- Once a 512-byte buffer is filled, it is fed into the AES_Decryption function in 16-byte blocks.
- After each block is decrypted, it is stored in a buffer awaiting transfer to the Serial Monitor.
- When all blocks are decrypted, they are transferred to the Serial Monitor.
- This process repeats until the SD Card is empty.
Firmware Development
TinyAES Library
This is a small and portable implementation of the AES ECB, CTR, and CBC encryption algorithms written in C.
SDIO Library
Implementation of the SDIO Peripheral on an STM32F4 microcontroller built on STM32F401xE CMSIS Driver