AESecureIO: Embedded Data Encryption and Decryption System

-

What is AESecureIO?


AESecureIO is an embedded system application developed on an STM32F401RET6 Nucleo-64 Development Board. It encrypts user-input data using AES-128 in Cipher Block Chain (CBC) Mode and stores it securely on an SD Card using the SDIO Interface. The application also supports the retrieval and decryption of data from the SD Card.












This device utilizes the STM32F401 Microcontroller's SDIO (Secure Digital Input/Output) interface and the USART (Universal Synchronous/Asynchronous Receiver/Transmitter) peripheral. The SDIO interface manages data transfer between the microcontroller and the SD Card, while the USART peripheral enables data input and output through a serial monitor, such as PuTTY.

The advantage of this device lies in the centralized approach to data encryption and decryption. By using a single point of encryption and decryption with a predefined 128-bit key, the device ensures that data retrieval can only be performed through it. This method grants the user exclusive ownership and access to the stored data, enhancing its security.

Application Features

Why AES in CBC Mode?


AES (Advanced Encryption Standard) is a symmetric encryption algorithm. AES-128 specifically uses a 128-bit (or, 16 byte) key for encryption. In Cipher Block Chaining (CBC) mode, each plaintext block is XORed with the previous ciphertext block before encryption. This ensures that even if two plaintext blocks are identical, the corresponding ciphertext blocks will be different.

Why not SPI over SDIO?


SDIO supports features like multiple data lines (4-bit or 8-bit), and hence offers faster data transfer rates compared to SPI. SD Cards are designed to work with the SDIO protocol, so using SDIO ensures better compatibility with SD Cards compared to using SPI. SDIO provides more room for future expansion and upgrades, supporting features like SDXC and UHS modes.

Working of AESecureIO

Flow of Execution

This flowchart illustrates the sequence of operations in the application triggered by the user pressing the Menu Button.


The user can choose to either Encrypt and Write Data to the SD Card or Read and Decrypt Data from the SD Card.

Encrypt and Write Data to SD Card

  • The user enters data into the serial terminal (up to 512 bytes).
  • Once the data is fully received, it is fed into the AES_Encryption function in 16-byte blocks.
  • After each block is encrypted, it is stored in a buffer awaiting transfer to the SD Card.
  • When all blocks are encrypted and stored in the buffer, they are transferred to the SD Card using the SDIO_SingleBlockWrite() function.

Read and Decrypt Data from SD Card

  • The application reads data from the SD Card using the SDIO_SingleBlockRead() function, in 512-byte blocks.
  • Once a 512-byte buffer is filled, it is fed into the AES_Decryption function in 16-byte blocks.
  • After each block is decrypted, it is stored in a buffer awaiting transfer to the Serial Monitor.
  • When all blocks are decrypted, they are transferred to the Serial Monitor.
  • This process repeats until the SD Card is empty.

Firmware Development


TinyAES Library
This is a small and portable implementation of the AES ECB, CTR, and CBC encryption algorithms written in C.


SDIO Library
Implementation of the SDIO Peripheral on an STM32F4 microcontroller built on STM32F401xE CMSIS Driver

Popular posts from this blog

Cifradopro: A baremetal Hardware Security Module using the STM32L4S5 Cortex-M4 MCU

-
Image
What is CifradoPro? Cifradopro is a baremetal Hardware Security Module based on the STM32L4S5ZI microcontroller. It is capable of generating Random Keys in various sizes, Encrypting plaintext, and Decrypting ciphertext using the Advanced Encryption Standard. Additionally, it can create One-Time Pads of different lengths and generate a Hash of input data using the Secure Hashing Algorithm. The module can store the generated cryptographic keys in an external memory device. As a safeguard against physical tampering, the device is designed to erase the contents of the external memory if the enclosure is breached. The device leverages the Random Number Generator , AES Hardware Accelerator , and HASH Processor of the STM32L4S5ZI for cryptographic operations. It employs the built-in UART peripheral for device control via a serial terminal application such as PuTTY. The external memory, a  256kBit EEPROM from Microchip , is interfaced using the STM32L4's onboard I2C Peripheral. A GPIO pin
Read more

SignGlove: Bridging the Communication Gap for Paralyzed Patients

-
Image
SignGlove What is SignGlove ??? SignGlove is an innovative wearable glove designed to bridge the communication gap for paralyzed patients, enabling them to express their wants and needs through hand signals. It enables caretakers to understand and respond to the needs of individuals with limited mobility.  Over a Wi-Fi network, SignGlove allows users to transmit their hand signals directly to a caregiver's device. One of the key features of SignGlove is its configurability, which allows it to adapt to each user's unique abilities and hand gestures. By customizing the device to match the specific range of motions and signals that a user can comfortably make, SignGlove ensures a highly personalized and tailored communication experience.  With SignGlove, paralyzed patients no longer rely solely on non-verbal cues or guesswork to convey their needs. The SignGlove concept ...... The concept of SignGlove was inspired by the work of Navid Azodi and Thomas Pryor from the Univer
Read more

Capturing images using the Digital Camera Interface | STM32L4 | DCMI | CMSIS

-
Image
Digital Camera Interface The DCMI (Digital Camera Interface) is a synchronous parallel interface designed to receive a high-speed data stream from an external CMOS camera module. It offers compatibility with 8-bit, 10-bit, 12-bit, or 14-bit camera modules.  The DCMI peripheral supports Embedded Line and Frame synchronization methods in addition to the Hardware Synchronisation from the CMOS Camera Module. It has two operating mode, namely Continuous or Snapshot mode. Additionally, it offers a crop feature and supports various data formats, including 8/10/12/14-bit progressive video (Monochrome or Raw Bayer), YCbCr 4:2:2 Progressive Video, RGB 565 Progressive Video, and Compressed Data in JPEG format.   For more information on the DCMI peripheral, read the Training material for DCMI on STM32L4 from STMicroelectronics . DCMI Registers The DCMI peripheral has Control and Status registers for the DCMI Core and Interrupts. It also has a few registers for handling Data synchronization, Croppi
Read more