NeuroAgent

Asymmetric Encryption for SD Cards in Real-Time

Exploration of existing SD cards with hardware-based asymmetric file encryption in real-time. Technical feasibility, market analysis, and alternative solutions for data protection.

#asymmetric-encryption#dash-cameras#data-protection#device-security#hardware-encryption#real-time-encryption#sd-cards-encryption
Question

Are there SD cards with hardware asymmetric encryption of specific files on-the-fly?

I read an article about SD cards with a secret and started wondering about the existence of SD cards with built-in asymmetric encryption. The following use case scenario comes to mind:

  1. A configuration file is placed in the root directory, which specifies directory paths and file masks (for example, *.jpg or *.mp4).
  2. Next to the configuration file, a public key is placed.
  3. The SD card controller, when formatted as NTFS or (ex)FAT, monitors write requests for files.
  4. If a file matches the requirements from the configuration, it is encrypted on-the-fly using the public key.
  5. All other read and write operations are performed without changes.

Such an approach could be useful for dashcams, cameras, and other devices where it’s important to protect data in case of device theft.

Questions:

  • Do such SD cards already exist on the market?
  • If not, is it technically possible to create such cards?
  • Do you see demand for such devices?
NeuroAgent

SD cards with hardware asymmetric encryption of specific files on the fly in the format you described exist extremely limited. Most available market solutions use hardware symmetric encryption (AES-256), not asymmetric. However, the technical implementation of such a scenario is possible, as proven by experimental projects.

Table of Contents

Current Market Status of Encrypted SD Cards

On the current market, most commercial SD cards with hardware encryption use symmetric algorithms, primarily AES-256. For example:

  • ATP SecurStor: Uses hardware AES-256 XTS engine to encrypt all content on the card during writing source
  • Flexxon AES Secure SD: Automatically encrypts data during writing with 256-bit AES source
  • DataShur SD: Offers FIPS PUB 197 AES 256-bit encryption standard source

It’s important to note that these solutions encrypt the entire volume of the card, not selected files by masks, and use symmetric keys.

Asymmetric encryption in commercial SD cards is virtually nonexistent. Exceptions are some experimental projects and specialized solutions, but they don’t implement functionality for selecting files to encrypt.

Technical Feasibility of Asymmetric Encryption

Technically implementing the scenario you described is possible, as evidenced by several research projects:

1. Transparent Encryption Adapters

A project on Hackaday.io demonstrates creating an SD card adapter that:

  • Creates an RSA key pair on a computer
  • Writes the public key to a microSD card
  • Encrypts data on the fly during writing via the public key
  • Requires a private key for decryption

“RSA key pair is created on a computer. The public key is written to a micro SD card which is then put into the adapter” source

2. Cryptopuck System

The Cryptopuck solution uses:

  • Asymmetric encryption to protect data
  • On-the-fly encryption during writing
  • No possibility of decryption without a private key

“It uses public key cryptography, so even if the Cryptopuck falls into the wrong hands, it is unable to decrypt the files” source

3. Technical Requirements

To implement your scenario, you would need:

  • An SD card controller supporting hybrid encryption
  • A system for parsing configuration files
  • A mechanism for filtering files by masks
  • Integration with NTFS/exFAT file systems

Market Demand Analysis for Such Devices

There is demand for specialized SD cards with selective asymmetric encryption in certain niches:

Target Segments:

  1. Video Recorders and Surveillance Cameras

    • Protection of video recordings in case of device theft
    • Encryption of only media files (*.mp4, *.jpg)

  2. Industrial IoT Devices

    • Protection of confidential sensor data
    • Filtering by file types

  3. Medical Devices

    • Encryption of only sensitive data
    • Compliance with HIPAA/GDPR requirements

Potential Advantages:

  • Enhanced Security: Only target files are encrypted, others are accessible without keys
  • Flexibility: Configuration via text file
  • Compatibility: Works with existing file systems

Demand Limitations:

  • High development costs
  • Complexity of supporting different file systems
  • Competition with cloud encryption
  • Need for certification for corporate use

Problems and Limitations

The implementation of such a solution faces several technical and commercial difficulties:

Technical Limitations:

  1. Performance: Asymmetric encryption is significantly slower than symmetric

    “Would the constant asymmetric crypto be too much work for the poor little IoT camera to handle?” source

  2. File System Compatibility: Requires deep integration with NTFS/exFAT

  3. Key Management: Secure storage of private keys on the device

  4. Backward Compatibility: Working with older devices without encryption support

Commercial Barriers:

  • High R&D costs
  • Difficulty obtaining certifications (FIPS, Common Criteria)
  • Competition with software encryption solutions
  • Limited market size

Alternative Solutions

Instead of specialized SD cards, you can consider the following alternatives:

1. OS-Level Software Encryption

  • Android: Built-in SD card encryption through “Use as internal storage”

    “If you want to encrypt the SD card, it’s simple as well- just plug it in and choose to ‘Use as Internal Storage’ and android will encrypt everything in it automatically” source

  • Windows BitLocker: Encryption via TPM

    “With BitLocker the TPM on your laptop itself stores the decryption keys” source

2. External Encryption Devices

  • USB Adapters: Cryptopuck and similar solutions
  • Hardware Modules: Devices like DataShur SD

3. Hybrid Approaches

  • Encryption of only confidential files at the application level
  • Use of symmetric encryption for performance
  • Asymmetric encryption only for key transmission

Conclusion

  1. Market Availability: Commercial SD cards with selective asymmetric encryption on the fly are virtually nonexistent. Main solutions use AES-256 for the entire card volume.

  2. Technical Feasibility: Implementation is technically feasible, as proven by experimental projects. It requires a specialized controller supporting hybrid encryption and integration with file systems.

  3. Demand: Exists in specialized niches (video recorders, industrial IoT, medical devices) but is limited by technical complexities and cost.

  4. Prospects: The most likely development is software solutions at the OS level or external encryption devices, rather than integration into the SD card itself.

For your scenario with video recorders, it’s recommended to consider software encryption at the device level or use of external encryption solutions that will provide the necessary flexibility and security.

Sources

  1. ATP Inc. - Encrypted SD,microSD cards with AES-256
  2. Flexxon - AES Secure Micro SD Card
  3. Forbes - DataShur SD Can Encrypt Data On MicroSD Cards
  4. Hackaday.io - Transparently encrypting SD card adapter
  5. Reddit r/AskNetsec - How to encrypt an SD card to be write-only?
  6. Adafruit Blog - Encrypt your USB Sticks and SD Cards on the Fly with Cryptopuck
  7. Reddit r/privacytoolsIO - Android SDCard Encryption
  8. Darwin’s Data - What does SD card encryption do?
  9. Jpralves.net - Cryptopuck: Encrypt on the fly
  10. ATP Inc. Blog - What encrypting SD card means
What are the alternatives to hardware encryption for SD cards?How to choose a secure SD card for a dash camera?What is the difference between symmetric and asymmetric encryption for SD cards?Can I implement real-time file encryption for an SD card myself?Which encryption standards are considered most reliable for SD cards?What software solutions exist for SD card encryption?
Ask NeuroAgent