Arduino Iron Key

A Arduino based portable secure memory stick.

I have always been a fan of Hardware encrypted memory sticks and thought it would be a fun weekend project to implement my own version. The two popular models of encrypted memory stick come from IronKey and Datashur they both work in the same manor,utilizing a secure element to provide hardware backed secure encryption key storage (like a mini HSM). The key difference is that Ironkey authenticates with a desktop application and Datashur uses a keypad on the memory stick. I prefer Datashur because it is completely OS depended and acts as a normal memory stick to whatever device you plug it into.

In my version, the Arduino acts as a HSM (Hardware Security Module) between the computer and the SD card shield. A Java app is used to send commands to Arduino. The Arduino enforces authentication and encryption using its on board EPPROM. The EPPROM stores the master encryption key encrypted with a PBKDF2 salted and stretched version of the users password. After authentication, the Arduino encrypts and decrypts all of the data on the fly as it is written to a SD Card using AES. After 10 incorrect password attempts the Arduino wipes its EPPROM destroying the Encryption key. Its incredible slow but a fun project.