Advertisement

Industrial memory cards need secure controllers

Industrial-grade security measures are being designed into SD and microSD cards thanks to memory controllers that support advanced security techniques.

First introduced in 1999 by the SD Association (SDA), the Secure Digital (SD) memory card quickly gained acceptance as a data storage medium for handheld and portable consumer devices. The SD card was followed in 2005 by the smaller-form–factor microSD card, which is electrically and software-compatible with the full-sized SD card. SD and microSD memory cards are now widely accepted as the industry standard for data storage in digital cameras, smartphones, tablets and other handheld devices.

Originally aimed primarily at consumer applications, there is a growing trend toward the adoption of the SD and microSD format in other sectors, such as industrial, automotive and medical. Because the applications using these memory cards are becoming more sensitive and mission-critical, the physical and digital security of the stored data is correspondingly growing in importance.

As with most NAND flash memory systems, the security capabilities of the SD or microSD card depend on its memory controller, which, among other functions, hosts the features and functionality that govern the overall security of the memory card.

In this article, we look at how industrial-grade security measures are being designed into modern SD and microSD cards and show options for highly secure applications, which are utilizing these memory cards to store sensitive data.

SD and microSD memory cards

A microSD card is a NAND flash–based memory system, comprised mainly of a pin interface, NAND flash memory and an internal controller, which handles all internal flash memory operations. The NAND flash memory is the storage for data and the pin interface connects the card and host device.

The SDA, a global open industry standards organization that sets and promotes SD standards, has provided a convenient classification system (see Figure 1), which summarizes usage and features for SD standard types and sizes for host devices.

SD Association's block diagram of the classification system for SD cards.

Figure 1: Classification system for SD cards (Source: SD Association)

The file transfer speed is dictated by the bus interface speed (see Table 1).

Table showing SD file transfer speeds.

Table 1: SD file transfer speeds (Source: Hyperstone)

With their high data transfer rates and low power consumption, SD memory cards offer valuable attributes for portable devices, and, because they use nonvolatile flash storage, a power source is not required to retain stored data. SD cards are also physically robust and are resistant to water, bending, torque and electrostatic discharge. The mechanical and electrical design of the SD card ensures a highly durable storage medium that can handle up to 10,000 physical insertions, based on the design specification. As well as providing removable storage, SD cards are increasingly used as memory expansion in a range of devices, complementing embedded memories and allowing simplified field maintenance and serviceability.

These growing applications for SD cards come with increased security requirements and advanced security measures designed into the card, giving developers more flexibility when using SD memory cards.

Designing security into the SD card

Most NAND flash memory systems, including SD and microSD cards, would not be able to operate efficiently without a flash controller. The controller ensures the integrity of data passing between the host and the flash, masking the inherent deficiencies of the MOSFET semiconductor technology upon which NAND flash is based. It is essentially a system-on-chip, complete with its own resources, as can be seen in Figure 2.

The controller executes a range of tasks, which may include:

  • Translation of the read/write/status commands issued by the host into a format that can be understood by the NAND flash, including translating between different interfaces (e.g., SD, eMMC or SATA) and different NAND flashes (e.g., KIOXIA, Micron and Samsung)
  • Mapping of the logical block addresses into addresses on the flash memory
  • Detection and correction of errors within the NAND flash
  • Implementation of appropriate digital security measures
  • Flash calibration
Block diagram of Hyperstone's NAND flash controller architecture.

Figure 2: NAND flash controller architecture (Source: Hyperstone)

A wide variety of controllers are available on the market, each with varying levels of cost and sophistication, depending on the specific needs of the application. Advanced functional security measures place specific demands on the controller’s resources, with cryptographic techniques like AES-256 requiring significant processing power. The controller must also be capable of supporting the platform’s security primitives required to protect the functional security measures, such as secure boot or connecting a secure element.

Modern controllers, such as the Hyperstone S9S, integrate hardware and software techniques to optimize performance and power consumption while supporting advanced security techniques. Based on a powerful 32-bit core processor, the Hyperstone controllers offer an easy-to-use turnkey solution for industry-grade, secure flash memory cards or embedded storage solutions. Recognizing that manufacturers of secure storage systems seek to differentiate their end products in a highly competitive market, the S9S controller comes with an API that enables developers to customize the security features of the application.

Leveraging the power of the flash controller

One way to benefit from the power and flexibility of the S9S controller is to leverage the flexibility of the programmable API to offer plug-and-play security for a range of mobile and industrial security applications.

The S9S basic firmware can be equipped with a proprietary, sophisticated, custom firmware extension that, for example, manages and tracks storage access, identifying illicit attempts to gain access and blocking them.

Another option for customization is the addition of a dedicated secure element, which communicates with the flash controller through an ISO 7816 port. This secure element enables the flash controller to implement a root of trust and protected key storage features.

Such customizations are desirable to meet the specific requirements of applications like point of sale and logging data, as well as a range of automotive, industrial and medical secure data storage applications.

The attributes of SD and microSD cards make them attractive options for both removable and embedded storage in a growing range of industrial-grade, secure applications. Manufacturers targeting these emerging opportunities need to customize their products to match the specific needs of their target markets. The flexibility and capabilities of memory controllers like Hyperstone’s S9S SD controller is key in enabling these customizations, as it comes with advanced security features while offering further flexibility through a user API.

Advertisement

Leave a Reply