Orthrus is a way to securely store data in two parts such that separately each part is useless, but together the data is restored.
It is a board with two microSD card sockets and a microUSB socket. You connect the USB end up to a host with a standard cable and it looks like a normal USB mass storage device. When you insert two cards and initialize them with the on-board button, the two become an encrypted RAID-0 volume with the key material for the encryption spread between the two cards. If you remove one of the two cards, you'll find that all of the data on it is encrypted. If you have possession of one of the cards, you have half the data encrypted with a key you can't reconstruct.
In order to create cryptographically strong keys, a true random entropy generator is included. Before being used to create keys, the data from the entropy source is whitened. The result should be truly unpredictable keys every time.
Orthrus has no passwords or other built-in security. When two matched cards are inserted, it behaves exactly like any other USB mass storage device.
Orthrus comes as an assembled and programmed board. microSD cards and a USB microB cable are required and not included.
There are many use cases that Orthrus facilitates easily. If you have a dataset over which you wish to maintain "two man control," then you can simply copy it onto an Orthrus volume and give the two cards to two people confident that by themselves each of them can't do anything. Or if you wanted to send data through the mail, you could dispatch each card separately confident that the data could not be inspected in transit.
If one card is lost, you can simply reinitialize or destroy the other card confident in the knowledge that if the first card is discovered by an adversary, they could make no use of it.
Orthrus volumes are encrypted with AES-128 XEX mode, with each card's nonce being stored on the opposite card. The nonce is also perturbed by the block number being read or written, so each block's cryptostream is unique. In addition, the AES key for the volume is derived with 256 bits of key data stored on each card and another 256 bits of common data using AES-CMAC-PRF. This common data insures that two mismatched cards cannot be inserted (unless reinitialized). Each card is further marked with an "A" or "B" bit so that you can insert the cards in the "wrong" slots and Orthrus will still figure it out and do the right thing. An adversary attempting to reconstruct half of the data from one card would need to derive 224 bits of key material in total, which is a number of possibilities on the order of a 2 with 67 zeros after it. Orthrus' firmware is open-source so that anyone can examine it for weaknesses (intentional or otherwise). Baring a breakthrough in cryptanalysis, Orthrus' crypto-system should be resilient enough to force adversaries to find other avenues of attack.
Orthrus is a full-speed (12 Mb/s) USB device. It generally achieves a throughput of around 135 kB/sec (kilobytes per second). It accepts SDHC or SDXC microSD cards.
Due to U.S. export restrictions, Orthrus is not for sale outside of the United States.
|Shipping Rate||First item||Additional items|
United States Postal Service: Free first class shipping!
We recognize our top users by making them a Tindarian. Tindarians have access to secret & unreleased features.
We look for the most active & best members of the Tindie community, and invite them to join. There isn't a selection process or form to fill out. The only way to become a Tindarian is by being a nice & active member of the Tindie community!
I design and build small, useful electronic things. I started in 2013 after leasing an electric car and deciding that I could build my own charging station. Since then, I've gone on to design lots of things to fill particular needs.
The name of my store is partly a nod to Arduino's Italian roots, since Arduino got me into microcontroller engineering, and that led to everything else. I also like the image of Geppetto, working away in his workshop making little things that come to life.