We are working on some Embedded device (Tag, the Tag hardware is: MCU, external EEPROM, Temperature and Humidity sensors) that collects temperature and humidity, the Tag save the samples in the EEPROM, the connection between the MCU and the EEPROM is I2C.
My questions is:
Is there a way to secure the EEPROM that only my MCU is able to connect and extract logged data? My concerned is that someone connects a DevelopmentKIT with an I2C driver to the Tag EEPROM and extracts the data.
You can make things a little bit complicated for others by disturbing the I2C bus in some way. Lock the bus from other I2C masters by your controller, but this is not much as anyone can easily remove your MCU from the board and free the bus.
I recommend to remove the markings from the EEPROM's package, this will make harder to interface the EEPROM with another MCU, but not impossible. Also you should enable read-out protection on your MCU so they cannot use your firmware to reverse-engineer the interface of the EEPROM.
But all of the above mentioned items are just tricks, none of them offer real protection. If you want real protection you should use encryption.
You did not mentioned why the data cannot be encrypted, so I assume that your MCU is not able to handle such task.
So you could consider using secure EEPROM, such as Atmel's CryptoMemory family.
CryptoMemory is designed to keep contents secure, whether operating in a system or removed from the board and sitting in the hacker’s lab.
Here is an overview and a chip datahseet. It offers four levels:
