Forget "Format c:" or that silly disk erasing software; get physical. [read more]
Can data stored on an SSD be secured?
Study finds the task to be very difficult; overwriting or crypto-erasure seem the best methods for sanitizing SSDs
Computerworld - Until a university study emerged last week, few experts suspected that it's more difficult to erase data stored on solid-state drives (SSD) than that on hard disk drives (HDDs).
Industry experts were taken aback by the study, but noted that there are SSDs with native encryption capabilities that can prevent data from being seen even after a drive's end of life, and that there are some SSD drive sanitation methods that are more successful than others.
"I don't think anyone ever knew about this," said security technologist Bruce Schneier.
The study conducted by researchers at the University of California at San Diego (UCSD), showed that sanitizing SSDs of data is at best a difficult task and at worst nearly impossible. While overwriting data several times can ensure data erasure on many SSDs, the researchers found they were still able to recover data on some products.
One surefire method for protecting your SSD data is cryptographic erasure, said Kent Smith, senior director of product marketing at SSD controller manufacturers SandForce.
Crypto-erasure involves first encrypting an SSD so that only users holding passwords can access its data. When the SSD is at end of life, the user can delete the encryption keys on the drive, eliminating the possibility of unencrypting or accessing the data.
"Unless you can break the 128-bit AES encryption algorithm, there's just no way to get to the data. The drive is now still a fully functioning drive and effectively able to begin writing again," Smith said. "That takes a split second."
The other security method SandForce-based SSDs afford is erasing all the NAND flash memory.
"We go through every single LBA, every single location ... that could have held user data, as well as performing the crypto-erase," Smith said. "That would take longer because you have to erase the flash. That could take a few minutes."
SandForce's controllers, used by most major SSD vendors, include native 128-bit AES encryption that allows users to set up passwords. But some SSDs don't come with native hardware-based encryption.
Data erasure can also be performed on the drive either through the Security Erase Unit (SEU) command, or the soon-to-be released addition to the serial ATA specification under Sanitize Device Set.
Secure Erase is imbedded SATA storage devices, and allows users to delete data from all areas in which it might be stored on a hard drive or a NAND flash product.
When a user chooses the SEU command, all LBAs are erased in the Device Configuration Identity, which is everywhere an SSD can store user data. Additionally, the encryption key is zeroed or destroyed, leaving any existing data scrambled, and all mapping data is erased so the drive cannot even locate the prior scrambled data. The controller automatically creates a new encryption key for any new incoming data.
"The effectiveness of cryptographic sanitization relies on the security of the encryption system used (e.g. AES), as well as the designer's ability to eliminate "side channel" attacks that might allow an adversary to extract the key or otherwise bypass the encryption," the UCSD researchers wrote in their paper.
AES or Advanced Encryption Standard, is the successor to the older DES (Data Encryption Standard). The standard is used by the U.S. government for using the 128-bit and 256-bit strengths to encrypt secret and top-secret-level documents, respectively.
But it's not enough to offer only AES encryption; much depends on how the encryption is deployed.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- OpenStack Hype vs. Reality: CIO Quick Pulse Open-source architecture can enable IT departments to build infrastructure-as-a-service (IaaS) clouds running on standard hardware.
- OpenStack and Red Hat: IDC White paper Most OpenStack deployments are by public cloud providers that are early adopters of technology and use OpenStack in a do-it-yourself deployment and support...
- Red Hat Enterprise Linux OpenStack Platform Datasheet Seamlessly transition to the cloud. Red Hat Enterprise Linux OpenStack Platform delivers an integrated foundation to create, deploy, and scale a secure and...
- Pay-as-you-Grow Data Protection: IBM Tivoli's Full-featured Data Protection Suite for Small to Medium Businesses IBM Tivoli Storage Manager Suite for Unified Recovery gives small and medium businesses the opportunity to start out with only the individual solutions...
- Make or Break: New Auto Products Must Go To Market On Time This Webcast quantifies the value of time to market for the auto industry and highlights how Primavera Enterprise Portfolio Management can help organizations.
- IBM Flash Webcast: Optimizing your Datacenter for Efficient Storage & ROI Register for this webcast to learn the benefits of flash storage from IBM Customer, Leonardo Irastorza of Royal Caribbean Cruise Ltd and Storage... All Data Storage White Papers | Webcasts