Until a university study emerged last week, few experts suspected that it's more difficult to erase data stored on solid-state drives (SSD) than that on hard disk drives (HDDs).
Industry experts were taken aback by the study, but noted that there are SSDs with native encryption capabilities that can prevent data from being seen even after a drive's end of life, and that there are some SSD drive sanitation methods that are more successful than others.
"I don't think anyone ever knew about this," said security technologist Bruce Schneier.
The study conducted by researchers at the University of California at San Diego (UCSD), showed that sanitizing SSDs of data is at best a difficult task and at worst nearly impossible. While overwriting data several times can ensure data erasure on many SSDs, the researchers found they were still able to recover data on some products.
One surefire method for protecting your SSD data is cryptographic erasure, said Kent Smith, senior director of product marketing at SSD controller manufacturers SandForce.
Crypto-erasure involves first encrypting an SSD so that only users holding passwords can access its data. When the SSD is at end of life, the user can delete the encryption keys on the drive, eliminating the possibility of unencrypting or accessing the data.
"Unless you can break the 128-bit AES encryption algorithm, there's just no way to get to the data. The drive is now still a fully functioning drive and effectively able to begin writing again," Smith said. "That takes a split second."
The other security method SandForce-based SSDs afford is erasing all the NAND flash memory.
"We go through every single LBA, every single location ... that could have held user data, as well as performing the crypto-erase," Smith said. "That would take longer because you have to erase the flash. That could take a few minutes."
SandForce's controllers, used by most major SSD vendors, include native 128-bit AES encryption that allows users to set up passwords. But some SSDs don't come with native hardware-based encryption.
Data erasure can also be performed on the drive either through the Security Erase Unit (SEU) command, or the soon-to-be released addition to the serial ATA specification under Sanitize Device Set.
Secure Erase is imbedded SATA storage devices, and allows users to delete data from all areas in which it might be stored on a hard drive or a NAND flash product.
When a user chooses the SEU command, all LBAs are erased in the Device Configuration Identity, which is everywhere an SSD can store user data. Additionally, the encryption key is zeroed or destroyed, leaving any existing data scrambled, and all mapping data is erased so the drive cannot even locate the prior scrambled data. The controller automatically creates a new encryption key for any new incoming data.
"The effectiveness of cryptographic sanitization relies on the security of the encryption system used (e.g. AES), as well as the designer's ability to eliminate "side channel" attacks that might allow an adversary to extract the key or otherwise bypass the encryption," the UCSD researchers wrote in their paper.
AES or Advanced Encryption Standard, is the successor to the older DES (Data Encryption Standard). The standard is used by the U.S. government for using the 128-bit and 256-bit strengths to encrypt secret and top-secret-level documents, respectively.
But it's not enough to offer only AES encryption; much depends on how the encryption is deployed.