Can data stored on an SSD be secured?

Study finds the task to be very difficult; overwriting or crypto-erasure seem the best methods for sanitizing SSDs

1 2 3 Page 2
Page 2 of 3

That's important in part because users don't always want to use passwords as long as needed for effective key generation. If a user chooses a password with fewer characters than would make a 128-bit or 256-bit key (one character = 8 bits, so we're talking about passwords of 16 or 32 characters, respectively), the remaining characters often automatically become zeros.

In such cases, said Charles Kolodgy, research director for secure content and threat management products at IDC, the password can more easily be guessed.

Kolodgy recommends users create a passphrase rather than a password. "The first step is to take care of 90% of the users out there," Kolodgy says. After that, the best solution is to have a random password character generator on the drive.

Even if your drive comes with native encryption capabilities, Schneier believes there is no way to tell whether a vendor's security is foolproof "apart from a $50,000 or $100,000 engineering effort" as he states in an essay on password security.

Schneier is a proponent of purchasing as inexpensive a drive as possible and then encrypting the data by using freeware, such as TruCrypt or a relatively low-cost product such as PGPDisk.

The UCSD researchers agreed that crypto-erasure is a good method of ensuring that an SSD can be sanitized at its end of life or when slated for re-use.

The researchers tested 12 SSDs and found that none of the available software techniques for erasing individual files is effective. Erasing entire SSDs with native sanitize commands was most effective, but only when performed correctly, and that software techniques work most, but not all, of the time.

The researchers did not identify the products used in the test.

UCSD's Non-volatile Systems Laboratory designed a procedure to bypass the flash translation layer (FTL) on SSDs and directly access the raw NAND flash chips to audit the success of any given sanitization technique.

An SSD's FTL performs the mapping of data between the logical block addresses (LBAs) via the ATA or SCSI interface and NAND flash memory's physical pages.

In a paper titled " Reliably Erasing Data from Flash-Based Solid State Drives", the university researchers wrote that "all single-file overwrite sanitization protocols failed: between 4% and 75% of the files' contents remained on the SATA SSDs."

USB flash drives didn't fare much better. Between 0.57% and 84.9% of the data remained on the drive after an overwrite was attempted.

The researchers even attempted overwriting free space on the drives and defragmenting the drive to redistribute data, encouraging the FTL to reuse more physical storage locations, but it proved to be ineffective.

1 2 3 Page 2
Page 2 of 3
7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon