SSDs prove difficult to securely erase

Filed Under: Data loss, Privacy

At this week's Usenix FAST 11 conference on File and Storage Technologies in San Jose, California researchers published a paper examining the effectiveness of different secure erasure methodologies on Solid State Disks (SSDs).

SSD kit

The researchers, Michael Wei, Laura M. Grupp, Frederick E. Spada and Steven Swanson of the University of California at San Diego, came to several interesting conclusions:

  • ATA and SCSI command set features for securely destroying data on SSDs ("ERASE UNIT") were available on only 8 of the 12 drives tested and were only successful on 4 of the drives.
  • Repeatedly overwriting the entire disk with multiple repetitions can successfully destroy data, but because of the Firmware Translation Layer (FTL), this is considerably more complicated and time-consuming than on traditional hard disk drives. Based on their results, it is an unattractive option for most organizations.
  • Degaussing SSDs does not erase any of the data stored on them. While SSDs do not use magnetic storage, there was some hope that the electromagnetism might destroy the electronics in the flash chips.
  • Single file sanitization, the ability to securely destroy one file on an unencrypted disk, is nearly impossible on SSDs. The paper claims that even the most effective file destruction methods may leave behind more than 4 percent of the original data.
  • Drives that are encrypted provide the most practical form of protection. Disks can be safely decommissioned by deleting the encryption keys from the Key Storage Area (KSA) and then running a full DoD compliant erasure to ensure the keys are non-recoverable.

Single file sanitization results from UCSD paper
I recommend reading the full paper if you are interested in the challenges related to safeguarding data on SSDs.

To properly secure data and take advantage of the performance benefits that SSDs offer, you should always encrypt the entire disk and do so as soon as the operating system is installed.

Securely erasing SSDs after they have been used unencrypted is very difficult, and may be impossible in some cases.

Download Sophos Free Encryption
Protect your confidential files

Creative Commons image of SSD kit courtesy of PiAir's Flickr photostream.

, , , ,

You might like

12 Responses to SSDs prove difficult to securely erase

  1. Glenn · 1346 days ago

    Thank you for this. I personally find hard drives and storage a fascinating subject.

    BTW:

    "Firmware Translation Layer (FTL)"

    Shouldn't that be, "Flash Translation Layer"?

  2. Anmar Mansur · 1346 days ago

    I agree that full disk encryption is the only valid solution, but writing (seemingly) random data to every sector in the drive would effectively disable both trim and write-wear-leveling, because every sector in the drive will be in-use all the time. Without trim, SSD write performance suffers greatly, and without write wear leveling, the drive's lifespan is reduced.

    If the encryption, however, was implemented in the SDD controller, and if the controller only encrypted its in-use sectors (as opposed to the whole drive), then things should be fine.

    All I'm saying is that I wouldn't recommend a software encryption solution.

    • Joe · 1345 days ago

      I assume they tried that (erasing every sector).

      SSD drives today have spare sectors in reserve (10-20% is common) for use to speed up wear leveling and block erasing.

      If the drive doesn't erase this reserve area then when they are rotated back into use they could have old data.

  3. galf · 1346 days ago

    Most probably not all encryption algorithms are safe on an SSD due to the very same reason that data can remain on parts of the disk that enable cryptographic analysis, thus determining the encryption key or data. This would be another interesting subject/research area on how safe encryption of SSDs really is?!

  4. Robert M · 1344 days ago

    If the data is sensitive enough to require secure erasure of the disk, I often prefer the hardware approach... my preferred hardware being a large hammer or the blunt end of an axe.

  5. tmz@guest.net · 1342 days ago

    I side with Robert M.

    Or there is more to this article in the fact that "secure easily transportable data" is almost non-existent.

    BTW, i need everyones last 4 of your SS and your B-dates. Dont bother with supplying a password as many businesses i have dealt with miss it or 'might' say; "excuse me?" or "oh yeah i guess there's a password on the account, can i get you to tell me that.." after they've spent 5 minutes spilling your personal info! :o

    The slogans use to be "K*ll 'em all, let god sort em out."

    I guess these days its.. "Post it all..."

    :)

  6. macman · 1339 days ago

    I am the guy that has to make sure that old storage devices can never be read agin. It's quite simple it's called a hammer and screwdriver 100% success rate no matter what. Once a chip, magnetic platen, tape or what ever has been wiped clean using a hammer and screwdriver it stays unreadable.

    :^)

  7. djmax · 1260 days ago

    Hmm, you guys smash up your expensive SSDs? Next time I upgrade, I plan to sell mine...

  8. Michael Willett · 1186 days ago

    As DJMAX notes: Smashing an expensive SSD just to erase the drive is wasteful... and still error-prone. If you use self-encrypting drives (SED), then you avoid the risks of software-based encryption and you can securely and instantly erase the drive by simply deleting the on-board encryption key. And, the drive is still available for re-use and re-purposing. NSA, NIST, and the TCG are all workng toward making "crypto erase" a standard sanitization method.

  9. Ray Lampe · 235 days ago

    I have a discarded SSD due to an upgrade. I assume I could literally burn the "pods" or hammer them to shards. Recover data? (-8

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Chester Wisniewski is a Senior Security Advisor at Sophos Canada. He provides advice and insight into the latest threats for security and IT professionals with the goal of providing clear guidance on complex topics. You can follow Chester on Twitter as @chetwisniewski, on App.net as Chester, Chester Wisniewski on Google Plus or send him an email at chesterw@sophos.com.