At this week’s Usenix FAST 11 conference on File and Storage Technologies in San Jose, California researchers published a paper examining the effectiveness of different secure erasure methodologies on Solid State Disks (SSDs).
The researchers, Michael Wei, Laura M. Grupp, Frederick E. Spada and Steven Swanson of the University of California at San Diego, came to several interesting conclusions:
- ATA and SCSI command set features for securely destroying data on SSDs (“ERASE UNIT”) were available on only 8 of the 12 drives tested and were only successful on 4 of the drives.
- Repeatedly overwriting the entire disk with multiple repetitions can successfully destroy data, but because of the Firmware Translation Layer (FTL), this is considerably more complicated and time-consuming than on traditional hard disk drives. Based on their results, it is an unattractive option for most organizations.
- Degaussing SSDs does not erase any of the data stored on them. While SSDs do not use magnetic storage, there was some hope that the electromagnetism might destroy the electronics in the flash chips.
- Single file sanitization, the ability to securely destroy one file on an unencrypted disk, is nearly impossible on SSDs. The paper claims that even the most effective file destruction methods may leave behind more than 4 percent of the original data.
- Drives that are encrypted provide the most practical form of protection. Disks can be safely decommissioned by deleting the encryption keys from the Key Storage Area (KSA) and then running a full DoD compliant erasure to ensure the keys are non-recoverable.
I recommend reading the full paper if you are interested in the challenges related to safeguarding data on SSDs.
To properly secure data and take advantage of the performance benefits that SSDs offer, you should always encrypt the entire disk and do so as soon as the operating system is installed.
Securely erasing SSDs after they have been used unencrypted is very difficult, and may be impossible in some cases.
Download Sophos Free Encryption
Protect your confidential files
Creative Commons image of SSD kit courtesy of PiAir’s Flickr photostream.
12 comments on “SSDs prove difficult to securely erase”
Thank you for this. I personally find hard drives and storage a fascinating subject.
"Firmware Translation Layer (FTL)"
Shouldn't that be, "Flash Translation Layer"?
I agree that full disk encryption is the only valid solution, but writing (seemingly) random data to every sector in the drive would effectively disable both trim and write-wear-leveling, because every sector in the drive will be in-use all the time. Without trim, SSD write performance suffers greatly, and without write wear leveling, the drive's lifespan is reduced.
If the encryption, however, was implemented in the SDD controller, and if the controller only encrypted its in-use sectors (as opposed to the whole drive), then things should be fine.
All I'm saying is that I wouldn't recommend a software encryption solution.
I assume they tried that (erasing every sector).
SSD drives today have spare sectors in reserve (10-20% is common) for use to speed up wear leveling and block erasing.
If the drive doesn't erase this reserve area then when they are rotated back into use they could have old data.
Most probably not all encryption algorithms are safe on an SSD due to the very same reason that data can remain on parts of the disk that enable cryptographic analysis, thus determining the encryption key or data. This would be another interesting subject/research area on how safe encryption of SSDs really is?!
Yes, this is true. For example the documentation for truecrypt recommends not storing truecrypt volumes on an ssd:
If the data is sensitive enough to require secure erasure of the disk, I often prefer the hardware approach… my preferred hardware being a large hammer or the blunt end of an axe.
I side with Robert M.
Or there is more to this article in the fact that "secure easily transportable data" is almost non-existent.
BTW, i need everyones last 4 of your SS and your B-dates. Dont bother with supplying a password as many businesses i have dealt with miss it or 'might' say; "excuse me?" or "oh yeah i guess there's a password on the account, can i get you to tell me that.." after they've spent 5 minutes spilling your personal info! 😮
The slogans use to be "K*ll 'em all, let god sort em out."
I guess these days its.. "Post it all…"
I am the guy that has to make sure that old storage devices can never be read agin. It's quite simple it's called a hammer and screwdriver 100% success rate no matter what. Once a chip, magnetic platen, tape or what ever has been wiped clean using a hammer and screwdriver it stays unreadable.
Hmm, you guys smash up your expensive SSDs? Next time I upgrade, I plan to sell mine…
As DJMAX notes: Smashing an expensive SSD just to erase the drive is wasteful… and still error-prone. If you use self-encrypting drives (SED), then you avoid the risks of software-based encryption and you can securely and instantly erase the drive by simply deleting the on-board encryption key. And, the drive is still available for re-use and re-purposing. NSA, NIST, and the TCG are all workng toward making "crypto erase" a standard sanitization method.
I have a discarded SSD due to an upgrade. I assume I could literally burn the “pods” or hammer them to shards. Recover data? (-8
Personally I running the circuit boards through my shredder that is rated for credit cards. Works like a dream.