SSD security: the worst of all worlds

SSD security: the worst of all worlds

Summary: Data security on SSDs is a mess. Good luck removing data! Preserve it for digital forensics? Uh-oh. Secure erase might work, but it that good enough?

SHARE:

Data security on SSDs is a mess. Good luck removing data! Preserve it for digital forensics? Uh-oh. Secure erase might work, but it that good enough?

SSD data recovery SSD security is important because data recovery is so much easier than for hard drives. For less than $1k you can buy the equipment that will read flash chips.

Flash SSD architecture leaves sensitive data at risk. Unlike hard drives, when flash SSDs rewrite a block, they don't overwrite a fixed block: they grab some empty block and write over that, leaving the original data untouched.

Architectural insecurity Flash is written to the first free 128k or 256k blocks. Rewriting means making a copy of the block and writing the old data plus the new data to another block.

Flash drive controllers virtualize the flash capacity through the flash translation layer (FTL). The blocks your OS sees are not the blocks that are being written. In addition, flash SSDs maintain a large pool of capacity that is not seen by the operating system.

Which leaves your old data on the old block. New writes are written to the first free location, not, as on a disk, to a specified physical location.

Garbage collection eventually overwrites the old block to adds it to the free block pool. Cheaper MLC drives avoid aggressive garbage collection because it wears out the drive sooner.

In addition, the flash failure mode is that the block cannot be written. As blocks reach their end of life, they may not get rewritten at all - leaving sensitive data there for years.

In the meantime you can have 10's of gigabytes of data sitting on capacity that your OS can't see. And like hard disks, "deleting" a file does nothing of the sort.

File deletion As a result, OS-based file erasure doesn't work well. None of the tested methods - including US DoD 5220.22-M using multiple overwrites - succeeded in always erasing all of a file.

File system deletes left anywhere from 4 to 91% of a file on an SSD. Even free space overwriting left a majority of the data intact on all the drives.

(In)secure erase The ATA command set has a secure erase function - disabled by most BIOS's - that will wipe a hard drive. But the researchers found that SATA SSD implementations of secure erase ranged from dire to successful.

3 of 7 tested drives did not properly execute the secure erase command. One drive reported a successful erase but didn't erase anything.

In a paper (pdf) presented at FAST - File And Storage Technology - '11, Michael Wei, Laura M. Grupp, Frederick E. Spada and Steven Swanson of UC San Diego discuss their research into SSD security. They found that techniques that work on disks - other than physical destruction - don't work on SSDs.

That includes multiple overwrites - which do nothing of the sort on SSDs - the single most popular method on hard drives. If data security is vital, physical destruction is the only sure method today.

The flip side Another paper by academic researchers Solid State Drives: The Beginning of the End for Current Practice in Digital Forensic Recovery? (pdf) finds that

. . . solid-state drives (SSDs) have the capacity to destroy evidence catastrophically under their own volition, in the absence of specific instructions to do so from a computer.

The Storage Bits take In SSDs we have the worst of both security worlds: we can't reliably remove or preserve data. It won't take long for horror stories to start popping up.

Comments welcome, of course.

Topics: Operating Systems, Security, Software

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

39 comments
Log in or register to join the discussion
  • SSD

    Speed matters, I don't care!!! the faster the better!!
    Hasam1991
  • How About Encryption?

    Mr. Harris,
    I know this was not the intent of your posting, but it would be interesting to know how secure data on SSD's is with full drive encryption. I know there were some early issues with some implementations of full drive encryption, but I wonder what the current state of affairs is.
    matricellc
    • RE: SSD security: the worst of all worlds

      @matricellc
      I haven't played with any of the FDE options or host-based encryption either. From what I can see however, none of them have taken off with consumers. I suspect that results from a combination of human inertia, techno-anxiety, skewed risk assessment and availability.

      Robin
      Robin Harris
      • RE: SSD security: the worst of all worlds

        @Robin Harris If it does use encryption, how much does it take to crack it?
        asdacap
      • RE: SSD security: the worst of all worlds

        @Robin Harris

        It's more that even things such as TrueCrypt have an ABYSMAL record of having 'unrecoverable errors' which leave all your data impossible to get to.
        That is the main reason why I refuse to use it, even though I am a little paranoid.
        Lerianis10
      • RE: SSD security: the worst of all worlds

        @Robin Harris

        If you're so concerned about your data as to invest in professional grade wiping and using the secure erase SATA command - you're not an average consumer.

        @Lerianis10

        Last I checked, TrueCrypt was block based and an error in one block does not affect the others.

        The biggest issue I see with TrueCrypt is losing the password - if you forget that, you've lost the whole drive.


        That, and TrueCrypt seemed freeze my system every once in a while so that I had to reboot to start working again. It does seem to have some big bugs. Nothing that destroyed my data, though.

        @asdacap

        If using TrueCrypt, you've got some of the best encryption on the planet, assuming you're using a good password. Can't say anything about the others, I've only tried TrueCrypt.
        CobraA1
      • The more legit reason

        @Robin Harris

        has more to do with what is actually to be a problem amongst consumers. Despite Windows 7 supporting Bitlocker, for all but one of my clients this would be a bad idea.
        I've dealt with more unbootable machines due to bad MBRs, bad sectors in *just* the wrong spot, virus attacks, rootkits, update corruption, and just about any other thing you can shake a stick at. Between disk imaging software like Acronis and Ghost, bootable Linux CDs like Knoppix, and tools like the UBCD4Windows and Active@ Boot Disk, I've recovered data for virtually all of those clients, and they are eternally grateful. By contrast, only one end user ever asked me about the data security of disposing of a hard disk. He took the pragmatic route and took a masonry bit to the drive half a dozen times after letting it sit next to a subwoofer magnet overnight. Obviously the latter doesn't apply to SSDs, but the former does.

        SSDs aren't as cheap as spinning rust, but even the expensive ones at $300-$500 a clip are worth destroying physically with a drill bit or shotgun if the data is valuable enough. If it isn't worth the cost of replacing the drive physically or repurposing the drive within the home, it probably isn't data valuable enough to worry about securely erasing.

        Since a nonbooting system is a legit concern that many, many people have had personal experience with, while data theft through disk disposal is not, it makes more sense to plan for the more likely scenario, does it not?

        Joey
        voyager529
      • Same rules apply regardess of whether it's solid state or mechanical

        @Robin Harris <br>If the data is important to me, then I apply two simple rules - <B>regardless</B> of the storage media:-<ol><li>Encrypt it - pref. with an open source encryption tool such as Truecrypt that can be scrutinised for COFEE-style back doors.</li><li>Back it up - pref. with a reliable, open source backup tool such as RSync that allows me to see exactly what it is doing</li></ol>For those complaining of issues with Truecrypt, we have been running Truecrypt successfully on FAT32, EXT3 (and more recently EXT4) file systems on Ubuntu and Debian Linux for several years without any major issue. We use it on both mechanical and solid state storage devices.<br><br>Granted, we have suffered media failures. However these have been nothing to do with Truecrypt. The king of failures is Western Digital's awful 2TB "Green" drives. Though we have also had several high-capacity pen drives go down too, along with some elderly 120GB PATA units that have already exceeded their expected life. But all these failures have been no more than a minor inconvenience because we regularly RSync (or Rsync over SSH) our dataset(s) to several other backup volumes.<br><br>When the time comes finally to decommission storage media, usually because it is physically knackered, then we physically dismantle it. This is partly out of curiosity (and because I like playing with the magnets! lol!) but mainly because physical destruction of redundant storage media, regardless of its type, severely restricts the possibility of future hackers (with better decryption tools), ever getting their grubby hands on our data.<br><br>It's common sense really, isn't it?<br><br>Best wishes, G.
        mrgoose
  • RE: SSD security: the worst of all worlds

    What I know, is that SSD's are more secure than HD's as you really can not anymore recover data fully after you delete it. Just like the article links at the end.

    And article in the Slashdot (can be found by searching "SSD")

    "Firmware built into many solid state drives (SSDs) to improve their storage efficiency could be making forensic analysis at a later date by police forces and intelligence agencies almost impossible to carry out to legally safe standards, Australian researchers have discovered. They found that SSDs start wiping themselves within minutes after a quick format (or a file delete or full format) and can even do so when disconnected from a PC and rigged up to a hardware blocker."
    Fri13
    • RE: SSD security: the worst of all worlds

      @Fri13 Here's an actual link to the article you mention:

      http://news.techworld.com/security/3263093/ssd-fimware-destroys-digital-evidence-researchers-find/

      HOWEVER, while it may be true that SSDs create problems for forensic analysts, that doesn't invalidate the concerns raised in this article. Guess what? Both are true.

      SSDs are different than hard drives, and all the methods, both to probe them for 'deleted' files and to delete all the data on them, that we're used to from rotating media days don't work reliably on them.

      Both approaches need work.
      gwconnery@...
      • RE: SSD security: the worst of all worlds

        @gwconnery@... <br><br>I have to agree. Personally, I will stick to regular mechanical hard drives on most of my computers until those security issues are taken care of..... I'm worried about a virus that is able to hide itself on SSD's because of the 'lack of total deletion' and therefore becomes impossible to totally remove.
        Lerianis10
  • Sounds to me like they are MORE secure or IOW less recoverable.

    The bad side of this is that if someone goofs and deletes or formats there may be no recovery other than a backup.
    DevGuy_z
  • Proofread

    Do you proofread?
    flareback
  • RE: SSD security: the worst of all worlds

    One word: Blendtec . If the SSD is ground into fine sand like granules, the odds of data recovery are zero .
    Mattster67
    • RE: SSD security: the worst of all worlds

      @Mattster67
      Exactly, if it is so important to get rid of secure info then Blendtec or the cheaper route microwave 15 seconds on high.
      MoeFugger
      • RE: SSD security: the worst of all worlds

        @MoeFugger
        Just pull off the outside cover and run a drill through the chips. Secure erase.
        bd1235
      • RE: SSD security: the worst of all worlds

        @MoeFugger I'm pretty positive that 15 seconds would not constitute enough harm to the chips used in SSDs. Blender, yes, microwave no.

        Pluss, remember the no metal in microwaves thing?
        johnlgalt@...
  • Data corrosion - misleading term

    That paper uses the term 'data corrosion', which implies that SSDs may destroy your data of their own volition.

    However. it is a beatup, because your data WILL not be damaged AT ALL.

    The worst that can happen is that they cannot forensically guarantee from where on the disk that data they read comes.
    Patanjali
  • RE: SSD security: the worst of all worlds

    Want total security? Use thermite.
    nickswift498
  • RE: SSD security: the worst of all worlds

    sdghh
    bnkutfgw