Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Solid State Drives (SSDs) -What it Takes to Make Data Go Away

465 views

Published on

Solid State Drives (SSD) Secure Erasure Deep Dive: What it Takes to Really Make the Data Go Away
By UltimateWindowsSecurity.com - sponsored by Blancco

Published in: Technology
  • Did you try ⇒ www.WritePaper.info ⇐?. They know how to do an amazing essay, research papers or dissertations.
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Be the first to like this

Solid State Drives (SSDs) -What it Takes to Make Data Go Away

  1. 1. Sponsored by SolidStateDrives(SSD)SecureErasure DeepDive:What itTakestoReallyMake theDataGoAway © 2017 Monterey Technology Group Inc.
  2. 2. Thanks to  Made possible by
  3. 3. Preview of key points  Data erasure fundamentals  Solid State Drives  Enterprise data destruction that  lets you forget about the technology  provable
  4. 4. Data erasure fundamentals  Deletion does not equal destruction  Security is always an after thought in hardware design  Different technologies require different methods  Can be a black-box
  5. 5. HowSSDs are different than HDDs and why that impacts security You can read/write a given “page” of a magnetic HDD as many times as you like
  6. 6. HowSSDs are different than HDDs and why that impacts security You can read/write a given “page” of a magnetic HDD as many times as you like And there’s just 2 operations – read and write
  7. 7. HowSSDs are different than HDDs and why that impacts security Programmed Erased writeerase  NAND memory has 3 operations write (aka program), read and erase  Block can only be written once, then must be completely erased and rewritten Read many
  8. 8. HowSSDs are different than HDDs and why that impacts security  NAND memory is bits organized into blocks  Start off will all bits set to 1  Write a block by setting necessary bits to 0 so that the block reflects the data you want to store  Now you have a “programmed” block storing the data  You can read that block repeatedly  (Reading it too many times will disturb nearby blocks)  When you need to update a single bit within that block you need to first erase the entire block and re-write the whole thing  Technically if that the bit you want to write is a 0 you could update just that bit  That’s a 50/50 chance  But normally you have to update more than one bit. So what’s the chance that all the bits you need you to change are going to be 0? If even one 1 bit needs to go from 0 to 1 you have to  Read the entire block into SSD RAM  Update the bits or bytes or words necessary  Erase the block  Re-write the block
  9. 9. HowSSDs are different than HDDs and why that impacts security  But NAND can only be programmed/erased so many times  Each p/e cycle causes physical damage to the medium  In real life some chunks of data get updated far more frequently than others  So SSD manufacturers implement  Wear levelling  Over-provisioning
  10. 10. HowSSDs are different than HDDs and why that impacts security Wear levelling and over-provisioning
  11. 11. HowSSDs are different than HDDs and why that impacts security  But to make SSDs take off really fast, they didn’t want to make every OS manufacture implement a new physical file system with knowledge specific to each implementation of NAND as SSD  So make an SSD look like a HDD and just translate it Application Operating System ATA driver ATA commands
  12. 12. HowSSDs are different than HDDs and why that impacts security Application Operating System ATA driver ATA commands Flash translation layer (FTL) Direct, page-for-page
  13. 13. Traditional erasure algorithms unsuitable for SSDs Military Spec Overwrite each sector
  14. 14. Other issues  Freeze lock  BIOS of most modern computers blocks access to these commands with a “freeze lock” on the drive’s security feature set.  Unless the freeze lock is removed, it’s extremely difficult to conduct the necessary firmware-based erasure that scrubs entire SSD storage
  15. 15. Other issues  What is ATA Secure Erase?  Set of commands embedded in most hard drives since 2001  Secure Erase is a command not a physical operation  Therefore it’s all about the implementation (i.e. code) behind that command  “it’s up to each manufacturer to implement it correctly. In their review of the secure erase command,Wei et al., 2011, have shown that over the 12 models of SSDs studied, only eight offered the ATA Secure Erase functionality, and over those eight drives, three had buggy implementations [11].” - http://codecapsule.com/2014/02 /12/coding-for-ssds-part-4- advanced-functionalities-and- internal-parallelism/ https://www.usenix.org/leg acy/event/fast11/tech/full_ papers/Wei.pdf
  16. 16. Other issues  Cryptographic “erasure”  Drive firmware encrypts each page  SSD or HDD  To “erase” drive – just overwrite the key  In theory – great  But encryption in theory and in practice are 2 very different things  Over and over again see poor encryption implementations  “Given the bugs we found in some implementations of secure erase commands, it is unduly optimistic to assume that SSD vendors will properly sanitize the key store. Further, there is no way verify that erasure has occurred”  https://www.usenix.org/legacy/event/fast11/tech/full_papers/Wei.pdf  Bruce Schneier says, cryptographic systems “must be implemented exactly, perfectly, or they will fail.” (https://www.schneier.com/essays/archives/1997/01/why_crypt ography_is.html)  https://www.owasp.org/images/5/57/OWASPIL2011- ErezMetula-WhenCryptoGoesWrong.pdf
  17. 17. Bottom line  SSD erasure  Must deal with  Flash translation layer  Freeze lock  Requires manufacturer specific logic  OEM cooperation  Multi-stage, multi-method  Verifiable  Provable  Reporting  Applies beyond just SSD © 2017 Monterey Technology Group Inc.
  18. 18. Securing the audit trail
  19. 19. Sample Report
  20. 20. SSD Erasure Approvals  The Finnish Communications Regulatory Authority (FICORA) has approved Blancco erasure software for erasing data from hard drives and Solid State Drives.  The AIVD is the General Intelligence and Security Service of the Netherlands and evaluate information security products. In their deployment advisory for Blancco 5 they state that, for SSD media, the “Blancco SSD Erasure”-standard should be used.
  21. 21. Additional Resources  Research Study: Security Limitations of Solid State Drives  https://www.blancco.com/resources/rs-security-limitations-of- ssds  Whitepaper: SSDs and the Unseen Data Destruction Risks  https://www.blancco.com/resources/wp-a-look-inside-ssds- unseen-data-destruction-risks  Free Evaluation: Blancco Drive Eraser for HDDs and SSDs  http://info.blancco.com/en-eval-blancco-5

×