Support Center

Secure Erasing Data on SSDs

Last Updated: Feb 12, 2018 12:50AM PST
This article discusses the reality in secure erasing SSDs giving justification for the need to have disposal procedures for resources managing sensitive data.

Introduction
:xRecovery provides a convenient mechanism for recovering Organization data, but how do you insure that you've removed plaintext content from Solid State Disk storage devices?

In short, you don't. You a) use disk encryption, and b) destroy the device when it is no longer in use.

Magnetic Media and Secure Erase
You may have seen with some Security software the ability to, "Secure Erase" information from a hard drive. PGP offered this years ago, and some anti-virus vendor security "suites" offered this capability as well. The motivation was, of course, to make sure any sensitive file that had been stored ended up completely removed such that Forensic investigation would fail to recover any content, every time, no matter what.

In order to do this on spinning drives, one had to take into account the residual signatures left on magnetic media even after the data was erased. A so-called, "secure erase" utilized a pattern of 1s and 0s, and/or random content, to insure there was no leftover signature that could be used to reclaim information.

The Reality of Simple Deletes
In reality, filesystem Delete operations simply removed entries in the filesystem directory, leaving blocks that contained file materials intact. This made it fairly easy for automated tools to find and recover useful information - which is in fact what, "undelete" operations do. Consumer versions didn't go so far as to look for signatures to reclaim erased data, but they did a nearly perfect job of reforming files that had only been removed from a directory but whose raw data remained in original form.

SSDs and Wear Leveling
SSDs provide a different problem. The technology is such that writes must be distributed evenly across the drive, as the memory cells are subject to limited lifetimes. Without wear-leveling algorithms, the drive would wear out quickly, and use wouldn't be practical. As a result, it's nearly impossible to tell where the information is being physically written since the application of wear leveling is in the drive firmware. That also means it's almost nearly impossible to overwrite information since you cannot control the true destination of data. That makes procedures for recycling SSDs particularly important - whereas on traditional spinning drives it's possible to overwrite content, you cannot typically do so on SSDs.

Disposal Procedures
Every resource used to manage sensitive materials should be subject to proper use policies and procedures, more specifically processes designed to insure sensitive content isn't transferred to a new user if the hardware is re-provisioned. Unless you can be certain a particular SSD permits low-level access to physical memory, it's best not to re-use SSDs that contain sensitive content - which in most cases means SSDs shouldn't ever be re-provisioned since even the most innocuous piece of information can be sold for profit in today's environment.

Physical destruction offers the most compelling and reasonable solution to the problem - when the hardware is no longer of use in its original form, rather than re-purpose it for re-use, it should be physically destroyed (and perhaps recycled for raw materials, though the disposal market hasn't been well-regulated and has been ridden with fraudulent "buyers" literally dumping equipment in the desert rather than responsibly recycling materials as advertised).

Summary
When using SSDs, remember that low-level access is not possible and wear-leveling algorithms move data (seemingly) unpredictably. If an attacker gets his or her hands on an SSD with unencrypted sensitive content, it's highly possible he/she can extract useful information by reading the entire content of the drive to piece together chunks of information. Because writes are different and uncontrollable, SSDs should retain physical isolation, should always be encrypted using something like a TPM (decrypt keys stored and protected in an isolated fashion), and should be completely destroyed and only then recycled for raw materials.

 

Contact Us

ed5301d112e75fde24d469c55568f50b@definisec.desk-mail.com
https://cdn.desk.com/
false
desk
Loading
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
about
false
Invalid characters found
/customer/en/portal/articles/autocomplete