reliably erasing data from flash based solid state drives
play

Reliably Erasing Data from Flash-Based Solid State Drives Michael - PowerPoint PPT Presentation

Nov 13, 2023 •47 likes •847 views

Reliably Erasing Data from Flash-Based Solid State Drives Michael Wei* Laura Grupp*, Fredrick E. Spada, Steven Swanson* * Non-Volatile Systems Laboratory Department of Computer Science and Engineering University of California, San Diego

  1. Reliably Erasing Data from Flash-Based Solid State Drives Michael Wei* Laura Grupp*, Fredrick E. Spada†, Steven Swanson* * Non-Volatile Systems Laboratory Department of Computer Science and Engineering University of California, San Diego † Center for Magnetic Recording Research University of California, San Diego

  2. 2 Confidential Data sensitive information which… Limited to people with need • Destroyed at end of life •

  3. 3 YOU… have confidential data on your computer right now!

  4. 4 CORPORATIONS… must protect their own data as well as client’s data.

  5. 5 GOVERNMENTS… must protect information to protect the state and lives of its citizens

  6. 6 * Confidential Data sensitive information which… Limited to people with need • Destroyed at end of life •

  7. 7 What we know comes from years of research on hard drives.

  8. 8 Solid State Disks (SSDs) next generation storage… Flash-based • No moving parts • Uses a complex controller • (Flash Translation Layer)

  9. 9 2008 ‐ 2013 SSD Shipment Forecast 60 SSD Shipments (in Millions) 50 40 30 20 10 0 2008 2009 2010 2011 2012 2013 Year Source: DRAMeXchange SSDs are becoming quite popular…

  10. 10 You might have left confidential data and not even realized it.

  11. 11 Why is it hard to erase SSDs? Current sanitization tools are designed for hard drives. But SSDs are very different!

  12. 12 SSD Differences Recovery process is cheap • Wide space of manufacturers • for poor implementation Easy Disassembly / Reassembly • • Low cost compared to Let’s see what’s on this SSD… hard drives • Someone could steal your data overnight!

  13. 13 Overview Motivation • Sanitization Background • Validating Sanitization • and Results Single-File Sanitization • Enhancement

  14. 14 Sanitization Erasing data so that it is difficult or impossible to recover

  15. 15 * For this talk, we’ll talk about the chip level. • There’s leftover data • It’s cheap • The next level is much more complex

  16. 16 Physical Level • Destroying Flash Memory-Based Storage Devices , Steven Swanson, University of California, San Diego Computer Science & Engineering technical report cs2011-0968. • 0.2mm particles • Good until 2022 (8nm technology node)

  17. 17 Writing Data

  18. 18 Writing more data…

  19. 19 Lots of stale data can be left over on the drive…

  20. 20 Overview Motivation • Sanitization Background • Validating Sanitization • and Results Single-File Sanitization • Enhancement

  21. 21 We now want to measure the stale data left over.

  22. 22 First, we constructed a “fingerprint” that was easily identifiable. Special Identifiers Unique Patterns Checksum

  23. 23 Second, We needed a way to see more than what the operating system sees.

  24. 24 Second, We needed a way to see more than what the operating system sees.

  25. 25 We built a custom hardware platform to extract data off the chips.

  26. 26 The drive is successfully sanitized if * no stale data is left over.

  27. 27 Whole-disk sanitization Erase the whole disk so that no old data remains. • Built-in Commands • ATA Security “Erase Unit” (ATA-3), 1995 • Cryptographic techniques • Software Overwrite • Various Standards

  28. 28 Built-in commands • ATA Security “Erase Unit”

  29. 29 ATA Security Erase Unit (1995) • Normal: Replace the contents of LBA 0 to MAX LBA with binary zeroes or ones. • Enhanced: All previously written user data shall be overwritten. Predates SSDs: doesn’t distinguish overwritten from erase.

  30. 30 ATA Security Erase Enhanced Some drives tested supported and passed ATA SECURITY Vendor Dependent SECURITY ERASE ERASE UNIT ENHANCED SECURITY ERASE SSD Name Controller UNIT ENHANCED UNIT (ATA-3) (ATA-3) ATA SECURITY A 1 No No ERASE UNIT B 2 No (Reports yes) No C 1 Partial (Bugged) No Software Overwrite D 3 Partial (Bugged) No E 4 Crypto Scrambles Crypto Scrambles F 5 Yes Yes G 6 Yes No H 7 Yes Yes I 8 Yes Yes

  31. 31 ATA Security Erase Unit One drive reported success, even though all data remained. ATA SECURITY SECURITY ERASE SECURITY ERASE ERASE UNIT ENHANCED SSD Name Controller UNIT ENHANCED UNIT (ATA-3) (ATA-3) ATA SECURITY Vendor Dependent A 1 No No ERASE UNIT B 2 No (Reports yes) No C 1 Partial (Bugged) No Software Overwrite D 3 Partial (Bugged) No E 4 Crypto Scrambles Crypto Scrambles F 5 Yes Yes G 6 Yes No H 7 Yes Yes I 8 Yes Yes

  32. 32 ATA Security Erase Unit • Others only worked after the drive was reset ATA SECURITY SECURITY ERASE SECURITY ERASE ERASE UNIT ENHANCED SSD Name Controller UNIT ENHANCED UNIT (ATA-3) (ATA-3) ATA SECURITY Vendor Dependent A 1 No No ERASE UNIT B 2 No (Reports yes) No C 1 Partial (Bugged) No Software Overwrite D 3 Partial (Bugged) No E 4 Crypto Scrambles Crypto Scrambles F 5 Yes Yes G 6 Yes No H 7 Yes Yes I 8 Yes Yes

  33. ATA Security Erase Unit • Some drives crypto- scrambled, so we could not verify them ATA SECURITY SECURITY ERASE SECURITY ERASE ERASE UNIT ENHANCED SSD Name Controller UNIT ENHANCED UNIT (ATA-3) (ATA-3) ATA SECURITY Vendor Dependent A 1 No No ERASE UNIT B 2 No (Reports yes) No C 1 Partial (Bugged) No Software Overwrite D 3 Partial (Bugged) No E 4 Crypto Scrambles Crypto Scrambles F 5 Yes Yes G 6 Yes No H 7 Yes Yes I 8 Yes Yes 33

  34. 34 * Crypto-Scramble Works by deleting key • Fast, but… • Encrypted data remains • Data isn’t erased • Crypto scramble makes drives unverifiable

  35. 35 Hardware Commands • Wide variation in results – Not supported – Success – Crypto-scramble – Buggy implementation (works sometimes) – Failure (all data leftover) • Result is implementation-dependent • Will not know what happens until it is tested

  36. 36 SAFE: Scramble and Finally Erase • UCSD Technical Report cs2011-0963 • Cryptography is desirable • However, it is hard to verify • A sanitized disk is easy to verify • Why not crypto-scramble AND erase?

  37. 37 SAFE: Scramble and Finally Erase In Use Sanitize Disk ACTIVE Write Metadata INITIALIZED • Traditional Sanitization Process – Sanitize and Initialize in a single step – Drive is INITIALIZED after a sanitize

  38. 38 SAFE: Scramble and Finally Erase Encrypted, In Use ACTIVE Delete Keys KEYLESS Write Metadata INITIALIZED • Crypto-Erase “Sanitization” Process – Delete keys – Drive is INITIALIZED after a sanitize

  39. 39 SAFE: Scramble and Finally Erase Encrypted, In Use Sanitize Disk ACTIVE Delete Keys KEYLESS Block Erase Write Metadata VERIFIABLE INITIALIZED SAFE breaks this up and adds two new states: KEYLESS and VERIFIABLE

  40. 40 SAFE: Scramble and Finally Erase Encrypted, In Use Sanitize Disk ACTIVE Delete Keys KEYLESS Block Erase Write Metadata VERIFIABLE INITIALIZED Scramble: Drive is actively being encrypted – On sanitize, delete the keys ( KEYLESS) – This step takes milliseconds

  41. 41 SAFE: Scramble and Finally Erase Encrypted, In Use Sanitize Disk ACTIVE Delete Keys KEYLESS Block Erase Write Metadata VERIFIABLE INITIALIZED Erase: Perform a block erase after scramble – We can easily verify the drive ( VERIFIABLE) – This step takes minutes

  42. 42 SAFE: Scramble and Finally Erase • We can now verify if the drive is erased – Via pulling off the chips – Possibly via hardware commands that don’t exist yet – External connector • Best of both worlds – Fast cryptographic scramble – Slower, more secure erase

  43. 43 Myth: Flash takes a long time to erase • 13 seconds to erase 4 Gbit • 2.1minutes to program 4 Gbit • Can work on multiple chips in parallel • #of channels scales with drive size (in general) • Average disk (250GB) may take ~20s to fully erase • With simple optimizations, a very fast erase is possible

  44. 44 SAFE: Scramble and Finally Erase • Problem: We still have to trust the firmware designer to do it right! • Challenge: How do we avoid the need to trust the firmware?

  45. 45 Software overwrite • Various Government Standards • According to NIST 800-88 (2006) “Studies today have shown that most of today’s media can be effectively cleared by one overwrite.”

  46. 46 Software overwrite

  47. 47 Software overwrite ?

  48. 48 How many times? * Our experiments show 2 passes are typically necessary But even on the same drive, the number of required passes varied between 2 to more than 20. Unreliable - hardware commands are best, if they are correctly implemented.

  49. 49 Single-File Sanitization Erasing single files while leaving other parts of the drive intact

  50. 50 We want to sanitize only part of the disk.

  51. 51 Let’s try overwriting it…

  52. 52 And again…

  53. 53 We tested with a 1000MB file, and got pretty bad results… 1000 MB Recovery (MB) 100 MB 10 MB 1 MB

  54. 54 We tried to augment the existing procedures to do better… - Wipe the free space - Defragment and wipe …but that didn’t help at all.

  55. 55 We’d like a hardware command that would tell the controller to delete stale data

Recommend

Open-Channel Solid State Drives Matias Bjrling 2015/03/12 Vault 1 Solid State Drives

Open-Channel Solid State Drives Matias Bjrling 2015/03/12 Vault 1 Solid State Drives

Open-Channel Solid State Drives Matias Bjrling 2015/03/12 Vault 1 Solid State Drives Thousand of IOPS and low latency (<1ms) Hardware continues to improve Parallel architecture Larger flash chips Replaceable for

232 views • 22 slides
Long-Term JPEG Data Protection and Recovery for NAND Flash-Based Solid-State Storage Yu-Chun Kuo,

Long-Term JPEG Data Protection and Recovery for NAND Flash-Based Solid-State Storage Yu-Chun Kuo,

Long-Term JPEG Data Protection and Recovery for NAND Flash-Based Solid-State Storage Yu-Chun Kuo, Ruei-Fong Chiu, and Ren-Shuo Liu System and Storage Design Lab Department of Electrical Engineering National Tsing Hua University Taiwan 1

1.01k views • 42 slides
An overview on solid-state-drives architectures and enterprise solutions Romolo Marotta

An overview on solid-state-drives architectures and enterprise solutions Romolo Marotta

An overview on solid-state-drives architectures and enterprise solutions Romolo Marotta Sapienza, University of Rome Why SSD are so attractive? Capacity vs Access Time SRAM 10 8 DRAM FLASH 10 6 Capacity (MB) 10 4 10 2 1 10 -2 10 -6 10 -4

1.34k views • 110 slides
FIOS: A Fair, Efficient Flash I/O Scheduler Stan Park and Kai Shen presented by Jason

FIOS: A Fair, Efficient Flash I/O Scheduler Stan Park and Kai Shen presented by Jason

FIOS: A Fair, Efficient Flash I/O Scheduler Stan Park and Kai Shen presented by Jason Gevargizian Flash devices NAND Flash devices are used for storage aka Solid-state Drives (SSDs) much higher I/O performance than mechanical

539 views • 30 slides
Data Systems on Modern Hardware: Multi-cores, Solid-State Drives, and Non-Volatile Memories Prof.

Data Systems on Modern Hardware: Multi-cores, Solid-State Drives, and Non-Volatile Memories Prof.

CS 591: Da Data Systems Architectures Data Systems on Modern Hardware: Multi-cores, Solid-State Drives, and Non-Volatile Memories Prof. Manos Athanassoulis https://midas.bu.edu/classes/CS591A1 with slides developed at Harvard Some class

963 views • 74 slides
A Semi Preemptive Garbage A Semi Preemptive Garbage Collector for Solid State Collector

A Semi Preemptive Garbage A Semi Preemptive Garbage Collector for Solid State Collector

A Semi Preemptive Garbage A Semi Preemptive Garbage Collector for Solid State Collector for Solid State Collector for Solid State Collector for Solid State Drives Drives Junghee Lee, Youngjae Kim, Galen M. Shipman, Sarp Oral, Feiyi Wang,

540 views • 26 slides
A file system for safely interacting with untrusted USB flash drives Ke Zhong , Zhihao Jiang ,

A file system for safely interacting with untrusted USB flash drives Ke Zhong , Zhihao Jiang ,

A file system for safely interacting with untrusted USB flash drives Ke Zhong , Zhihao Jiang , Ke Ma , and Sebastian Angel University of Pennsylvania Shanghai Jiao Tong University Most Storage has moved to cloud! USB flash drives

774 views • 74 slides
SFS: Random Write Considered Harmful in Solid State Drives Changwoo Min 1, 2 , Kangnyeon Kim 1 ,

SFS: Random Write Considered Harmful in Solid State Drives Changwoo Min 1, 2 , Kangnyeon Kim 1 ,

SFS: Random Write Considered Harmful in Solid State Drives Changwoo Min 1, 2 , Kangnyeon Kim 1 , Hyunjin Cho 2 , Sang-Won Lee 1 , Young Ik Eom 1 1 Sungkyunkwan University, Korea 2 Samsung Electronics, Korea Outline Background Design

367 views • 34 slides
3-Dimensional Monolithic Nonvolatile Memories and the Future of Solid-State Data Storage Dr.

3-Dimensional Monolithic Nonvolatile Memories and the Future of Solid-State Data Storage Dr.

3-Dimensional Monolithic Nonvolatile Memories and the Future of Solid-State Data Storage Dr. Michael A. Vyvoda Director, Technology Transfer and Operations 3D Technology Group SanDisk Corporation February 8 th , 2008 Outline Flash memory

577 views • 35 slides
Flash Memory Overview Steven Swanson Humanity processed 9 Zettabytes in 2008* Welcome to the

Flash Memory Overview Steven Swanson Humanity processed 9 Zettabytes in 2008* Welcome to the

Flash Memory Overview Steven Swanson Humanity processed 9 Zettabytes in 2008* Welcome to the Data Age! 2 *http://hmi.ucsd.edu Solid State Memories NAND flash Ubiquitous, cheap Sort of slow, idiosyncratic Phase change, Spin

634 views • 30 slides
Flash-based SSDs [ Material based on slides from Tyler Caraza-Harter ] www:

Flash-based SSDs [ Material based on slides from Tyler Caraza-Harter ] www:

Flash-based SSDs [ Material based on slides from Tyler Caraza-Harter ] www: https://tyler.caraza-harter.com Cost: HDD vs. SSD Source: http://www.tomshardware.com/news/ssd-hdd-solid-state-drive-hard-disk-drive-prices,14336.html Cost: HDD vs.

1.23k views • 119 slides
FLIN: Enabling Fairness and Enhancing Performance in Modern NVMe Solid State Drives Arash

FLIN: Enabling Fairness and Enhancing Performance in Modern NVMe Solid State Drives Arash

FLIN: Enabling Fairness and Enhancing Performance in Modern NVMe Solid State Drives Arash Tavakkol, Mohammad Sadrosadati, Saugata Ghose, Jeremie S. Kim, Yixin Luo, Yaohua Wang, Nika Mansouri Ghiasi, Lois Orosa, Juan Gmez-Luna, Onur Mutlu June

1.14k views • 92 slides
Solid State Drives (SSDs) Daniel Mosse (slides are modified from Dr. Ahmed Amers CS 1550 Slides

Solid State Drives (SSDs) Daniel Mosse (slides are modified from Dr. Ahmed Amers CS 1550 Slides

Solid State Drives (SSDs) Daniel Mosse (slides are modified from Dr. Ahmed Amers CS 1550 Slides and Sherif Khattab ) Historical Disk drive specifics IBM 360KB WD 18GB Seagate ST9250410AS floppy HD 250GB HD (16MB cache)

157 views • 11 slides
Become a SSD expert in minutes! Ryan Smith ryan.smith@ssi.samsung.com 408-205-8889 What is a

Become a SSD expert in minutes! Ryan Smith ryan.smith@ssi.samsung.com 408-205-8889 What is a

Become a SSD expert in minutes! Ryan Smith ryan.smith@ssi.samsung.com 408-205-8889 What is a SSD? SSD = Solid State Drive RAM- based introduced in 1970s Flash- based version in 1990s Today, it typically uses NAND Flash

420 views • 27 slides
LaLDPC: Latency-aware LDPC for Read Performance Improvement of Solid State Drives Yajuan Du 1,2 ,

LaLDPC: Latency-aware LDPC for Read Performance Improvement of Solid State Drives Yajuan Du 1,2 ,

LaLDPC: Latency-aware LDPC for Read Performance Improvement of Solid State Drives Yajuan Du 1,2 , Deqing Zou 1 , Qiao Li 3 , Liang Shi 3 , Hai Jin 1 , and Chun Jason Xue 2 1 1 Huazhong University of Science and Technology 2 City University of

599 views • 41 slides
The Unwritten Contract of Solid State Drives Jun He, Sudarsun Kannan, Andrea C. Arpaci-Dusseau,

The Unwritten Contract of Solid State Drives Jun He, Sudarsun Kannan, Andrea C. Arpaci-Dusseau,

The Unwritten Contract of Solid State Drives Jun He, Sudarsun Kannan, Andrea C. Arpaci-Dusseau, Remzi H. Arpaci-Dusseau Department of Computer Sciences, University of Wisconsin - Madison Enterprise SSD revenue is expected to exceed enterprise

2.48k views • 164 slides
Self-Encrypting Deception: Weaknesses in the Encryption of Solid State Drives (SSDs) Carlo Meijer

Self-Encrypting Deception: Weaknesses in the Encryption of Solid State Drives (SSDs) Carlo Meijer

Self-Encrypting Deception: Weaknesses in the Encryption of Solid State Drives (SSDs) Carlo Meijer Bernard van Gastel Radboud University Nijmegen Radboud University Nijmegen Midnight Blue Labs Open University of the Netherlands whoami Carlo

1.44k views • 141 slides
FAST: Quick Application Launch on Solid-State Drives Yongsoo Joo 1 , Junhee Ryu 2 , Sangsoo Park

FAST: Quick Application Launch on Solid-State Drives Yongsoo Joo 1 , Junhee Ryu 2 , Sangsoo Park

FAST: Quick Application Launch on Solid-State Drives Yongsoo Joo 1 , Junhee Ryu 2 , Sangsoo Park 1 , and Kang G. Shin 1,3 1 Ewha Womans University, Korea 2 Seoul National University, Korea 3 University of Michigan, USA Application Launch Delay

402 views • 36 slides
File Systems (Chapters 39-43,45) CS 4410 Operating Systems [R. Agarwal, L. Alvisi, A. Bracy, M.

File Systems (Chapters 39-43,45) CS 4410 Operating Systems [R. Agarwal, L. Alvisi, A. Bracy, M.

File Systems (Chapters 39-43,45) CS 4410 Operating Systems [R. Agarwal, L. Alvisi, A. Bracy, M. George, F.B. Schneider, E. Sirer, R. Van Renesse] Storage Devices: Recap Disks RAID-0, 1, 4, 5 Solid State Drives (Flash memory)

505 views • 24 slides
USB Flash Drives as an Energy Efficient Storage Alternative Olga Mordvinova, Julian Martin

USB Flash Drives as an Energy Efficient Storage Alternative Olga Mordvinova, Julian Martin

USB Flash Drives as an Energy Efficient Storage Alternative Olga Mordvinova, Julian Martin Kunkel, Christian Baun, Thomas Ludwig and Marcel Kunze University of Heidelberg Karlsruhe Institute of Technology University of Hamburg c/o DKRZ E2GC2 |

573 views • 36 slides
Conficker / Downadup spreading vectors MS08-067 Vulnerability in Server service USB-Flash drives

Conficker / Downadup spreading vectors MS08-067 Vulnerability in Server service USB-Flash drives

Conficker / Downadup spreading vectors MS08-067 Vulnerability in Server service USB-Flash drives Autorun & Autoplay ADMIN$ shares 2 abc123 academia access account Admin admin admin1 admin12 admin123 adminadmin administrator

643 views • 17 slides
fjlesystems 3 1 last time hard drives seek time rotational latency block remapping by disk

fjlesystems 3 1 last time hard drives seek time rotational latency block remapping by disk

fjlesystems 3 1 last time hard drives seek time rotational latency block remapping by disk controller solid state disks wear leveling move data to new block when written work around limitations of large erasure blocks (that cant be

1.67k views • 110 slides
Open-Channel SSDs Matjas Bjrling LinuxCon North America 2015 1 Solid State Drives H i g h

Open-Channel SSDs Matjas Bjrling LinuxCon North America 2015 1 Solid State Drives H i g h

Open-Channel SSDs Matjas Bjrling LinuxCon North America 2015 1 Solid State Drives H i g h T h r o u g h p u t + L o w L a t e n c y P a r a l l e l i s m + C o n t r o l l e r Why Open-Channel

442 views • 16 slides
What Youll Learn Today Review, Q&A: Flash Tweening Using Flash as a multimedia

What Youll Learn Today Review, Q&A: Flash Tweening Using Flash as a multimedia

CS101 Lecture 21 Flash Animation: Images Aaron Stevens 21 March 2011 1 What Youll Learn Today Review, Q&A: Flash Tweening Using Flash as a multimedia content delivery platform. Review: image types and data requirements

346 views • 11 slides

More recommend