02-22-2011 11:56 AM
Aloha,
Just read the materials at the bottom of this site:
http://nvsl.ucsd.edu/sanitize/ http://nvsl.ucsd.edu/sanitize/
(NOTE: Please read the papers at the bottom of this site in their entirety before you reply to this post with an opinion.)
Couldn't help but notice a few things. First of all, this quote:
"We conclude that the complexity of SSDs relative to hard drives requires that they provide built-in sanitization commands. Our tests show that since manufacturers do not always implement these commands correctly, the commands should be verifiable as well. Current and proposed ATA and SCSI standards provide no mechanism for verification and the current trend toward encrypting SSDs makes verification even harder."
Also, noticed one of the SSDs they tested was an SLC 32GB (no model or manufacturer specifiec, but could be the X25-E series).
A key point here is that even though Intel (SSD Toolbox) or CMRR (HDDErase) has supplied tools for "erasing" your SSDs, it does NOT mean those SSDs should ever be released or tossed in the trash if they ever held confidential information (which they mostly like have, if you consider passwords, credit card numbers, or SSNs confidential). In the case of government, it means you shouldn't use a classified SSD and re-use it on an unclassified system, even after sanitizing.
Intel, can you provide some insight to this issue regarding your products? Specifically, will the SSD Toolbox verify and confirm all data is erased from an SSD, including any and all over-provisioned or "marked bad" data blocks? And, are there any tools which can let us, the end-user, visually check every writable bit of flash memory on the SSD?
Thanks to all for any input.
02-24-2011 11:05 AM
"If all the NAND cells of a SSD are set to their "cleared" or "read to write to" state, there is no chance of recovering the data that was previously written on them. A single over-write of anything ('0', 'Z', etc) to the full capacity of an SSD will cause most if not all of the previous contents to be gone forever."
For the average consumer, this may be, in theory, an acceptable state of clearing, but for corporate and government simply resetting the SSD to it's zeroed state (as implied by your quote) is most likely not enough. If you reference the second article on the subject website, "SAFE: Fast, Verifiable Sanitization for SSDs," you'll see that there's multiple steps recommended for trustworthy sanitizing because data CAN be recovered from flash/solid-state even after it's been erased. Data remnance is, and always has been, a serious issue with all forms of media, which is why a smart company would elect for proper destruction (even after sanitizing) whenever possible. However, forensic/labratory data remnance recovery isn't so much a sticking point for me as is neglegance.
If neglegance begins with the manufacturer, we have a serious problem on our hands no matter what kind of end-user we are. If a manufacturer's tool or firmware or implementation claims to do something, and it doesn't, then what? I believe the reason the researchers left out the branding/identification of their sample SSDs in those papers is due to the extremely high potential for lawsuits.
So a few questions remains for Intel to answer: Can they certify that the clearing functions work as expected and intended, and is there a way to verify it after it has occurred? If we were to discover the SSD Toolbox isn't actually clearing all the data, should we call our lawyers?
02-24-2011 12:27 PM
zulishk wrote:
For the average consumer, this may be, in theory, an acceptable state of clearing, but for corporate and government simply resetting the SSD to it's zeroed state (as implied by your quote) is most likely not enough.
if secure erase is implemented correctly, it is enough to render the data irretrievable. however, this may not be enough to satisfy the security policy of the company or government agency you work for, in which case you should probably do what they require you to do even if it is overkill.
02-24-2011 12:39 PM
"if secure erase is implemented correctly, it is enough to render the data irretrievable."
Key word: IF. (And "irretrievable" is subjective depending on the sensitivity of the information and disposition procedures.) (Editing for clarification: The more sensitive the data is, the less likely clearing or erasing alone, should it work correctly, is the best solution. Government and corporate espionage is a lucrative market, and data remanance makes recovering "erased" data quite easy with just a few tools.)
Ignorance is not bliss in this SSD community. As I mentioned before, data remanance isn't why I started this thread. That big fat "IF" you stated above is the reason, and I wouldn't wish for anybody using these products to have it come back and bite them in the @$$.
02-24-2011 05:02 PM
Well mistermokkiri, you stated the facts and regrettably they were ignored. So irretrievable is subjective... and the more sensitive the data is apparently means the more difficult it is to remove. Oooh-kay. Bureaucrats are able to ignore the technical realities because of course they just know better.
Of course the need for correct implementation of SSD erasure is a good point, and that has yet to be determined. That is true and I am not challenging that point. Although the term "secure erase" is used in Intel's SSD Toobox, can you show me where Intel or other SSD manufactures advertise their products as being guaranteed to have the data on them removed to government specification? What tool do they specify to do that?
Also:
"you'll see that there's multiple steps recommended for trustworthy sanitizing because data CAN be recovered from flash/solid-state even after it's been erased."
IMO, whomever made that statement is wrong. Of course it is a general statement, ignoring the technical details, which I won't go into since I imagine you'll ignore them.
I would honestly like to know how data is retrieved from NAND memory once is has been cleared, that is a fascinating concept, I'd truly like to learn about it, no sarcasm intended.
02-24-2011 06:15 PM
"...can you show me where Intel or other SSD manufactures advertise their products as being guaranteed to have the data on them removed to government specification?"
Yes, I can. It's clearly defined in the ATA/ATAPI/SCSI specifications for secure erase, not from a government agency, and which was researched and submitted by the CMRR (Center for Magnetic Recording Research), again not a government agency. I'll save you some effort:
"The current ATA specification for Normal Erase mode states that the SECURITY ERASE UNIT command shall write binary zeroes to all user accessible data areas."
So, as you can see, secure erase has nothing to do with government specifications. It has to do with community-defined specifications, and clear expectations, which neither are apparently being met as per the website referenced above. This is even before we address the topic of data remanance (the part you would be fascinated by, apparently, should you choose to read it).
So, let's not talk about who has ignored which facts.