reliably erasing data from flash based solid state drives
play

Reliably Erasing Data from Flash-Based Solid State Drives Michael - PowerPoint PPT Presentation

Nov 13, 2023 •47 likes •847 views

Reliably Erasing Data from Flash-Based Solid State Drives Michael Wei* Laura Grupp*, Fredrick E. Spada, Steven Swanson* * Non-Volatile Systems Laboratory Department of Computer Science and Engineering University of California, San Diego

  1. Reliably Erasing Data from Flash-Based Solid State Drives Michael Wei* Laura Grupp*, Fredrick E. Spada†, Steven Swanson* * Non-Volatile Systems Laboratory Department of Computer Science and Engineering University of California, San Diego † Center for Magnetic Recording Research University of California, San Diego

  2. 2 Confidential Data sensitive information which… Limited to people with need • Destroyed at end of life •

  3. 3 YOU… have confidential data on your computer right now!

  4. 4 CORPORATIONS… must protect their own data as well as client’s data.

  5. 5 GOVERNMENTS… must protect information to protect the state and lives of its citizens

  6. 6 * Confidential Data sensitive information which… Limited to people with need • Destroyed at end of life •

  7. 7 What we know comes from years of research on hard drives.

  8. 8 Solid State Disks (SSDs) next generation storage… Flash-based • No moving parts • Uses a complex controller • (Flash Translation Layer)

  9. 9 2008 ‐ 2013 SSD Shipment Forecast 60 SSD Shipments (in Millions) 50 40 30 20 10 0 2008 2009 2010 2011 2012 2013 Year Source: DRAMeXchange SSDs are becoming quite popular…

  10. 10 You might have left confidential data and not even realized it.

  11. 11 Why is it hard to erase SSDs? Current sanitization tools are designed for hard drives. But SSDs are very different!

  12. 12 SSD Differences Recovery process is cheap • Wide space of manufacturers • for poor implementation Easy Disassembly / Reassembly • • Low cost compared to Let’s see what’s on this SSD… hard drives • Someone could steal your data overnight!

  13. 13 Overview Motivation • Sanitization Background • Validating Sanitization • and Results Single-File Sanitization • Enhancement

  14. 14 Sanitization Erasing data so that it is difficult or impossible to recover

  15. 15 * For this talk, we’ll talk about the chip level. • There’s leftover data • It’s cheap • The next level is much more complex

  16. 16 Physical Level • Destroying Flash Memory-Based Storage Devices , Steven Swanson, University of California, San Diego Computer Science & Engineering technical report cs2011-0968. • 0.2mm particles • Good until 2022 (8nm technology node)

  17. 17 Writing Data

  18. 18 Writing more data…

  19. 19 Lots of stale data can be left over on the drive…

  20. 20 Overview Motivation • Sanitization Background • Validating Sanitization • and Results Single-File Sanitization • Enhancement

  21. 21 We now want to measure the stale data left over.

  22. 22 First, we constructed a “fingerprint” that was easily identifiable. Special Identifiers Unique Patterns Checksum

  23. 23 Second, We needed a way to see more than what the operating system sees.

  24. 24 Second, We needed a way to see more than what the operating system sees.

  25. 25 We built a custom hardware platform to extract data off the chips.

  26. 26 The drive is successfully sanitized if * no stale data is left over.

  27. 27 Whole-disk sanitization Erase the whole disk so that no old data remains. • Built-in Commands • ATA Security “Erase Unit” (ATA-3), 1995 • Cryptographic techniques • Software Overwrite • Various Standards

  28. 28 Built-in commands • ATA Security “Erase Unit”

  29. 29 ATA Security Erase Unit (1995) • Normal: Replace the contents of LBA 0 to MAX LBA with binary zeroes or ones. • Enhanced: All previously written user data shall be overwritten. Predates SSDs: doesn’t distinguish overwritten from erase.

  30. 30 ATA Security Erase Enhanced Some drives tested supported and passed ATA SECURITY Vendor Dependent SECURITY ERASE ERASE UNIT ENHANCED SECURITY ERASE SSD Name Controller UNIT ENHANCED UNIT (ATA-3) (ATA-3) ATA SECURITY A 1 No No ERASE UNIT B 2 No (Reports yes) No C 1 Partial (Bugged) No Software Overwrite D 3 Partial (Bugged) No E 4 Crypto Scrambles Crypto Scrambles F 5 Yes Yes G 6 Yes No H 7 Yes Yes I 8 Yes Yes

  31. 31 ATA Security Erase Unit One drive reported success, even though all data remained. ATA SECURITY SECURITY ERASE SECURITY ERASE ERASE UNIT ENHANCED SSD Name Controller UNIT ENHANCED UNIT (ATA-3) (ATA-3) ATA SECURITY Vendor Dependent A 1 No No ERASE UNIT B 2 No (Reports yes) No C 1 Partial (Bugged) No Software Overwrite D 3 Partial (Bugged) No E 4 Crypto Scrambles Crypto Scrambles F 5 Yes Yes G 6 Yes No H 7 Yes Yes I 8 Yes Yes

  32. 32 ATA Security Erase Unit • Others only worked after the drive was reset ATA SECURITY SECURITY ERASE SECURITY ERASE ERASE UNIT ENHANCED SSD Name Controller UNIT ENHANCED UNIT (ATA-3) (ATA-3) ATA SECURITY Vendor Dependent A 1 No No ERASE UNIT B 2 No (Reports yes) No C 1 Partial (Bugged) No Software Overwrite D 3 Partial (Bugged) No E 4 Crypto Scrambles Crypto Scrambles F 5 Yes Yes G 6 Yes No H 7 Yes Yes I 8 Yes Yes

  33. ATA Security Erase Unit • Some drives crypto- scrambled, so we could not verify them ATA SECURITY SECURITY ERASE SECURITY ERASE ERASE UNIT ENHANCED SSD Name Controller UNIT ENHANCED UNIT (ATA-3) (ATA-3) ATA SECURITY Vendor Dependent A 1 No No ERASE UNIT B 2 No (Reports yes) No C 1 Partial (Bugged) No Software Overwrite D 3 Partial (Bugged) No E 4 Crypto Scrambles Crypto Scrambles F 5 Yes Yes G 6 Yes No H 7 Yes Yes I 8 Yes Yes 33

  34. 34 * Crypto-Scramble Works by deleting key • Fast, but… • Encrypted data remains • Data isn’t erased • Crypto scramble makes drives unverifiable

  35. 35 Hardware Commands • Wide variation in results – Not supported – Success – Crypto-scramble – Buggy implementation (works sometimes) – Failure (all data leftover) • Result is implementation-dependent • Will not know what happens until it is tested

  36. 36 SAFE: Scramble and Finally Erase • UCSD Technical Report cs2011-0963 • Cryptography is desirable • However, it is hard to verify • A sanitized disk is easy to verify • Why not crypto-scramble AND erase?

  37. 37 SAFE: Scramble and Finally Erase In Use Sanitize Disk ACTIVE Write Metadata INITIALIZED • Traditional Sanitization Process – Sanitize and Initialize in a single step – Drive is INITIALIZED after a sanitize

  38. 38 SAFE: Scramble and Finally Erase Encrypted, In Use ACTIVE Delete Keys KEYLESS Write Metadata INITIALIZED • Crypto-Erase “Sanitization” Process – Delete keys – Drive is INITIALIZED after a sanitize

  39. 39 SAFE: Scramble and Finally Erase Encrypted, In Use Sanitize Disk ACTIVE Delete Keys KEYLESS Block Erase Write Metadata VERIFIABLE INITIALIZED SAFE breaks this up and adds two new states: KEYLESS and VERIFIABLE

  40. 40 SAFE: Scramble and Finally Erase Encrypted, In Use Sanitize Disk ACTIVE Delete Keys KEYLESS Block Erase Write Metadata VERIFIABLE INITIALIZED Scramble: Drive is actively being encrypted – On sanitize, delete the keys ( KEYLESS) – This step takes milliseconds

  41. 41 SAFE: Scramble and Finally Erase Encrypted, In Use Sanitize Disk ACTIVE Delete Keys KEYLESS Block Erase Write Metadata VERIFIABLE INITIALIZED Erase: Perform a block erase after scramble – We can easily verify the drive ( VERIFIABLE) – This step takes minutes

  42. 42 SAFE: Scramble and Finally Erase • We can now verify if the drive is erased – Via pulling off the chips – Possibly via hardware commands that don’t exist yet – External connector • Best of both worlds – Fast cryptographic scramble – Slower, more secure erase

  43. 43 Myth: Flash takes a long time to erase • 13 seconds to erase 4 Gbit • 2.1minutes to program 4 Gbit • Can work on multiple chips in parallel • #of channels scales with drive size (in general) • Average disk (250GB) may take ~20s to fully erase • With simple optimizations, a very fast erase is possible

  44. 44 SAFE: Scramble and Finally Erase • Problem: We still have to trust the firmware designer to do it right! • Challenge: How do we avoid the need to trust the firmware?

  45. 45 Software overwrite • Various Government Standards • According to NIST 800-88 (2006) “Studies today have shown that most of today’s media can be effectively cleared by one overwrite.”

  46. 46 Software overwrite

  47. 47 Software overwrite ?

  48. 48 How many times? * Our experiments show 2 passes are typically necessary But even on the same drive, the number of required passes varied between 2 to more than 20. Unreliable - hardware commands are best, if they are correctly implemented.

  49. 49 Single-File Sanitization Erasing single files while leaving other parts of the drive intact

  50. 50 We want to sanitize only part of the disk.

  51. 51 Let’s try overwriting it…

  52. 52 And again…

  53. 53 We tested with a 1000MB file, and got pretty bad results… 1000 MB Recovery (MB) 100 MB 10 MB 1 MB

  54. 54 We tried to augment the existing procedures to do better… - Wipe the free space - Defragment and wipe …but that didn’t help at all.

  55. 55 We’d like a hardware command that would tell the controller to delete stale data

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Open-Channel Solid State Drives Matias Bjrling 2015/03/12 Vault 1 Solid State Drives

Open-Channel Solid State Drives Matias Bjrling 2015/03/12 Vault 1 Solid State Drives

Open-Channel Solid State Drives Matias Bjrling 2015/03/12 Vault 1 Solid State Drives Thousand of IOPS and low latency (<1ms) Hardware continues to improve Parallel architecture Larger flash chips Replaceable for

232 views • 22 slides
Long-Term JPEG Data Protection and Recovery for NAND Flash-Based Solid-State Storage Yu-Chun Kuo,

Long-Term JPEG Data Protection and Recovery for NAND Flash-Based Solid-State Storage Yu-Chun Kuo,

Long-Term JPEG Data Protection and Recovery for NAND Flash-Based Solid-State Storage Yu-Chun Kuo, Ruei-Fong Chiu, and Ren-Shuo Liu System and Storage Design Lab Department of Electrical Engineering National Tsing Hua University Taiwan 1

1.01k views • 42 slides
An overview on solid-state-drives architectures and enterprise solutions Romolo Marotta

An overview on solid-state-drives architectures and enterprise solutions Romolo Marotta

An overview on solid-state-drives architectures and enterprise solutions Romolo Marotta Sapienza, University of Rome Why SSD are so attractive? Capacity vs Access Time SRAM 10 8 DRAM FLASH 10 6 Capacity (MB) 10 4 10 2 1 10 -2 10 -6 10 -4

1.34k views • 110 slides
FIOS: A Fair, Efficient Flash I/O Scheduler Stan Park and Kai Shen presented by Jason

FIOS: A Fair, Efficient Flash I/O Scheduler Stan Park and Kai Shen presented by Jason

FIOS: A Fair, Efficient Flash I/O Scheduler Stan Park and Kai Shen presented by Jason Gevargizian Flash devices NAND Flash devices are used for storage aka Solid-state Drives (SSDs) much higher I/O performance than mechanical

539 views • 30 slides
Data Systems on Modern Hardware: Multi-cores, Solid-State Drives, and Non-Volatile Memories Prof.

Data Systems on Modern Hardware: Multi-cores, Solid-State Drives, and Non-Volatile Memories Prof.

CS 591: Da Data Systems Architectures Data Systems on Modern Hardware: Multi-cores, Solid-State Drives, and Non-Volatile Memories Prof. Manos Athanassoulis https://midas.bu.edu/classes/CS591A1 with slides developed at Harvard Some class

963 views • 74 slides
A Semi Preemptive Garbage A Semi Preemptive Garbage Collector for Solid State Collector

A Semi Preemptive Garbage A Semi Preemptive Garbage Collector for Solid State Collector

A Semi Preemptive Garbage A Semi Preemptive Garbage Collector for Solid State Collector for Solid State Collector for Solid State Collector for Solid State Drives Drives Junghee Lee, Youngjae Kim, Galen M. Shipman, Sarp Oral, Feiyi Wang,

540 views • 26 slides
A file system for safely interacting with untrusted USB flash drives Ke Zhong , Zhihao Jiang ,

A file system for safely interacting with untrusted USB flash drives Ke Zhong , Zhihao Jiang ,

A file system for safely interacting with untrusted USB flash drives Ke Zhong , Zhihao Jiang , Ke Ma , and Sebastian Angel University of Pennsylvania Shanghai Jiao Tong University Most Storage has moved to cloud! USB flash drives

774 views • 74 slides
SFS: Random Write Considered Harmful in Solid State Drives Changwoo Min 1, 2 , Kangnyeon Kim 1 ,

SFS: Random Write Considered Harmful in Solid State Drives Changwoo Min 1, 2 , Kangnyeon Kim 1 ,

SFS: Random Write Considered Harmful in Solid State Drives Changwoo Min 1, 2 , Kangnyeon Kim 1 , Hyunjin Cho 2 , Sang-Won Lee 1 , Young Ik Eom 1 1 Sungkyunkwan University, Korea 2 Samsung Electronics, Korea Outline Background Design

367 views • 34 slides
3-Dimensional Monolithic Nonvolatile Memories and the Future of Solid-State Data Storage Dr.

3-Dimensional Monolithic Nonvolatile Memories and the Future of Solid-State Data Storage Dr.

3-Dimensional Monolithic Nonvolatile Memories and the Future of Solid-State Data Storage Dr. Michael A. Vyvoda Director, Technology Transfer and Operations 3D Technology Group SanDisk Corporation February 8 th , 2008 Outline Flash memory

577 views • 35 slides
Flash Memory Overview Steven Swanson Humanity processed 9 Zettabytes in 2008* Welcome to the

Flash Memory Overview Steven Swanson Humanity processed 9 Zettabytes in 2008* Welcome to the

Flash Memory Overview Steven Swanson Humanity processed 9 Zettabytes in 2008* Welcome to the Data Age! 2 *http://hmi.ucsd.edu Solid State Memories NAND flash Ubiquitous, cheap Sort of slow, idiosyncratic Phase change, Spin

634 views • 30 slides
Flash-based SSDs [ Material based on slides from Tyler Caraza-Harter ] www:

Flash-based SSDs [ Material based on slides from Tyler Caraza-Harter ] www:

Flash-based SSDs [ Material based on slides from Tyler Caraza-Harter ] www: https://tyler.caraza-harter.com Cost: HDD vs. SSD Source: http://www.tomshardware.com/news/ssd-hdd-solid-state-drive-hard-disk-drive-prices,14336.html Cost: HDD vs.

1.23k views • 119 slides
FLIN: Enabling Fairness and Enhancing Performance in Modern NVMe Solid State Drives Arash

FLIN: Enabling Fairness and Enhancing Performance in Modern NVMe Solid State Drives Arash

FLIN: Enabling Fairness and Enhancing Performance in Modern NVMe Solid State Drives Arash Tavakkol, Mohammad Sadrosadati, Saugata Ghose, Jeremie S. Kim, Yixin Luo, Yaohua Wang, Nika Mansouri Ghiasi, Lois Orosa, Juan Gmez-Luna, Onur Mutlu June

1.14k views • 92 slides
Solid State Drives (SSDs) Daniel Mosse (slides are modified from Dr. Ahmed Amers CS 1550 Slides

Solid State Drives (SSDs) Daniel Mosse (slides are modified from Dr. Ahmed Amers CS 1550 Slides

Solid State Drives (SSDs) Daniel Mosse (slides are modified from Dr. Ahmed Amers CS 1550 Slides and Sherif Khattab ) Historical Disk drive specifics IBM 360KB WD 18GB Seagate ST9250410AS floppy HD 250GB HD (16MB cache)

157 views • 11 slides
Become a SSD expert in minutes! Ryan Smith ryan.smith@ssi.samsung.com 408-205-8889 What is a

Become a SSD expert in minutes! Ryan Smith ryan.smith@ssi.samsung.com 408-205-8889 What is a

Become a SSD expert in minutes! Ryan Smith ryan.smith@ssi.samsung.com 408-205-8889 What is a SSD? SSD = Solid State Drive RAM- based introduced in 1970s Flash- based version in 1990s Today, it typically uses NAND Flash

420 views • 27 slides
LaLDPC: Latency-aware LDPC for Read Performance Improvement of Solid State Drives Yajuan Du 1,2 ,

LaLDPC: Latency-aware LDPC for Read Performance Improvement of Solid State Drives Yajuan Du 1,2 ,

LaLDPC: Latency-aware LDPC for Read Performance Improvement of Solid State Drives Yajuan Du 1,2 , Deqing Zou 1 , Qiao Li 3 , Liang Shi 3 , Hai Jin 1 , and Chun Jason Xue 2 1 1 Huazhong University of Science and Technology 2 City University of

599 views • 41 slides
The Unwritten Contract of Solid State Drives Jun He, Sudarsun Kannan, Andrea C. Arpaci-Dusseau,

The Unwritten Contract of Solid State Drives Jun He, Sudarsun Kannan, Andrea C. Arpaci-Dusseau,

The Unwritten Contract of Solid State Drives Jun He, Sudarsun Kannan, Andrea C. Arpaci-Dusseau, Remzi H. Arpaci-Dusseau Department of Computer Sciences, University of Wisconsin - Madison Enterprise SSD revenue is expected to exceed enterprise

2.48k views • 164 slides
Morphological quenching Increased stability for gas disks in early-type galaxies Marie Martig

Morphological quenching Increased stability for gas disks in early-type galaxies Marie Martig

Morphological quenching Increased stability for gas disks in early-type galaxies Marie Martig (MPIA) With : Frederic Bournaud, Avishai Dekel, Romain Teyssier Alison Crocker, Eric Emsellem, Tim Davis, Martin Bureau, Pierre- Alain Duc + ATLAS

391 views • 15 slides
Hard Disk Drives Nima Honarmand (Based on slides by Prof. Andrea Arpaci-Dusseau) Fall 2017 ::

Hard Disk Drives Nima Honarmand (Based on slides by Prof. Andrea Arpaci-Dusseau) Fall 2017 ::

Fall 2017 :: CSE 306 Hard Disk Drives Nima Honarmand (Based on slides by Prof. Andrea Arpaci-Dusseau) Fall 2017 :: CSE 306 Storage Stack in the OS Application Virtual file system Concrete file system Generic block layer Driver Build

889 views • 50 slides
Ziggurat: A Tiered File System for Non-Volatile Main Memories and Disks Shengan Zheng ,

Ziggurat: A Tiered File System for Non-Volatile Main Memories and Disks Shengan Zheng ,

Ziggurat: A Tiered File System for Non-Volatile Main Memories and Disks Shengan Zheng , Morteza Hoseinzadeh , Steven Swanson Shanghai Jiao Tong University University of California, San Diego 1 Background Non-volatile main

665 views • 63 slides
Hard Drives, Storage Media and File Systems Interface Two most common types of interfaces

Hard Drives, Storage Media and File Systems Interface Two most common types of interfaces

1 Hard Drives, Storage Media and File Systems Interface Two most common types of interfaces SCSI: Small Computer Systems Interface (servers and high-performance desktops) IDE/ATA: Integrated Drive Electronics (PC workstation) 2

1.24k views • 74 slides
' $ \Similarit y Query Pro cessing using Disk Arra ys" Ap ostolos N. P apadop

' $ \Similarit y Query Pro cessing using Disk Arra ys" Ap ostolos N. P apadop

' $ \Similarit y Query Pro cessing using Disk Arra ys" Ap ostolos N. P apadop oulos & Y annis Manolop oulos Departmen t of Informatics, Aristotle Univ ersit y Thessaloniki, Greece A CM SIGMOD Conference,

562 views • 23 slides
Storage: The Unnoticed Revolution Jerome H. Saltzer M. I. T. / L. C. S.

Storage: The Unnoticed Revolution Jerome H. Saltzer M. I. T. / L. C. S.

Storage: The Unnoticed Revolution Jerome H. Saltzer M. I. T. / L. C. S. <Saltzer@MIT.edu> Disk Storage Capacity for $2500. 1 TB 100 GB 10 GB 1 GB Doubling time 100 MB = 1 year 10 MB 83 85 87 89 91 93 95 97 99 01 Year

224 views • 10 slides
Our Galaxy Chapter 19 19.1 The Milky Way Revealed Our goals for learning What does our

Our Galaxy Chapter 19 19.1 The Milky Way Revealed Our goals for learning What does our

Our Galaxy Chapter 19 19.1 The Milky Way Revealed Our goals for learning What does our galaxy look like? How do stars orbit in our galaxy? What does our galaxy look like? The Milky Way galaxy appears in our sky as a faint band of

967 views • 64 slides
Fast, Scalable Disk Imaging with Frisbee University of Utah Mike Hibler, Leigh Stoller, Jay

Fast, Scalable Disk Imaging with Frisbee University of Utah Mike Hibler, Leigh Stoller, Jay

Fast, Scalable Disk Imaging with Frisbee University of Utah Mike Hibler, Leigh Stoller, Jay Lepreau, Robert Ricci, Chad Barb 1 Key Points Frisbee clones whole disks from a server to many clients using multicast ! Fast " 34 seconds for

494 views • 35 slides

More recommend