SSDs do not always scrub-delete files, claim researchers

According to the researchers – Michael Wei, Laura M. Grupp, Frederick Spada and Steven Swanson – the way an SSD operates is different in almost every respect from a hard drive, so assuming that erasure techniques that work for hard drives will also work for SSDs is dangerous.

The report notes that SSDs use flash memory to store data, and flash memory is divided into pages and blocks.

Infosecurity notes that the problem stems from the fact that program operations apply to pages and can only change 1s to 0s. Erase operations, meanwhile, apply to blocks and set all the bits in a block to 1. As a result, says the paper, an in-place update is not possible.

As the report notes: "a flash translation layer (FTL) manages the mapping between logical block addresses (LBAs) that are visible via the ATA or SCSI interface and physical pages of flash memory."

"Because of the mismatch in granularity between erase operations and program operations in flash, in-place update of the sector at an LBA is not possible", says the report.

"Instead, to modify a sector, the FTL will write the new contents for the sector to another location and update the map so that the new data appears at the target LBA. As a result, the old version of the data remains in digital form in the flash memory. We refer to these 'left over’ data [part-files] as digital remnants", the report adds.

Since in-place updates are not possible in SSDs, the researchers argue that the overwrite-based erasure techniques that work well for hard drives may not work properly for SSDs.

The report concludes that, in order to remedy the problem, the research team have described and evaluated three simple extensions to an existing FTL that make file sanitisation fast and effective.

"Overall, we conclude that the increased complexity of SSDs relative to hard drives requires that SSDs provide verifiable sanitisation operations," they say in their report.

Commenting on the issues, Andy Cordial, managing director of storage systems specialist Origin Storage, said that many companies have made the understandable mistake of presuming that flash drives are a slot-in replacement for magnetic drives, when in fact nothing could be farther from the truth.

"And as prices have fallen, a lot of firms have gone for SSDs to tap into the advantages of rapid boot times, especially for relatively smaller-capacity flash drives", he said.

The bottom line, says Cordial, is that 'conventional' data overwrite commands, which have worked well on magnetic drives since the earliest days of PCs in the 1980s, cannot be relied upon to function in the same manner with a flash drive.

"As the university researchers found, the erase procedures provided by manufacturers should be verifiable as well, so that users could easily check post-sanitisation that their data had been removed", he explained.

"We could have told the researchers that. This is why we recommend SSDs for specific applications and magnetic drives for other uses. It's also why, where high levels of security are required, we recommend magnetic drives with additional levels of security, such as PIN/password entry systems", he said.

What’s hot on Infosecurity Magazine?