Researchers wary of SSD security

by Jennifer Scott  |  Tuesday 22 February 2011
Researchers wary of SSD security

Solid state disks pose new risks to security.

Traditional ways to clear data from hard disks are not as effective on solid state disks (SSDs), posing a security risk.

Research from the University of California in San Diego suggests that ways used to securely remove data failed to do so on the faster format.

Researchers warned users to think about encryption before installing SSDs in their networks.

Of the 12 drives the study examined, only eight had ATA and SCSI command sets for removing data and only half of these worked.

Continually overwriting data on SSDs is time consuming, they found. But magnetically destroying the electronics on the chips ('degaussing') and single-file sanitisation (deleting an unencrypted file)  failed to securely remove the data.

“To properly secure data and take advantage of the performance benefits that SSDs offer, you should always encrypt the entire disk and do so as soon as the operating system is installed,” said Chester Wisniewski, senior security adviser at Sophos.

“Securely erasing SSDs after they have been used unencrypted is very difficult, and may be impossible in some cases.”

Although the adoption of SSDs has continued to rise, it has still not taken over the market as many predicted it would in 2010.

However, price per GB for NAND flash memory is falling and the major barrier to SSD adoption has been the expense.

Now it seems SSD adopters have security to contend with as well.

This article originally appeared at itpro.co.uk

Related Articles

Source: Copyright © ITPro, Dennis Publishing

See more about:  ssd security  |  degaussing  |  single file sanitisation  |  gutmann  |  eraser  |  heidiie pseudorandom  |  data us  |  air  |  force  |  5020 us  |  dod  |  5222022 schneier  |  7pass 3pass
 
 
Comments: 2
j876
22 February 2011
 I don't understand this, this is Flash Memory which needs to be erased before it is written to. Surely, a utility to bulk erase Flash ROM could be written by the manufacturers to properly erase the flash. They could modify the TRIM instructions to erase the entire drive before formatting.

The TRIM software, as I understand it, does a proper flash erase of sectors marked by the Operating System as unused. Surely this can be adapted for a full drive flash erase.

The Motorola MC68HC12 had a debug command BULK which erased the entire flash EEPROM on the chip. Why can't this be done on an SSD?


Comment made about the PC & Tech Authority article:
Researchers wary of SSD security?
Academics in California claim solid state disks are tougher to clear data from than hard drives and could pose a risk to security.

What do you think? Join the discussion.
Slatts
23 February 2011
 Research from the University of California in San Diego are facepalming en-mass.

Thank you for pointing that out j876, you've just cost them their grant.
Comments have been disabled for this article.
Most Read Most Discussed

Latest Comments

Powered by Disqus

Latest Poll

Which side are you choosing in the new console wars?
or View results
The Xbox One
  25%
 
The PlayStation 4
  30%
 
A console? Good Lord no - PC for me thanks!
  46%
TOTAL VOTES: 134

Vote now
View previous Polls »
Ads by Google

From our Partners

PC & Tech Authority Downloads