Sign in with
Sign up | Sign in

Study: Nearly Impossible to Delete Data on SSDs

By - Source: Infoworld | B 49 comments

Researchers have discovered that many SSDs don't erase all the stored physical data.

During the FAST-11 Conference in San Jose last week, researchers from the University of California at San Diego presented a paper revealing that it's nearly impossible to erase data from a solid state drive. Called "Reliably Erasing Data from Flash-Based Solid State Drives (pdf)," the study essentially blamed the Flash Translation Layer firmware interface for the way it manages data on the NAND chips, and the unpredictable nature of those very same NAND chips.

As the paper states, flash media is divided into pages and blocks. Program operations apply to pages and can only change ones (1s) to zeros (0s). Erase operations apply to blocks and set all the bits in a block to 1. Unlike physical hard drives, this makes it impossible to perform an in-place update. Thus, the FTL will write new data in a completely different area of the SSD and erase the old "left over" data (or digital remnants) whenever the disk is not in use. The problem is that it takes a long time to physically erase the data.

"Since in-place updates are not possible in SSDs, the overwrite-based erasure techniques that work well for hard drives may not work properly for SSDs," the paper reads. "Those techniques assume that overwriting a portion of the logical block address (LBA) space results in overwriting the same physical media that stored the original data. Overwriting data on an SSD results in logical sanitization (i.e., the data is not retrievable via the SATA or SCSI interface) but not digital sanitization."

The researchers tested twelve SSDs by using the built-in "Erase Unit" command. After completion, four were found to be completely void of physical data. One drive reported to be entirely clean, yet the researchers were able to access all of its "erased" data. Overwriting entire SSDs proved more successful in a separate test, with one out of eight drives showing 100-percent data deletion. Two were completely cleaned after two passes, and one still contained 1-percent of the old data after 20 passes. The other four took more than 58 hours to overwrite the data just once.

The researchers also discovered that erasing a single file proved to be just as flawed. "All single-file overwrite sanitization protocols failed: between 4 and 75-percent of the files’ contents remained on the SATA SSDs," the paper reads. "USB drives performed no better: between 0.57 and 84.9-percent of the data remained." Overwriting the free space and defragmenting the drive to "encourage" the FTL to reuse more physical storage locations proved to be ineffective.

The researchers concluded the paper by saying built-in sanitize commands are effective when implemented correctly. Software techniques to clean the entire SSD work most of the time, but are not effective when deleting individual files. The researchers have submitted three "simple" extensions to an existing FTL that should make SSDs completely erasable in the future.

To learn more about the researchers' findings, read the PDF document here.

Discuss
Display all 49 comments.
This thread is closed for comments
Top Comments
  • 11 Hide
    _Cubase_ , February 23, 2011 11:56 PM
    The solution is in your logo... Tom's.
Other Comments
  • 3 Hide
    K3vBot6000 , February 23, 2011 11:51 PM
    I love when researchers catch this things. I'm glad to know someone is looking for every possible feature and flaw for the devices we use.
  • -2 Hide
    joytech22 , February 23, 2011 11:52 PM
    They should keep SSD's like this, that way if somebody does something dodgy like child *ehem, can't say that word here* then the authorities can take care of them the old fashioned way.

    I currently use a SSD and this news doesn't concern me at all.
  • 4 Hide
    alidan , February 23, 2011 11:53 PM
    how about just getting total drive encryption instead.
  • 11 Hide
    _Cubase_ , February 23, 2011 11:56 PM
    The solution is in your logo... Tom's.
  • 2 Hide
    icepick314 , February 23, 2011 11:59 PM
    _Cubase_The solution is in your logo... Tom's.


    after that, 4 seconds in a microwave should render ALL the remaining bits useless....
  • 1 Hide
    fonzy , February 24, 2011 12:03 AM
    This will stop people from buying used ones then.
  • 3 Hide
    alidan , February 24, 2011 12:04 AM
    joytech22They should keep SSD's like this, that way if somebody does something dodgy like child *ehem, can't say that word here* then the authorities can take care of them the old fashioned way.I currently use a SSD and this news doesn't concern me at all.


    i would just like to point this out. old child *ehem is bad, no question about that, 99%+ of the time, because the children were R'ed.

    however new applications of child *ehem laws make an 8 year old who gets their hands on a digital camera and takes a picture of themselves, it labels them a child *ehemographer

    now how does this apply to you?

    lets say that a someone between 15-17 takes a nude of themselves, and this is common, that is considered child *ehem, now lets say that you honestly cant tell, and unless you are a doctor who knows what they are looking for in bone structure, you probably honestly cant tell. would you want to go to jail for child *ehem because some almost adult took a nude of themselves and you cant tell? this happens FAR more often than you may realism, not the jail part, but profecionals getting tricked by underage. i believe its a 1985 issue of a famous magazine with the bunny, had a 15 year old as their centerfold, if not more.

    can you really say that all the *ehem on your computer is 100% all over 18? i can hope all of mine is, but if i ever know without a shadow of a doubt that it isnt, i want to make damn sure the picture is gone and is never coming back.
  • 2 Hide
    jprahman , February 24, 2011 12:10 AM
    If you really want to erase all the data on your SSD (or HDD for that matter) so no one can get to it there's a simple tool to do so.... a hammer.
  • 0 Hide
    thrillhaus , February 24, 2011 12:10 AM
    DBAN
    http://www.dban.org/

    Done.
  • 2 Hide
    kilo_17 , February 24, 2011 12:32 AM
    jprahmanIf you really want to erase all the data on your SSD (or HDD for that matter) so no one can get to it there's a simple tool to do so.... a hammer.


    Lol right!
  • 1 Hide
    randomizer , February 24, 2011 12:59 AM
    Interesting, so SSDs are not implementing the ATA Secure Erase command properly.
  • 2 Hide
    Wombat_VC , February 24, 2011 1:07 AM
    The best data eraser I have is in front of a nice sofa set and we regularly feed chopped logs into it, especially in winter.
  • 3 Hide
    alidan , February 24, 2011 1:12 AM
    randomizerInteresting, so SSDs are not implementing the ATA Secure Erase command properly.


    probably due to limited rewrite capabilities.
  • 3 Hide
    belardo , February 24, 2011 1:21 AM
    Hammers always work.
  • 3 Hide
    Supertrek32 , February 24, 2011 1:26 AM
    joytech22They should keep SSD's like this, that way if somebody does something dodgy like child *ehem, can't say that word here* then the authorities can take care of them the old fashioned way.I currently use a SSD and this news doesn't concern me at all.

    While I agree it's useful in this case, being able to wipe drive is extremely important in corporate/government settings.

    What if the government were developing a super-secret new weapon, and needed to upgrade the computers. If someone picked this drive up out of the trash, managed to recover 75% of the data, that means they have 75% of the plans to the death-star or whatever.

    Now, the government usually is pretty rigorous about destroying stuff like this, but what about microsoft? What if a somewhat tech-minded janitor at MS HQ was royally screwed at some point and out for revenge? He'd pick up old drives as they were discarded. Eventually he'd find something useful and bam. MS's new code just got leaked to the puclic or sold to the highest bidder.
  • 4 Hide
    Stryter , February 24, 2011 1:39 AM
    joytech22They should keep SSD's like this, that way if somebody does something dodgy like child *ehem, can't say that word here* then the authorities can take care of them the old fashioned way.I currently use a SSD and this news doesn't concern me at all.


    Nah, I'd rather the SSDs be able to erase data properly. Besides, criminals and kiddie pervs do a pretty good job of shooting themselves in the foot on a regular basis.
  • -1 Hide
    Wish I Was Wealthy , February 24, 2011 1:40 AM
    I read some of these comments like joytech22's & he should read this article once again...If you read properly,it said that they change the data from 1's to 0's for page & change 0's to 1's for the block area...So all data has not been erased,but changed to read something different...
  • -1 Hide
    Wish I Was Wealthy , February 24, 2011 1:45 AM
    Anyway I have bought 2 SSD's lately,but where pondering on where to use them online...I think I will stick to offline testing & see how effective they are first in speeding up the SSD's...Any thing online can cause your computer to slow down,so I will do it offline...
  • 0 Hide
    Wish I Was Wealthy , February 24, 2011 1:49 AM
    One more thing that I forgot to mention is which are the four SSD brand names and models that do the successfull job of erasing totally & also for what operating systems and whether for x32 bit and/or x64 bit...
  • 1 Hide
    lashabane , February 24, 2011 1:50 AM
    joytech22They should keep SSD's like this, that way if somebody does something dodgy like child *ehem, can't say that word here* then the authorities can take care of them the old fashioned way.I currently use a SSD and this news doesn't concern me at all.

    porn
Display more comments