Flash-based solid-state drives (SSDs) are becoming increasingly popular in markets such as notebook PCs and sub-notebooks for enterprises, Ultra-Mobile PCs , and Tablet PCs for the healthcare and consumer electronics sectors. For low-end applications, a USB flash drive may be obtained for $10 to $100 or so, depending on capacity.
However, a recent paper from computer scientists in the Department of Computer Science and Engineering, University of California, San Diego, reveal that that there is a right way and a wrong way to erase data from SSDs. And depending on the method you employ, your data management security could be compromised.
SSD is a rapidly developing technology. In 2008, EMC became the first enterprise storage vendor to ship flash-based SSDs into its product portfolio, in 2009 Dell began to offer optional 256 GB solid state drives on select notebook models, Toshiba launched a laptop with a 512 GB SSD and as of October 2010, Apple’s MacBook Air line includes solid state drives as standard.
The problem is the internals of an SSD differ in almost every respect from a hard drive, so assuming that the erasure techniques that work for hard drives will also work for SSDs is dangerous.
SSDs use flash memory to store data. Flash memory is divided into pages and blocks. Because of the mismatch in granularity between erase operations and program operations in flash, in-place update of the sector at a logical block address (LBA) is not possible. This means when you write new data onto a SSD it writes the new content for the sector to another location. As a result, the old version of the data remains in digital form in the flash memory.
Since in-place updates are not possible in SSDs, the overwrite-based erasure techniques that work well for hard drives may not work properly for SSDs. Those techniques assume that overwriting a portion of the LBA space results in overwriting the same physical media that stored the original data. Overwriting data on an SSD results in logical sanitization (i.e., the data is not retrievable via the SATA or SCSI interface) but not digital sanitization.
These differences between hard drives and SSDs potentially lead to a dangerous disconnect between user expectations and the drive’s actual behavior: An SSD’s owner might apply a hard drive-centric sanitization technique under the misguided belief that it will render the data essentially irrecoverable. In truth, data may remain on the drive and require only moderate sophistication to extract.
What the researchers discovered was the ability to securely destroy one file on an unencrypted disk, is nearly impossible on SSDs. They state that even the most effective file destruction methods may leave behind more than 4 percent of the original data.
To properly secure data and take advantage of the performance benefits that SSDs offer, you should always encrypt the entire disk and do so as soon as the operating system is installed.
Securely erasing SSDs after they have been used unencrypted is very difficult, and may be impossible in some cases. To read more you can access the paper here: http://www.usenix.org/events/fast11/tech/full_papers/Wei.pdf