Silicon Power

Elige tu país

Asia/Pacific
  • AustraliaAustralia
    English
  • BangladeshBangladesh
    English
  • CambodiaCambodia
    English
  • ChinaChina
    中文 (简体)
  • HongKongHongKong
    中文 (繁體)
  • IndiaIndia
    English
  • IndonesiaIndonesia
    English
  • JapanJapan
    日本語
  • KoreaKorea
    English
  • MalaysiaMalaysia
    English
  • MongoliaMongolia
    English
  • MyanmarMyanmar
    မြန်မာ
  • NepalNepal
    English
  • New ZealandNew Zealand
    English
  • PakistanPakistan
    English
  • PhilippinesPhilippines
    English
  • SingaporeSingapore
    English
  • SriLankaSriLanka
    English
  • TaiwanTaiwan
    中文 (繁體)
  • ThailandThailand
    English
  • VietnamVietnam
    Tiếng Việt
Europe
  • AustriaAustria
    Deutsch
  • BelarusBelarus
    Pусский
  • BelgiumBelgium
    Dutch
  • BosniaBosnia
    English
  • BulgariaBulgaria
    English
  • CroatiaCroatia
    English
  • CyprusCyprus
    English
  • Czech RepublicCzech Republic
    English
  • DenmarkDenmark
    English
  • EstoniaEstonia
    English
  • FinlandFinland
    English
  • FranceFrance
    Français
  • GermanyGermany
    Deutsch
  • GreeceGreece
    English
  • HungaryHungary
    English
  • IcelandIceland
    English
  • IrelandIreland
    English
  • ItalyItaly
    Italiano
  • KazakhstanKazakhstan
    Pусский
  • KosovoKosovo
    English
  • LatviaLatvia
    English
  • LithuaniaLithuania
    English
  • MacedoniaMacedonia
    English
  • MaltaMalta
    English
  • NetherlandsNetherlands
    Dutch
  • NorwayNorway
    English
  • PolandPoland
    Polski
  • PortugalPortugal
    English
  • RomaniaRomania
    English
  • RussiaRussia
    Pусский
  • SerbiaSerbia
    English
  • SlovakiaSlovakia
    English
  • SloveniaSlovenia
    English
  • SpainSpain
    Español
  • SwedenSweden
    English
  • SwitzerlandSwitzerland
    Deutsch
  • TurkeyTurkey
    Türkçe
  • UkraineUkraine
    English
  • United KingdomUnited Kingdom
    English
North America
  • CanadaCanada
    English
  • United StatesUnited States
    English
Latin America
  • ArgentinaArgentina
    Español
  • BoliviaBolivia
    Español
  • BrasilBrasil
    English
  • ChileChile
    Español
  • ColombiaColombia
    Español
  • Costa RicaCosta Rica
    Español
  • Dominican RepublicDominican Republic
    Español
  • EcuadorEcuador
    Español
  • El SalvadorEl Salvador
    Español
  • GuatemalaGuatemala
    Español
  • HondurasHonduras
    Español
  • MéxicoMéxico
    Español
  • PanamaPanama
    Español
  • ParaguayParaguay
    Español
  • PeruPeru
    Español
  • UruguayUruguay
    Español
  • VenezuelaVenezuela
    Español
Middle East/Africa
  • AlgeriaAlgeria
    English
  • EgyptEgypt
    English
  • IsraelIsrael
    English
  • KenyaKenya
    English
  • LebanonLebanon
    English
  • LibyaLibya
    English
  • MauritiusMauritius
    English
  • MoroccoMorocco
    Français
  • Saudi ArabiaSaudi Arabia
    English
  • South AfricaSouth Africa
    English
  • TunisiaTunisia
    English
  • UAEUAE
    English
  • YemenYemen
    English
Others
  • OthersOthers
    English
Dr

Reliably Erasing Data from an SSD

Reliably erasing data from storage media (sanitizing the media) is a critical component of secure data management.
Flash-based solid-state drives (SSDs) differ from hard drives in both the technology they use to store data (flash chips vs. magnetic disks) and the algorithms they use to manage and access that data. SSDs maintain a layer of indirection between the logical block addresses that computer systems use to access data and the raw flash addresses that identify physical storage. The layer of indirection enhances SSD performance and reliability by hiding the flash memory’s idiosyncratic interface and managing its limited lifetime. However, it can also produce copies of the data that are invisible to the user but recoverable by a sophisticated attacker. For this reason, it is so important to sanitize the media completely.
1. Whole-drive sanitization
There are four different techniques for sanitizing an entire SSD:

1.1 Built-in sanitize commands

Most modern drives have built-in sanitize commands that instruct on-board firmware to run a sanitization protocol on the drive. Traditionally, the ATA security command set specifies an “ERASE UNIT” command that erases all user-accessible areas on the drive by writing all binary zeros or ones. There is also an enhanced “ERASE UNIT ENH” command that writes a vendor-defined pattern, such as a 1MB binary file with a 0x55 content. The ACS-2/ACS-3 specification specifies a “BLOCK ERASE” command that is part of its SANITIZE feature set. It instructs a drive to perform a block erase on all memory blocks containing user data, even if they are not user accessible. SP Industrial SSDs support ACS-2/ACS-3 specifications to provide a 4-way interleave multiple block erase function to sanitize a whole drive effectively. For example, 1TB SSD (SP010TSSD301RW0) or pSLC 512GB SSD (SP512GISSD501RW0) can be triggered by a 5-pin Feature Connector to execute a 4-way Interleave Multiple Block Erase function to complete whole-drive sanitization in around 10 seconds.

1.2 Repeatedly writing over the drive

The second sanitization method is to use normal IO commands to overwrite each logical block address on the drive. Repeated software overwrite is at the heart of many disk sanitization standards and tools. All the standards and tools we have examined use a similar approach; they sequentially overwrite the entire drive with anywhere between 1- and 35-bit patterns. The US Air Force System Instruction 5020 is a good example; it first fills the drive with binary zeros, then binary ones, and finally an arbitrary character. The data is then read back to confirm that only the arbitrary character is present.
The varied bit patterns aim to switch as many of the physical bits on the drive as possible and, therefore, make it more difficult to recover the data via analog means. Bit patterns are potentially important for SSDs as well, but for different reasons. Since some SSDs compress data before storing it, they will write fewer bits to the flash if the data is highly compressible. This suggests that for maximum effectiveness, SSD overwrite procedures should use random data.
The complexity of SSD FTLs means that the usage history before the overwrite passes may impact the effectiveness of the technique. To account for this, we tested SSDs by writing the first pass of data either sequentially or randomly. Then, we performed 20 sequential overwrites. For the random writes, we wrote every LBA exactly once, but in a pseudo-random order.
In most cases, overwriting the entire disk twice was enough to sanitize the disk, regardless of the previous state of the drive. However, it takes a lot of time to complete whole-drive sanitization this way.

1.3 Electrically destroying the drive via a high voltage generator

Degaussing is a fast and effective means of destroying hard drives, since it removes the disk’s low-level formatting (along with all the data) and damages the drive’s motor. However, the mechanism that flash memories use to store data is not magnetism-based, so we do not expect the degausser to erase the flash cells directly.
Alternatively, a special design with a high voltage generator and a controller inside the SSD can destroy NAND flash physically. However, this is not a normal design for SSDs. SP Industrial SSDs are equipped with an integrated Industrial-grade Active PMU (Power Management Unit) to provide higher reliability of power compared to traditional discrete circuits. They also feature complete protection with OVP, OCP, Surge Rejection, and In-Out Short Protection to provide a higher level of protection versus traditional fuse design. Therefore, we don’t recommend implementing this technique for whole-drive sanitization.

1.4 Leveraging encryption

The self-encrypting drive (SED) of SP Industrial SSDs features an AES-256 encryption engine, which provides hardware-based, secure data encryption with no SSD performance loss. This SED follows the TCG/Opal specification for trusted peripherals. The data encryption is always running; however, encryption keys are not managed, and the data is not secure until either TCG/Opal or ATA security feature sets are enabled.
This technique is a quick means to sanitize the drive, since deleting the encryption key will, in theory, render the data on the drive irretrievable.
Pin Function I/O Funtion Description
1 Write Protect input short to GND pin to enable write protection
2 GND n/a system ground
3 Device activity indicator output connect to an LED to indicate device activity
4 Security Erase trigger input short to GND pin to trigger security erase function
5 Erase activity indicator output connect to an LED to indicate erase function activity