The security limitations of solid-state drives

For discussions about security.
Post Reply
Message
Author
User avatar
Flash
Official Dog Handler
Posts: 13071
Joined: Wed 04 May 2005, 16:04
Location: Arizona USA

The security limitations of solid-state drives

#1 Post by Flash »

http://www.techrepublic.com/blog/securi ... ag=nl.e040
Takeaway: SSDs can offer substantial benefits in performance and reliability for at least some purposes, but encrypting data and secure data deletion are problems
Skip the first half, which is mostly regurgitated junk, some of which may even be wrong. For instance, this paragraph offers no data at all to back up its vague language:
SSDs are subject to hard limits on how many write operations may be performed before they cease working correctly. Their capacity for longer life is constantly growing, and this will surely become (mostly) a thing of the past within the next few years, but for now use cases that require heavy writing activity may prove problematic for the lifespan of these storage devices. Some claim these days are already behind us.
Start with The security limitations of SSDs.

User avatar
efiguy
Posts: 164
Joined: Thu 07 Sep 2006, 02:51

The security limitations of solid-state drives

#2 Post by efiguy »

Hi,

- I've had great success using USB drives in the 128Mb-8Gb range,
because of the Fat system, only put dir's in the drive root, failures being mechanical in nature (clumsy).

- Two seperate security systems (memorex & Imation) have run 4 years with usb drives taking 350 average 85kb jpg snapshots over 24x7 (black roof summers-0deg winters) - reading, transfer delete selected w/verify and delete rest. Rough calculations place them at 850000 writes with as many extra reads.

- There is an interesting phenomena - many times shadows and clouds will cause the security systems to write something like +5000 files, they all appear in explorer, but only 500 or so will have data. The excess must be erased before the drive will accept new data. I am not sure if this is an XP artifact or a potential usb security risk as file name might be important clues during an undelete process, even without data.

- another 8gb (pny) runs as 8-10 webservers (avg 700mb per) has ran for 2 yrs (24x7)

- For wiping - I use an 8Gb loaded to the brim with Puppy ISO's and transfer it into the (one to be cleaned)

Puppy Power,
jay

nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#3 Post by nooby »

Here in Sweden but most likely just rewriting stuff from Pcworld Mag or IDG News media.

They claim that the greatest security risk for firms with secret processes and company trade secrets to keep from the competitions and the industry spies are that a SSD are almost impossible to safely overwrite the info on it.

If important I can try to find the text but it is in Swedish but hopefully with names of where they got that info should I? Most likely it is the same text?
Late at nigh so maybe me turn in
I use Google Search on Puppy Forum
not an ideal solution though

Bruce B

#4 Post by Bruce B »

Flash,

There are people who talk about problems and problems.

I want to be informed about the problem and know the solutions.
  • This leads directly to the second major security issue afflicting SSDs:
    secure deletion. Standard secure deletion software such as the Unix utility
    shred is sufficient for secure deletion on modern HDDs, but largely
    ineffective for consumer flash media storage devices.
This solution is mistaken. Shred doesn't work well when the data
won't stay still. This happens with our journaled format systems.

It it is an ext3, force mount the partition as ext2, then shred.

If you have sensitive data, copy the encrypted file to a RAM disk. Decrypt
it, use it, modify it or whatever, then encrypt it back to permanent
storage.

To wipe and restore an SSD

cfdisk /dev/foobar
note the partition structure, write down the CHS factory values

dd if=/dev/zero of=/dev/foobar
or
dd if=/dev/random of=/dev/foobar

cfdisk the device as it was from the factory

format the partition(s)

~

User avatar
Flash
Official Dog Handler
Posts: 13071
Joined: Wed 04 May 2005, 16:04
Location: Arizona USA

SSD security: the worst of all worlds

#5 Post by Flash »

Here is another take on SSDs and security.
Data security on SSDs is a mess. Good luck removing data! Preserve it for digital forensics? Uh-oh. Secure erase might work, but it that good enough?
I don't understand what he's so excited about. As long as the limitations of SSDs and how they work are understood, so as not to use them inappropriately, they are superior to hard disk drives.

User avatar
efiguy
Posts: 164
Joined: Thu 07 Sep 2006, 02:51

The security limitations of solid-state drives

#6 Post by efiguy »

Hi,

- Thanks Flash, that article points (maybe) to what I've observed, that a somewhat small drive will continue to store file names, with "0" Kb data
"writing something like +5000 files" when it can only support 500
- This is hapening on a XP service pak 2 system

- Also I've used several file recover programs on solid state drives, if the drive has been used much at all, subsequently trying to recover files the luck is generally poor, not that parts can't be found, maybe some of a file.
- However, if one writes a 4Gb drive 3 times (1st half, 2nd half, midfls) from a 8Gb fully loaded drive with ISO's, only that ISO data remains (It's OK to rename them and reuse, a Max lenth file name is preferred to clear the naming database) . I keep a database of webpage random header numbers that can be "copy/paste" together for this kind of naming task.

J

User avatar
Lobster
Official Crustacean
Posts: 15522
Joined: Wed 04 May 2005, 06:06
Location: Paradox Realm
Contact:

#7 Post by Lobster »

Flash as well as being Official Dog Handler
and maintaining this very forum is an advocate
of the multi-session option in Puppy.

Using a DVD as a HD gives you further security
Want to destroy your data?
Many shredders now mince DVD's.

Are solid-state drives as susceptible to electronic pulse
as normal magnetic hard drives? I should imagine so?
I hope not.

The point is that data security is often
about having and restricting access to the data
and having it in a cheap enough format to physically destroy
and having it survive unusual circumstances such as
cyber weaponry as used by super villains.
http://youtu.be/8LsxmQV8AXk

Think Puppy
Think Different
Puppy Raspup 8.2Final 8)
Puppy Links Page http://www.smokey01.com/bruceb/puppy.html :D

User avatar
efiguy
Posts: 164
Joined: Thu 07 Sep 2006, 02:51

The security limitations of solid-state drives

#8 Post by efiguy »

Hi Lobster,
Flash explained his operating method within another link (Forgive me Flash as I have forgotten the link) and it is certainly a successful solution, if not an ultimate one. But you must have the equipment to do his technique.
- Here is a recent link that describes the general technique
http://www.murga-linux.com/puppy/viewtopic.php?t=65251

This is also an informative bit on (Free) "Sdelete" and general encrpytion pitfalls
http://technet.microsoft.com/en-us/sysi ... s/bb897443

- For myself, when asked to do a website or security system cameras, it will generally wind up for the recipient on USB, linux or Windows. Most of my work is now developed and completed on low cost USB, and to avoid cross comtamination have developed the above procedures both to exercise new modules for early mortality and some simplistic security.

- Oh!!, BTW, enjoyed the post on special Puppies - please expand those as it really shows development "out of box" and gets folks thinking "What if??"

Have a great day
Jay

PaulBx1
Posts: 2312
Joined: Sat 17 Jun 2006, 03:11
Location: Wyoming, USA

#9 Post by PaulBx1 »

Seems like the security problems depend on there being a cleartext version of the data on the drive. Well, don't do that! Encrypt the whole drive, then there can be no cleartext there.

I have a flash drive with an encrypted pupsave and a truecrypt volume. Of course linux can't boot from a completely encrypted device, so about 1/8 of the drive is just normal ext2. Does puppy ever use this space for cleartext temp files? I'd guess no, and that if there are any temp files at all, they are in the pupsave or the truecrypt volume. Probably more likely in ram.

Post Reply