ABSTRACT
Securely removing data from modern computing systems is challenging, as past existence of the deleted data may leave artifacts in the layout at all layers of a computing system, which can be utilized by the adversary to infer information about the deleted data. Conventional overwriting-based and encryption-based solutions are not sufficient, as they cannot remove these artifacts. In this work, we aim to securely remove data from NAND flash-based block devices. We observed that completely removing the aforementioned artifacts from NAND flash is expensive, as it may require re-organizing the entire flash layout. We thus approach this security goal from a new angle. We investigate undetectable secure deletion, a novel security notion which can 1) remove the deleted data from flash devices, such that the adversary cannot have access to the deleted data once they have been removed, and 2) conceal the deletion history, such that the adversary cannot find out there was a deletion in the past. We design NAND Flash Partial Scrubbing (NFPS), the first undetectable secure deletion scheme for NAND flash-based block devices. We propose partial page reprogramming and partial block erasure methods to sanitize data from NAND flash. In addition, we incorporate NFPS to typical Flash Translation Layer (FTL) algorithms. Finally, we implement NFPS and experimentally evaluate its effectiveness.
- Fio. http://freecode.com/projects/fio.Google Scholar
- Opennfm. https://code.google.com/p/opennfm/.Google Scholar
- Uk data protection act 1998 (dpa). http://en.wikipedia.org/wiki/Data Protection Act 1998 #Data protection principles.Google Scholar
- S. Bajaj and R. Sion. Ficklebase: Looking into the future to erase the past. In Data Engineering (ICDE), 2013 IEEE 29th International Conference on, pages 86--97. IEEE, 2013. Google ScholarDigital Library
- S. Bajaj and R. Sion. Hifs: History independence for file systems. In Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security, pages 1285--1296. ACM, 2013. Google ScholarDigital Library
- S. Bauer and N. B. Priyantha. Secure data deletion for linux file systems. In Usenix Security Symposium, volume 174, 2001. Google ScholarDigital Library
- K. D. Bowers, A. Juels, and A. Oprea. Hail: a high-availability and integrity layer for cloud storage. In Proceedings of the 16th ACM conference on Computer and communications security, pages 187--198. ACM, 2009. Google ScholarDigital Library
- M. Breeuwsma, M. De Jongh, C. Klaver, R. Van Der Knijff, and M. Roeloffs. Forensic data recovery from flash memory. Small Scale Digital Device Forensics Journal, 1(1):1--17, 2007.Google Scholar
- Y. Cai, Y. Luo, S. Ghose, E. F. Haratsch, K. Mai, and O. Mutlu. Read disturb errors in mlc nand flash memory: Characterization, mitigation, and recovery. DSN, 2015. Google ScholarDigital Library
- B. Chang, Z. Wang, B. Chen, and F. Zhang. Mobipluto: File system friendly deniable storage for mobile devices. In Proceedings of The 2015 Annual Computer Security Applica ons Conference (ACSAC'15), Los Angeles, CA, 2015. Google ScholarDigital Library
- B. Chen and R. Sion. Hiflash: A history independent flash device. arXiv preprint arXiv:1511.05180, 2015.Google Scholar
- S. L. Garfinkel and A. Shelat. Remembrance of data passed: A study of disk sanitization practices. IEEE Security & Privacy, (1):17--27, 2003. Google ScholarDigital Library
- L. M. Grupp, A. M. Caulfield, J. Coburn, S. Swanson, E. Yaakobi, P. H. Siegel, and J. K. Wolf. Characterizing flash memory: anomalies, observations, and applications. In Microarchitecture, 2009. MICRO-42. 42nd Annual IEEE/ACM International Symposium on, pages 24--33. IEEE, 2009. Google ScholarDigital Library
- P. Gutmann. Secure deletion of data from magnetic and solid-state memory. In Proceedings of the Sixth USENIX Security Symposium, San Jose, CA, volume 14, 1996. Google ScholarDigital Library
- J. Jeong, S. S. Hahn, S. Lee, and J. Kim. Lifetime improvement of nand flash-based storage systems using dynamic program and erase scaling. In FAST, pages 61--74, 2014. Google ScholarDigital Library
- S. Jia, L. Xia, Z. Wang, J. Lin, G. Zhang, and Y. Ji. Extracting robust keys from nand flash physical unclonable functions. In Information Security, pages 437--454. Springer, 2015.Google ScholarDigital Library
- X. Jimenez, D. Novo, and P. Ienne. Wear unleveling: improving nand flash lifetime by balancing page endurance. In FAST, pages 47--59, 2014. Google ScholarDigital Library
- N. Joukov, H. Papaxenopoulos, and E. Zadok. Secure deletion myths, issues, and solutions. In Proceedings of the second ACM workshop on Storage security and survivability, pages 61--66. ACM, 2006. Google ScholarDigital Library
- N. Joukov and E. Zadok. Adding secure deletion to your favorite file system. In Security in Storage Workshop, 2005. SISW'05. Third IEEE International, pages 8--pp. IEEE, 2005. Google ScholarDigital Library
- J.-U. Kang, H. Jo, J.-S. Kim, and J. Lee. A superblock-based flash translation layer for nand flash memory. In Proceedings of the 6th ACM & IEEE International conference on Embedded software, pages 161--170. ACM, 2006. Google ScholarDigital Library
- J. Kim, J. M. Kim, S. H. Noh, S. L. Min, and Y. Cho. A space-efficient flash translation layer for compactflash systems. Consumer Electronics, IEEE Transactions on, 48(2):366--375, 2002. Google ScholarDigital Library
- J. Lee, J. Heo, Y. Cho, J. Hong, and S. Y. Shin. Secure deletion for nand flash file system. In Proceedings of the 2008 ACM symposium on Applied computing, pages 1710--1714. ACM, 2008. Google ScholarDigital Library
- S. Lee, D. Shin, Y.-J. Kim, and J. Kim. Last: locality-aware sector translation for nand flash memory-based storage systems. ACM SIGOPS Operating Systems Review, 42(6):36--42, 2008. Google ScholarDigital Library
- S.-W. Lee, D.-J. Park, T.-S. Chung, D.-H. Lee, S. Park, and H.-J. Song. A log buffer-based flash translation layer using fully-associative sector translation. ACM Transactions on Embedded Computing Systems (TECS), 6(3):18, 2007. Google ScholarDigital Library
- R. Micheloni, A. Marelli, and S. Commodaro. Nand overview: from memory to systems. In Inside NAND Flash Memories, pages 19--53. Springer, 2010.Google ScholarCross Ref
- N. Mielke, T. Marquart, N. Wu, J. Kessenich, H. Belgal, E. Schares, F. Trivedi, E. Goodness, and L. R. Nevill. Bit error rate in nand flash memories. In Reliability Physics Symposium, 2008. IRPS 2008. IEEE International, pages 9--19. IEEE, 2008.Google ScholarCross Ref
- C. Min, K. Kim, H. Cho, S.-W. Lee, and Y. I. Eom. Sfs: random write considered harmful in solid state drives. In FAST, page 12, 2012. Google ScholarDigital Library
- J. Reardon, S. Capkun, and D. Basin. Data node encrypted file system: Efficient secure deletion for flash memory. In Proceedings of the 21st USENIX conference on Security symposium, pages 17--17. USENIX Association, 2012. Google ScholarDigital Library
- L. Selmi and C. Fiegna. Physical aspects of cell operation and reliability. In Flash Memories, pages 153--239. Springer, 1999.Google ScholarCross Ref
- I. Shin. Implementing secure file deletion in nand based block devices with internal buffers. Consumer Electronics, IEEE Transactions on, 58(4):1219--1224, 2012.Google Scholar
- K. Sun, J. Choi, D. Lee, and S. H. Noh. Models and design of an adaptive hybrid scheme for secure deletion of data in consumer electronics. Consumer Electronics, IEEE Transactions on, 54(1):100--104, 2008. Google ScholarDigital Library
- A. G. Y. K. B. Urgaonkar. Dftl: A flash translation layer employing demand-based selective caching of page-level address mappings. Computer Systems Laboratory, department of Computer Science & Engineering. The Pennsylvania State University, Univesity Park, PA, 16802, 2008.Google Scholar
- M. Y. C. Wei, L. M. Grupp, F. E. Spada, and S. Swanson. Reliably erasing data from flash-based solid state drives. In FAST, volume 11, pages 8--8, 2011. Google ScholarDigital Library
- S. Q. Xu, W.-k. Yu, G. E. Suh, and E. C. Kan. Understanding sources of variations in flash memory for physical unclonable functions. In IEEE 6th International Memory Workshop, (IMW) 2014, pages 1--4. IEEE, 2014.Google ScholarCross Ref
- X. Yu, B. Chen, Z. Wang, B. Chang, W. T. Zhu, and J. Jing. Mobihydra: Pragmatic and multi-level plausibly deniable encryption storage for mobile devices. In Information Security, pages 555--567. Springer, 2014.Google ScholarCross Ref
Index Terms
- NFPS: Adding Undetectable Secure Deletion to Flash Translation Layer
Recommendations
A workload-aware flash translation layer enhancing performance and lifespan of TLC/SLC dual-mode flash memory in embedded systems
Similar to traditional NAND flash memory, triple-level cell (TLC) flash memory is used as secondary storage to meet the fast growing demands on storage capacity. TLC flash memory exhibits attractive features such as shock resistance, high density, low ...
An Analysis of Flash Page Reuse With WOM Codes
Special Issue on NVM and StorageFlash memory is prevalent in modern servers and devices. Coupled with the scaling down of flash technology, the popularity of flash memory motivates the search for methods to increase flash reliability and lifetime. Erasures are the dominant cause of ...
ComboFTL: Improving performance and lifespan of MLC flash memory using SLC flash buffer
Multi-level cell (MLC) flash memory has lower bit cost compared to single-level cell (SLC) flash memory. However, there are several obstacles to the wide use of MLC flash memory, including slow write performance and shorter lifespan. To improve the ...
Comments