Destroying Flash Memory-Based Storage Devices (draft v0.9)

Similar documents
Challenges and Solutions for Effective SSD Data Erasure

High-Performance SSD-Based RAID Storage. Madhukar Gunjan Chakhaiyar Product Test Architect

Nasir Memon Polytechnic Institute of NYU

An In-Depth Look at Variable Stripe RAID (VSR)

Trends in NAND Flash Memory Error Correction

PUF Physical Unclonable Functions

Choosing the Right NAND Flash Memory Technology

Technologies Supporting Evolution of SSDs

A universal forensic solution to read memory chips developed by the Netherlands Forensic Institute. The NFI Memory Toolkit II

Samsung 3bit 3D V-NAND technology

Overview of Data Security Methods: Passwords, Encryption, and Erase

NAND Flash Memory Reliability in Embedded Computer Systems

Trabajo Memorias flash

How To Increase Areal Density For A Year

{The Non-Volatile Memory Technology Database (NVMDB)}, UCSD-CSE Techreport CS

Destruction and Disposal of Sensitive Data

In-Block Level Redundancy Management for Flash Storage System

Figure 1. New Wafer Size Ramp Up as a Percentage of World Wide Silicon Area Versus Years Elapsed Since the New Size Was Introduced [1].

Part Number Decoder for Toshiba NAND Flash

Computer Systems Structure Main Memory Organization

OBJECTIVE ANALYSIS WHITE PAPER MATCH FLASH. TO THE PROCESSOR Why Multithreading Requires Parallelized Flash ATCHING

Full Drive Encryption Security Problem Definition - Encryption Engine

Disks and RAID. Profs. Bracy and Van Renesse. based on slides by Prof. Sirer

Impact of Stripe Unit Size on Performance and Endurance of SSD-Based RAID Arrays

EUDAR Technology Inc. Rev USB 2.0 Flash Drive. with Card Reader. Datasheet. Rev. 1.0 December 2008 EUDAR 1

Flash s Role in Big Data, Past Present, and Future OBJECTIVE ANALYSIS. Jim Handy

Solid State Technology What s New?

SOLID STATE DRIVES AND PARALLEL STORAGE

NAND 201: An Update on the Continued Evolution of NAND Flash

Chapter 7 Types of Storage. Discovering Computers Your Interactive Guide to the Digital World

MCF54418 NAND Flash Controller

An Analysis Of Flash And HDD Technology Trends

PRODUCT CATALOGUE. Professional Data Recovery Solutions

NAND Flash FAQ. Eureka Technology. apn5_87. NAND Flash FAQ

PowerProtector: Superior Data Protection for NAND Flash

HP Smart Array Controllers and basic RAID performance factors

The role of the magnetic hard disk drive

Samsung emcp. WLI DDP Package. Samsung Multi-Chip Packages can help reduce the time to market for handheld devices BROCHURE

1 Gbit, 2 Gbit, 4 Gbit, 3 V SLC NAND Flash For Embedded

USB Portable Storage Device: Security Problem Definition Summary

SSD Update Part Four. Jeff Hedlesky, Guidance Software Chris Bross, DriveSavers

Toshiba America Electronic Components, Inc. Flash Memory

COS 318: Operating Systems. Storage Devices. Kai Li Computer Science Department Princeton University. (

PIONEER RESEARCH & DEVELOPMENT GROUP

HP Thin Clients Flash/SSD Selection

Design of a NAND Flash Memory File System to Improve System Boot Time

SLC vs. MLC: An Analysis of Flash Memory

introducing COMPUTER ANTI FORENSIC TECHNIQUES

FLASH TECHNOLOGY DRAM/EPROM. Flash Year Source: Intel/ICE, "Memory 1996"

Solid State Drive Technology

Comparison of NAND Flash Technologies Used in Solid- State Storage

Atmel s Self-Programming Flash Microcontrollers

NAND Flash & Storage Media

USB Portable Storage Device: Security Problem Definition Summary

Computer Storage. Computer Technology. (S1 Obj 2-3 and S3 Obj 1-1)

Implementing a Digital Answering Machine with a High-Speed 8-Bit Microcontroller

Storage is in Our DNA. Industry-leading 12Gb/s and 6Gb/s Storage Solutions RAID Adapters, Host Bus Adapters, and SAS Expander

The Technologies & Architectures. President, Demartek

BGA - Ball Grid Array Inspection Workshop. Bob Willis leadfreesoldering.com

SUN STORAGE F5100 FLASH ARRAY

Amadeus SAS Specialists Prove Fusion iomemory a Superior Analysis Accelerator

PC-3000 Trust your Data Recovery to the World Leader

EXTERNAL STORAGE WHAT IS IT? WHY USE IT? WHAT TYPES ARE AVAILBLE? MY CLOUD OR THEIR CLOUD? PERSONAL CLOUD SETUP COMMENTS ABOUT APPLE PRODUCTS

A New Chapter for System Designs Using NAND Flash Memory

Computer Peripherals

NAND Flash Architecture and Specification Trends

Solid State Drive ssd.supertalent.com

Eureka Technology. Understanding SD, SDIO and MMC Interface. by Eureka Technology Inc. May 26th, Copyright (C) All Rights Reserved

Violin Memory Arrays With IBM System Storage SAN Volume Control

PARALLEL PROCESSING AND THE DATA WAREHOUSE

Price/performance Modern Memory Hierarchy

Temperature Considerations for Industrial Embedded SSDs

Micron MT29F2G08AAB 2 Gbit NAND Flash Memory Structural Analysis

1.Introduction. Introduction. Most of slides come from Semiconductor Manufacturing Technology by Michael Quirk and Julian Serda.

Understanding endurance and performance characteristics of HP solid state drives

Chapter 5 :: Memory and Logic Arrays

UBIFS file system. Adrian Hunter (Адриан Хантер) Artem Bityutskiy (Битюцкий Артём)

Media Disposition and Sanitation Procedure

The Programming Interface

Local Heating Attacks on Flash Memory Devices. Dr Sergei Skorobogatov

Don t Let RAID Raid the Lifetime of Your SSD Array

A Look Inside Smartphone and Tablets

Designing with High-Density BGA Packages for Altera Devices

UNCLASSIFIED. This page intentionally left blank. UNCLASSIFIED. Clearing And Declassifying Electronic Data Storage Devices (ITSG-06) ii July 2006

Understanding the Impact of Power Loss on Flash Memory

IEEE Milestone Proposal: Creating the Foundation of the Data Storage Flash Memory Industry

How To Read Memory Chips From A Cell Phone Or Memory Chip

TECHNOLOGY BRIEF. Compaq RAID on a Chip Technology EXECUTIVE SUMMARY CONTENTS

CS257 Introduction to Nanocomputing

Data Retention in MLC NAND Flash Memory: Characterization, Optimization, and Recovery

SATA SSD Series. InnoDisk. Customer. Approver. Approver. Customer: Customer. InnoDisk. Part Number: InnoDisk. Model Name: Date:

An Introduction to RAID. Giovanni Stracquadanio

Transcription:

Destroying Flash Memory-Based Storage Devices (draft v0.9) Dr. Steven Swanson Director, Non-volatile Systems Laboratory Department of Computer Science and Engineering University of California, San Diego swanson@cs.ucsd.edu We examine the problem of mechanically destroying NAND flash-based storage devices (as commonly found in USB thumb drives, commercially available solid-state disks, and portable electronics such as cell phones, tablet computers, and media players) with the goal of making it prohibitively difficult to recover data from the device after destruction. We present an analysis of the minimum particle sized required to achieve this goal. In this report, the size of a particle is measured as the length of the particle s longest linear dimension in any direction. The necessary particle size depends on the sophistication of the adversary that is expected to attempt to recover data from the destroyed device. We present analysis for the particle sizes needed for three different adversaries: 1. The typical adversary is assumed to have access to a well-equipped electronics lab. 2. The sophisticated adversary has substantial but limited funds and technical expertise. 3. The worst-case adversary has almost unlimited funds, technical expertise, and time. Protecting Against a Typical Adversary The least sophisticated way to extract data from a damaged SSD is to remove an intact flash device from the SSDs printed circuit board and extract data from it using a flash reader. We have demonstrated this technique in our lab using equipment costing less than $1000. A competent electrical engineer (e.g., with a 4- year degree) could easily implement it. This technique requires an intact flash device, so guarding against it requires that at least the packages for all the flash chips in the SSD be substantially damaged.

Currently available flash devices come in range of packages. The table below summarizes the dimensions of each (Data from Open NAND Flash Interface standard version 2.3 and measurements in our lab): Package Type width (mm) height (mm) Table 1: Flash device package sizes. LGA-52 14 18 BGA-63 10 10 zbga-100 12 18 TSOP-48 18 12 The smallest package (BGA- 63) is 10mm on a side. This means that particle sizes less than 10 mm will ensure that no flash packages remains intact. To be conservative, we recommend 75% of this value or 7.5mm. However, the BGA- 63 package is not very common. The other packages are more common, and would allow larger particle sizes without compromising safety. The difficulty is in knowing what package a particular SSD uses without opening it. The conservative option is to assume it is BGA- 63. Since these package dimensions are standard, they will not change over time, so the minimum particle size will remain constant so long as new, smaller packaging standards do not enter wide use. To ensure that this guidance remains up to date, users should be in communication with flash manufacturers and standards bodies to keep abreast of any new packages that become common. Protecting Against a Sophisticated Adversary We assume that the sophisticated adversary has access to an extremely well equipped laboratory and is capable of deprocessing flash devices to remove the ceramic or plastic package that protects the chip and supports the electrical connection via the package s pins. We further assume that the adversary can attach new bonding wires to the chips pads, effectively replacing the chips package and pins. This capability has been demonstrated by other researchers in other contexts, and the deprocessing step is available for hire commercially. With this capability, it would be possible to remove a flash die from a damaged package and effectively repairing or replacing the damaged package. Once this was complete, extracting data from the device would be relatively easy. Since the flash packages are often larger than the chips inside, a smaller particle size may be required. To prevent recovery by this type of adversary, the particle size must be small enough to ensure that the flash chip itself (rather than just the package) is broken

into one or more pieces. A survey of flash devices produced in the last 5 years shows flash die sizes are relatively constant and range from 116 to 230 mm 2 with the shortest dimension ranging from 10 to 15mm. To be conservative, we would suggest targeting a particle size 1/2 of this size so reducing SSDs to particles between 5 and 7.5mm in size is sufficient. Protecting Against the Worst-Case Adversary To protect data from the worst-case adversary (i.e., one with nearly unbounded amount of time, money, and expertise) we assume that we must prevent data recovery via techniques that are known to work as well as those that may (eventually) be possible. Flash arrays are composed of many pages. Depending on the manufacturer, the pages contain between 2048 and 16384 bytes. The bytes in a single page are typically consecutive bytes from a single file. Because of the complex remapping algorithms that SSDs utilize the data on consecutive pages is not necessarily related, although they may be. Our analysis assumes that it is sufficient to guarantee that no single page remains intact. That is, that after destruction, the contents of each page should be spread across at least two fragments of the flash chip. This means the acceptable particle size after destruction should be less than the maximum dimension of a single page. In this analysis, we aim for particles that will contain no more than one half a page worth of data. Therefore, the minimum particle size is one half the maximum dimension of a single page. The number of bits in a page and the feature size of the chip determine the physical size of a page. The feature size is measured in nanometers (nm) and is the length of the smallest feature that the chip s manufacturer can create in a given lithographic chip manufacturing process. Manufacturers use the feature size to differentiate between different manufacturing process generations. For instance, a 22nm flash chip is manufactured in a process with a 22nm minimum feature size. We will refer to the minimum feature size as F. Flash organizes the bits within pages by interleaving the bits from two pages in a single row. A physical structure that measures 2F on a side stores a single bit from a page. The figure below illustrates:

As a result the width of a single page is given by twice the page size in bits multiplied by 2F divided by 2 (since we want particles that contain no more than one half a page worth of data). Using this relation, we can calculate the maximum allowable particle size for a particular page size and process generation. The table gives the values for current and projected several generations of flash memories and several common page sizes (projects from the International Technology Roadmap for Semiconductors 2010 update). Flash manufacturers are currently use 19nm feature sizes, which is ahead of the ITRS projections. Allowable Particle Diameter by Process Generation and Page Size (in mm) Process Generation Year of Introduction 2011 2013 2015 2018 2020 2022 Feature Size 65nm 24nm 20nm 18nm 13nm 11nm 8nm 2 KB/page 2.1 0.7 0.6 0.5 0.4 0.3 0.2 4 KB/page 4.2 1.5 1.3 1.1 0.8 0.7 0.5 8 KB/page 8.5 3.1 2.6 2.3 1.7 1.4 1.0 16 KB/page 17.0 6.2 5.2 4.7 3.4 2.8 2.0 32 KB/page 34.0 12.5 10.4 9.4 6.8 5.7 4.1 Table 2: Maximum allowable particle sizes for the worst- case adversary. As process technology improves, the allowable particle size drops. However, at smaller feature sizes, manufacturers tend to move toward larger pages, potentially increases the allowable particle size. However, there is not a consistent rule of thumb that relates the two. Conclusions and Limitations Our analysis shows that for all but the most well- funded, skillful, and determined adversary a particle size of 5mm will ensure that data is not recoverable from the flash chips inside an SSD. If more information is available about the particular flash device or packaging standard the SSD uses larger particle sizes may be acceptable as well. However, reliably determining that information on a per- SSD basis is probably impractical in practice. For the worst case adversaries, much smaller particles are required to prevent recovery and the particle sizes decreases with advanced in flash manufacturing technology. Currently available SSD will require reduction to particles with maximum diameters of between 0.5 and 2.5 mm, and future SSDs may require particles as small as 0.2mm.

The techniques we considered in this analysis necessarily limit its scope. There may be other techniques for recovering data from flash devices that we have not considered, and protecting against these attacks may require smaller particle sizes. However, the above analysis for the worst case adversary, in particular, makes relatively few assumptions about the types of attacks that adversaries can mount and relies instead on the physical characteristics of the flash chips themselves and how they organize data. As such, we think it is unlikely that techniques exist or could be developed that would be effective at recovering data from SSD reduced the smallest particle sizes we suggest.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information