Storage

The security limitations of solid-state drives

SSDs can offer substantial benefits in performance and reliability for at least some purposes, but encrypting data and secure data deletion are problems.

Solid state drives, or SSDs, have been the subject of some anticipation for quite a few years now. I recall my father talking about how solid state storage would revolutionize computer design in just a few years, a quarter century ago. At the time, my understanding of what that would entail was somewhat less clear than it is now, but here we are looking at the rapid encroachment of SSDs into areas previously dominated by spinning magnetic media hard disk drives (HDDs).

The benefits are dramatic. The fact there are no moving parts in SSDs ensures greater resistance to physical damage under harsh usage conditions. The fact SSDs do not use traditional magnetic storage protects them against certain failure modes of more traditional media. Access times are typically faster, and access latency can be greatly reduced, improving the performance of read operations.

Early in the modern era of solid state storage devices, some SSDs used the same technology as the RAM installed in our computers. Unfortunately, this technology suffered some problems that limited its adoption, including:

  • They suffered from very high cost per byte, relative to HDDs.
  • They were volatile memory, and required a constant supply of power.
  • They were, simply put, bigger.

In exchange for these features, however, they provided very fast access times. As a result, they were useful enough for some people to invest in small SSDs built in this manner.

The increasing prevalence of non-volatile flash media storage soon saw that approach to persistent solid state storage spreading, however. Flash memory cards and USB "thumb drives" proliferated, but the increasing storage capacity and decreasing costs of HDDs have continued to guarantee them a place as the default persistent storage media for most purposes. Things are rapidly changing, however; netbooks saw the widespread sale of flash media SSD-using consumer computers. Smartphones have also substantially increased the use of flash media SSDs in consumer computers, and flash media SSDs are being offered in standard laptop computers now as well.

Part of this rise in usage can be attributed to the falling prices of flash media. It has not caught up to spinning magnetic media by any stretch; it still costs many times as much money per byte. For a small multiple of the cost of a current HDD size in a laptop (say, twice as much money), one can now have an SSD that is big enough for most modest needs — that is, the needs of people who do not do a lot of professional video editing on their laptops, or download gigabytes of movies every weekend and store them indefinitely.

Aside from the cost differential per byte of storage, SSDs are rapidly approaching the day they will render HDDs essentially obsolete. They do still have some problems, however:

  • SSDs are subject to hard limits on how many write operations may be performed before they cease working correctly. Their capacity for longer life is constantly growing, and this will surely become (mostly) a thing of the past within the next few years, but for now use cases that require heavy writing activity may prove problematic for the lifespan of these storage devices. Some claim these days are already behind us.
  • Cost, as already noted, is much higher for a given storage capacity than for HDDs. As of this writing, expect prices around $1.50 USD per gigabyte of SSD storage, and only about ten or fifteen cents per gigabyte of HDD storage — an order of magnitude cheaper than SSDs, and then some.
  • Many of the security challenges for storage media that are widely considered "solved problems" for HDDs have not yet been thoroughly addressed for SSDs.

If the user has the funds to spend on SSD storage, keeps good backups (which one should do anyway), and does not find the "write longevity" problem of SSDs significant, most of the rest of the differences between SSDs and HDDs seem to recommend going with an SSD every time. This will only become an easier decision as SSD technology advances and prices continue to drop on what is, in some respects, still a relatively new technology implementation.

Security is another matter.

The security limitations of SSDs

Speaking of flash media SSDs as the standard implementation for the near future, the most obvious security disadvantages relative to HDDs revolve around encryption and secure deletion. Under the hood, these turn out to be effectively the same category of problem.

Magnetic storage media rely on the alignment of magnetism in ferromagnetic materials on the surfaces of the platters. Because of this, passing a read/write head over a platter to apply a magnetic field to that ferromagnetic material can change the data currently recorded there in one simple operation. The overwriting process need not account for whatever data was previously recorded.

By contrast, flash media uses transistors to store data. A group of these transistors has an "empty" or "erased" state and a "programmed" or "written" state. Each of them must be reset to an "erased" state before they can be reset to some "written" state to store data. As a result, while writing to empty storage space only requires a single operation as with magnetic media, "overwriting" is effectively impossible. Any data in the space where new data is to be written must be erased first, in a separate operation.

Encrypting data already on disk

This leads to the first problem with data security on SSDs: encrypting data already stored on the media. Because of the way filesystems interact with storage media, encrypting a file on magnetic media such that your data is secure involves merely writing the newly encrypted data over the old data. This leaves the HDD only storing an encrypted copy of the data, because the unencrypted copy was destroyed by the process of writing the encrypted copy to disk.

By contrast, this operation is effectively impossible for an SSD, and in the general case, the encrypted copy of the file will write data to a currently empty region of the media, leaving the unencrypted copy where it is. The plaintext copy is "erased" only in that it is eliminated from the filesystem's mechanism for tracking files — e.g., a file allocation table or inode. Bypassing the filesystem to directly scan the media can reveal "deleted" data that is still there to be found. The controller built into an SSD abstracts the management of data on the device so that implementation specific drivers are not needed by the computer, but this abstraction also creates the problem that there is currently no standard means of ensuring unencrypted data is truly erased from flash media.

Secure data deletion

This leads directly to the second major security issue afflicting SSDs: secure deletion. Standard secure deletion software such as the Unix utility shred is sufficient for secure deletion on modern HDDs, but largely ineffective for consumer flash media storage devices.

UCSD researchers Michael Wei, Laura M. Grupp, Frederik E. Spada, and Steven Swanson have published the results (PDF download) of practical testing, showing the dismal state of secure deletion on SSDs. The results of their tests led them to three conclusions:

  • First, built-in commands are effective, but manufacturers sometimes implement them incorrectly.
  • Second, overwriting the entire visible address space of an SSD twice is usually, but not always, sufficient to sanitize the drive.
  • Third, none of the existing hard drive oriented techniques for individual file sanitization are effective on SSDs.

The third conclusion should come as no surprise to those who understand the rudiments of flash media storage technology. The second is disappointing, but not entirely surprising. This leaves users with a single recourse for reliably secure deletion: functionality built into the storage device itself. The dismaying fact that we must rely on "black box" implementations of secure deletion technology that ship with the hardware may raise warnings in the minds of the practical paranoids of the world, based simply on the fact that without extensive testing we really do not know what the devices actually do under the hood. One is implicitly required to trust in the manufacturer's good intentions for reliably secure deletion of data.

Worse, the research shows that regardless of good intentions, the secure deletion capabilities of SSDs may not even be correctly implemented. In short, the secure deletion functionality of your SSD may simply not work correctly, resulting in false confidence in the secure deletion of data that is still sitting on the device, waiting to be discovered.

In addition to these problems, there is the inconvenience of the fact that there is no effective mechanism for secure deletion of a single file. If the user wishes to securely delete anything on the media, he or she must securely delete everything in the media's user-accessible storage space.

Not all hope is lost. The researchers who worked on this project have developed some techniques for both continuous data sanitization (which impacts performance substantially) and on-demand sanitization. There is still much that can be done to improve the interfaces and integrated functionality of SSDs to accommodate secure deletion operations in the future. Potential solutions using today's implementations may undo many of the media lifespan optimizations currently in place that minimize the number of writes to any individual parts of the complete SSD's user accessible address space, however.

The end result is that for security-critical uses, SSDs are often not the best choice of storage technology. The greater maturity of HDD storage technologies allows for greater reliability and flexibility of secure data management without damaging the expected lifespan of the storage devices, at least for now.

Additional Reading

About

Chad Perrin is an IT consultant, developer, and freelance professional writer. He holds both Microsoft and CompTIA certifications and is a graduate of two IT industry trade schools.

Editor's Picks