Solid State Drives And Encryption, A No-Go?
Modern Solid State Drives are faster than their platter-driven brethren. They do have additional advantages like being completely silent when operating and better shock proof. The disadvantages are the high price per Gigabyte of storage space and unreliability when it comes to erasing or deleting data from the storage media. Especially the latter point can have severe security implications.
A recent study of the Department of Computer Science and Engineering at the University of California came to the conclusion that individual file sanitizing techniques were ineffective on SSDs and that built-in disk sanitizing techniques were effective if implemented correctly which was not always the case.
But this article is about encryption and Solid State Drives, read on how the findings impact encryption as well.
The makers of the open source encryption software True Crypt for instance recommend that "TrueCrypt volumes are not created/stored on devices (or in file systems) that utilize a wear-leveling mechanism (and that TrueCrypt is not used to encrypt any portions of such devices or filesystems)".
They basically ask their users to use True Crypt on conventional hard drives only and not on Solid State Drives and other Flash storage devices.
Why are they recommending that? For that, we need to take a look at how data is saved to SSDs.
Solid state drives use a technology called wear leveling to extend the lifetime of the device. Storage sectors on Flash drives have limited write-cycles which means that they cannot be written to anymore eventually. Wear leveling is used to avoid heavy use of specific sectors. With Solid State Drives it's not possible to save data to a specific sector of the drive. The wear leveling mechanism makes sure that the data is evenly distributed on the drive.
This means that it is theoretically possible that data is stored multiple times on the drive. If you change the TrueCrypt volume header for instance it can be that the old header is still accessible on the drive as it is not possible to overwrite it individually. Attackers could exploit this if they have found the old header. A basic example. Lets say you have encrypted your SSD and found out that a trojan recorded the password or keyfile that you use to access the encrypted data.
All you need to do on conventional hard drives is to create a new password or keyfile to resolve the issue and protect the data from access. On solid state drives however it may still be possible to extract the old header and use it to access the data with the stolen password or keyfile.
But what if the drive is empty before you use it? What if you plan to erase it securely if it is compromised?
Even this may not be sufficient. First, we already established that some "secure erase" tools offered by manufacturers of SSDs implement the technology incorrectly which means that the data may still be accessible after the operation.
TrueCrypt recommends the following precautions prior to encryption a blank Solid State Drive.
Before you run TrueCrypt to set up pre-boot authentication, disable the paging files and restart the operating system (you can enable the paging files after the system partition/drive has been fully encrypted). Hibernation must be prevented during the period between the moment when you start TrueCrypt to set up pre-boot authentication and the moment when the system partition/drive has been fully encrypted.
Even then the makers do not guarantee that this "will prevent data leaks and that sensitive data on the device will be securely encrypted".
What's the conclusion then? It depends. The security implications are probably nothing that home users need to worry about as it requires some technical background and equipment to attack encrypted drives. If you run a business, are a government official or an individual with data that needs to be protected at all costs, then you need to avoid drives with wear leveling for now.
Have a different opinion? Let me know in the comments.Advertisement