Data Destruction Patterns at Home and Abroad
ben@renice.co
For military applications, data security concerns military secrets or even decides the outcome of the war. Especially in modern warfare, on the one hand, countries go all out to develop more advanced and safer electronic systems, and on the other hand, they try every means to decode each other’s systems. And yet, as the data medium, the hard disks try all encryption means to prevent being decrypted and meanwhile pay closely attention to quick erase or data destruction under various emergency environments.
Initial news of a contract between IBM and DARPA (Defense Advanced Research Project Agency) asks IBM to develop a “new class of electronics that the computers, sensors and other network devices could disappear automatically triggered by a signal sent from command”.When the commander sits in the command post with his feet up, he can just simply tap a button and the mobile phones, computers and all other devices in this controllable network could turn to ashes…
While technically this is obviously not just science fiction, we have got various weird demands and those technologies already realized are not lower than this at all.
Data Destruction Classification
In general, data destruction is divided into two types:
One is Logical Destruction which destroys the data only but not the physical chipsets, SSD is reusable just after destructing the data or re-implanting firmware.
Logical Destruction can be classified into two categories: one is Quick Destruction (namely Fast Purge), another one is over-writing which usually takes several hours depending on the SSD capacity. These data destruction methods can be implemented by software, but mostly by hardware.
Generally Quick Erase is not actually erasing data, thus it is risky at some level, but it is inevitable and important under urgent environments.
Another one is Physical Destruction with chipsets inside burned directly, data recovery is impossible in this way.
Physical Destruction generally utilizes the following means: Hammer or other heavy stuff for crush, strong acid for destruction, explosive to destroy it or high voltage to burn the chipsets.
Approaches for Data Destruction
In general, both logical and physical data destruction can be implemented through specified pin or a hardware button if the host system and SSD device unify the pin definition.
It is necessary to set misoperation time for the destruction through hardware button, normally a few seconds before triggering the destruction function.
Physical destruction by high voltage is much more difficult than logical destruction, and the more difficult part is how to ensure every piece of NAND flash chipset being burned up. Theoretically, it can be easily realized by several means to burn the chipsets one by one, while in view of practice, burning up one chipset usually takes long time and may not continue burning the next chipset thereafter or maybe there's some chipset failed to be burned up.
Destruction Standards
The data destruction standard in each country maybe different, some countries require over-writing for 7 times while some others require for 4 times, and some countries regard deleting the encryption key as secure destruction. The security department in each country has different requirements for data destruction standards and methods, so just implement corresponding mechanism for SSD solutions.
Application Scenarios
I. Acceleration Sensing Physical Destruction SSD
This is an application in some country’swarcraft, the design purpose is to prevent military data leaks when the warcraft is shot down. In such case, the pilot is probably dead, or even if he is still alive, then he can use the limited time for escape but no need to destruct the data by himself with sacrificing the chance of survival. When the craft starts falling down, the accelerometer in the SSD would sense the acceleration and triggers the data destruction automatically when reaching the preset threshold value to destruct the SSD physically, no need manual operation during the whole process. Even if the enemy finds the crashed warcraft, the internal military data has vanished.
II. Remote Destruction
Remote Destruction is getting pretty common, even iPhone support remote data destruction function and many SSD solutions also utilizes a SIM card internally to implement the remote destruction function. Therefore the data destruction by means of sending messages is quite “low”among present technologies.
For military applications especially outdoor ones, utilizing GPS (e.g.BeiDou in China) can also realize remote positioning and destruction, and more reliable. It requires authorization to use GPS, navigation system is usually one-way communication which can only receive satellite signal but not send signal to satellite, the military can execute remote destruction through satellite after getting authorized.
Whether it is GPS or SIM card, the signal problem is faced in both cases.
III. Automatic Destruction When Leaving the Specified Location
Restrict the use of the disk in a certain area (e.g. inside the Command Post), the destruction program will start automatically when the computer is detected leaving out of the distance of the specified location.
IV. Physical Destruction Continues after External Power Supply Being Cut off
When the external power supply is cut off during executing data destruction, SSD will continue to finish the process using the reserved power offered by built-in batteries or capacitors.
V. Unfinished Destruction Continues after Retry Powering on the Disk
When the external power supply is cut off during the data destruction process, the destruction will be stopped, but it will continue the unfinished part after retrying powering on the SSD.
The disadvantage for this method is that there is a potential risk for the un-destructed data to be recovered if the enemy decodes data through disassembling the NAND Flash chips.
VI. Re-Define Pin Assignment, SSD Starts Destruction When Connecting to a New Device after Leaving the Original Device
The SSD is bounded together with the client’shardware, thus the SSD is irregular, and it will be burned when connected to other devices for decoding data if the enemy doesn’tknow the pin definition.