A team of researchers from the University of California at San Diego have concluded that it is difficult to “securely” erase data stored on solid state drives (SSDs). For example, ATA and SCSI command set features for securely destroying data on SSDs were available on 8 of the 12 drives tested and only successful on 4.
And while repeatedly overwriting an entire disk with multiple repetitions successfully destroyed data, the SSD Firmware Translation Layer (FTL) made the process more complicated and time-consuming than on traditional hard disk drives.
Perhaps not unexpectedly, the process of degaussing SSDs did not erase any of the data or disable access to the drive.
Finally, single file sanitization was found to be nearly impossible on SSDs, while even the most effective file destruction methods left behind more than 4 percent of the original data.
According to Sophos security researcher Chester Wisniewski, encrypted SSDs clearly provide the most practical form of protection.
“Disks can be safely decommissioned by deleting the encryption keys from the Key Storage Area (KSA) and then running a full DoD compliant erasure to ensure the keys are non-recoverable,” he explained.
“To properly secure data and take advantage of the performance benefits that SSDs offer, you should always encrypt the entire disk and do so as soon as the operating system is installed.”
However, Wisniewski emphasized that securely erasing SSDs after they have been unencrypted is very difficult, and may actually be “impossible” in some cases.