Secure deletion for NAND flash file system

Lee, Jaeheung; Heo, Junyoung; Cho, Yookun; Hong, Jiman; Shin, Sung Y.

doi:10.1145/1363686.1364093

Cited by 43 publications

(28 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The actual disposal of the encryption key may involve secure overwriting. Results from Reardon et al [36] and Lee et al [26] indicate that key disposal techniques may be the most appropriate technique for flash storage.…”

Section: Design Requirementsmentioning

confidence: 99%

“…When the level tags are updated, they are written to a new block, and the previous version is erased and re-written with pseudo-random data. The approach of using a specially-managed area of flash storage to achieve secure deletion is akin to the strategies proposed by Reardon et al [36] and Lee et al [26], and represents the state of the art for achieving deletion in flash-based storage. DEFY's hierarchy of tags ensures that every cascade will effectively delete all old versions of objects (data and metadata), irrespective of where they are stored on the device (see Figure 3).…”

Section: Metadata For Defymentioning

confidence: 99%

See 1 more Smart Citation

DEFY: A Deniable, Encrypted File System for Log-Structured Storage

Peters¹,

Gondree²,

Peterson³

2015

Proceedings 2015 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

Abstract-While solutions for file system encryption can prevent an adversary from determining the contents of files, in situations where a user wishes to hide the existence of data, encryption alone is not sufficient. Indeed, encryption may draw attention to those files, as they may likely contain information the user wishes to keep secret. Consequently, adversarial coercion may motivate the owner to surrender their encryption keys, under duress. This paper presents DEFY, a deniable file system following a log-structured design. Maintaining a log-structure is motivated by the technical constraints imposed by solid-state drives, such as those found in mobile devices. These devices have consequential properties that previous work largely ignores. Further, DEFY provides features not offered by prior work, including: authenticated encryption, fast secure deletion, and support for multiple layers of deniability. We consider security against a snapshot adversary, the strongest deniable filesystem adversary considered by prior literature. We have implemented a prototype based on YAFFS and an evaluation shows DEFY exhibits performance degradation comparable to the encrypted file system for flash, WhisperYAFFS.

show abstract

Section: Design Requirementsmentioning

confidence: 99%

Section: Metadata For Defymentioning

confidence: 99%

DEFY: A Deniable, Encrypted File System for Log-Structured Storage

Peters¹,

Gondree²,

Peterson³

2015

Proceedings 2015 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

show abstract

“…Lee et al [23] designed a NAND flash file system with a secure deletion functionality by using encryption to delete files and forces all keys of a specific file to be stored in the same block. Keypad [20] presents an auditing file system for theft-prone devices, such as laptops and smart gadget devices.…”

Section: Related Workmentioning

confidence: 99%

Implementing and Optimizing an Encryption Filesystem on Android

Wang

Murmuria

Stavrou

2012

2012 IEEE 13th International Conference on Mobile Data Management

View full text Add to dashboard Cite

Abstract-The recent surge in popularity of smart handheld devices, including smart-phones and tablets, has given rise to new challenges in protection of Personal Identifiable Information (PII). Indeed, modern mobile devices store PII for applications that span from email to SMS and from social media to location-based services increasing the concerns of the end user's privacy. Therefore, there is a clear need and expectation for PII data to be protected in the case of loss, theft, or capture of the portable device.In this paper, we present a novel FUSE (Filesystem in USErspace) encryption filesystem to protect the removable and persistent storage on heterogeneous smart gadget devices running the Android platform. The proposed filesystem leverages NIST certified cryptographic algorithms to encrypt the dataat-rest. We present an analysis of the security and performance trade-offs in a wide-range of usage and load scenarios. Using existing known micro benchmarks in devices using encryption without any optimization, we show that encrypted operations can incur negligible overhead for read operations and up to twenty (20) times overhead for write operations for I/Ointensive programs. In addition, we quantified the database transaction performance and we observed a 50% operation time slowdown on average when using encryption. We further explore generic and device specific optimizations and gain 10% to 60% performance for different operations reducing the initial cost of encryption. Finally, we show that our approach is easy to install and configure across all Android platforms including mobile phones, tablets, and small notebooks without any user perceivable delay for most of the regular Android applications.

show abstract

“…Lee et al [19] present a secure deletion solution for YAFFS using encryption. They propose encrypting all files and including the corresponding encryption key in every file header written to the file system.…”

Section: Related Workmentioning

confidence: 99%

User-level secure deletion on log-structured file systems

Reardon

Marforio

Čapkun

et al. 2012

Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security

View full text Add to dashboard Cite

We address the problem of secure data deletion on logstructured file systems. We focus on the YAFFS file system, used on Android smartphones, and on the flash translation layer (FTL), used in SD cards and USB memory sticks. We show that neither of these systems provide temporal data deletion guarantees and that deleted data remains indefinitely on these systems if the storage medium is not used after the data is marked for deletion. Moreover, the time that data remains on log-structured file systems increases with the storage medium's size. We propose two user-level solutions that achieve secure deletion: purging, which ensures that all data is deleted, and ballooning, which reduces the expected deletion latency. We show that these two solutions can be combined to guarantee the periodic, prompt secure deletion of data regardless of the storage medium's size and with acceptable wear of the memory. As these solutions require only user-level permissions, they enable the user to securely delete data even if this feature is not supported by the kernel or hardware, over which users typically do not have control. This, for example, allows mobile phone users to achieve secure deletion without violating their warranties or requiring non-trivial technical knowledge to update their firmware with a customized kernel. Our solutions empower users to ensure the secure deletion of their data without relying on the manufacturer to provide this functionality. We implement these solutions on Nexus One smartphones and show that they succeed in secure deletion. When used properly, our solutions neither prohibitively reduce the longevity of the flash memory nor noticeably reduce the device's battery lifetime.

show abstract

Secure deletion for NAND flash file system

Cited by 43 publications

References 10 publications

DEFY: A Deniable, Encrypted File System for Log-Structured Storage

DEFY: A Deniable, Encrypted File System for Log-Structured Storage

Implementing and Optimizing an Encryption Filesystem on Android

User-level secure deletion on log-structured file systems

Contact Info

Product

Resources

About