R&D: Investigation of Data Deletion Vulnerabilities in NAND Flash-Based Storage

arXiv.org has published an article written by Abhilash Garg, Supriya Chakraborty, Department of Electrical Engineering, Indian Institute of Technology Delhi, India, Manoj Malik, Devesh Kumar, Satyajeet Singh, Defence Research and Development Organization, India, and Manan Suri,Department of Electrical Engineering, Indian Institute of Technology Delhi, India.

Abstract: “Semiconductor NAND Flash based memory technology dominates the electronic Non-Volatile storage media market. Though NAND Flash offers superior performance and reliability over conventional magnetic HDDs, yet it suffers from certain data-security vulnerabilities. Such vulnerabilities can expose sensitive information stored on the media to security risks. It is thus necessary to study in detail the fundamental reasons behind data-security vulnerabilities of NAND Flash for use in critical applications. In this paper, the problem of unreliable data-deletion/sanitization in commercial NAND Flash media is investigated along with the fundamental reasons leading to such vulnerabilities. Exhaustive software based data recovery experiments (multiple iterations) has been carried out on commercial NAND Flash storage media (8 GB and 16 GB) for different types of filesystems (NTFS and FAT) and OS specific delete/Erase instructions. 100 % data recovery is obtained for windows and linux based delete/Erase commands. Inverse effect of performance enhancement techniques like wear levelling, bad block management etc. is also observed with the help of software based recovery experiments.“