gone in a flash pdf

© 2011 Underwriters Laboratories Inc.

Gone in a FLASH!

…. Really?

Data remenance in FLASH media

Andrew Jamieson

Verification Services

Underwriters Laboratories

[email protected]

@andrewrjamieson

Agenda

What is Flash?

Why Flash is Different

Securing Flash Media

Flash Disk Attack and Data Recovery

Flash Chip Structure and Examples

Summary

2

What is Flash?

Flash media is an evolution of Electrically Erasable Programmable

Read Only Memory (EEPROM)

• Flash has become the ubiquitous method for fast, mobile storage

– ‘Flash drive’ is now synonymous with USB storage

– Defacto way for carrying data on the move

• Also increasingly used as OS and boot media

– Solid State Drives (SSDs) becoming cheaper and more popular

– Considered functionally equivalent, but faster and quieter

• But operational equivalence != functional equivalence

– How do flash drives really work?

– Do traditional erasure methods work on flash drives?

– What is the best way to secure data on flash media?

3

Why is Flash Different?

Hang on … they’re based on EEPROM? But I can write and erase

data to my flash disk arbitrarily. What’s with the ‘Read Only Memory’?

• Arbitrary write and erase is not possible on Flash memory

– Made possible on flash media through an abstraction layer called the

‘Flash Transfer Layer’

• Flash media is divided into two types of logical subsections

– ‘Pages’ and ‘Blocks’

– Flash memory can only be written as a whole page

– Bits in a page can be ‘set’ but not individually ‘un-set’

– Flash memory can only be erased as a whole block

– 1 page 128kBytes to 512kBytes

– 1 block ~= 64 pages

– Flash memory = many multiple blocks

4

Flash Memory Organisation

5

Flash Disk 1 BlockUser data is

written to pages

… but erased in blocks.

=

multiple blocks=

multiple pages

Wally West

Where do all the pages go?


Flash memory is a fundamentally different media to magnetic storage

• Random access bit level writes are not possible

• Erasing a flash block is much slower than reading or writing to a page

– Sequential read ~ 103x < random read ~ 10x < page write ~ 10x < block erase

• Each flash block has a maximum number of erase cycles before it fails

– Usually 10,000 but may be up to 100,000 depending on flash technology used

– After this, the individual flash cells can stop working properly

• But every time you write to any file, the whole block must be erased and re-

written (no arbitrary writes) ???

– Unless it’s not …

6


Example:

• If a flash chip block can only be erased 10,000 times, how often can you

modify any single file on a USB disk??

– Those who said over 246 million times are right!

– How does that work?

• Flash drive controller constantly re-maps file location as it is changed

– Think of it like another file system layer

7

File

Syste

m

Fla

sh

Tra

nsfe

r

layer

PC

Ph

ysic

al M

ed

ia


Manipulation of written data requires ‘intelligence’ in the Flash media

• Flash memory chips do not have this intelligence themselves

– Therefore a ‘flash controller’ is required within the media

– This controller manages the USB memory interface, and ‘flash transfer layer’

– Maps external access to internal flash memory locations

– This mapping changes as new data is written, modified and erased

– Usually an ASIC with embedded general purpose micro-controller (eg 8051)

8

USB

ASIC

Flash

Memory

Chip

Changing Data on Flash Media (Example 1)

9

Andrew Jamieson

Witham Labs

Andrew Jamieson

Underwriters

Laboratories (UL)

Changing Data on Flash Media (Example 2)

10

Andrew Jamieson

Witham Labs

Andrew Jamieson

Underwriters

Laboratories (UL)


So what does your Flash drive do when you modify or erase a file?

• Standard industry best practice dictates that for secure erasure of a file

you should overwrite the file

– One or more times, with random or static data

• This is based on the operation of magnetic media

– And is potentially out of date with current technology even in that context

– How do you ensure that data is erased in a Flash drive?

11

?USB

ASIC

Agenda

What is Flash?





Summary

12


So how do you secure your Flash Media?

• Flash media is portable, robust, and ubiquitous

– ‘Portable’ + ‘robust’ + ‘ubiquitous’

– Lost media is at best embarrassing, and at worst business destroying

… and remember, it’s not just the data you think is there

It may be data you have previously erased (even ‘securely’)

• When in doubt, encrypt

– Fortunately, numerous options exist for removable media

– Can be partitioned into three types:

– Software encryption on PC, password/passphrase entered on PC

– Hardware encryption on flash disk, password/passphrase entered on PC

– Hardware encryption on flash disk, password/PIN entered on flash disk

13

│ │ ≡ ‘Losable’


Hardware encryption, password/PIN entered on flash disk

• Flash controller integrates HW encryption core

– Encryption keys / password not exposed on PC, no software install on USB host

14

Battery

ASIC w

HW

Crypto

Flash chip only

contains

encrypted data

1

2

3

4

5

6

7

8

9

0

L

U


Hardware encryption, password/passphrase entered on USB host (PC)

• Flash controller integrates HW encryption core

– Encryption keys may be stored on Flash disk, not be exposed on PC, OR

– Encryption keys may be derived from password, and sent to Flash disk

– Password always exposed on host platform

– Additional software probably required to allow for password transfer

– IEEE 1667 specification allows for password interface to USB drives

– Not popularly supported, and does not require encryption

15

ASIC w

HW

Crypto

Encrypted data

Plaintext data

(containing driver)


Software encryption, password/passphrase entered on USB host (PC)

• Standard flash controller, no integrated encryption functions

– Encryption keys and password used / exposed on PC

– Data stored in encrypted ‘container’ on USB disk

– May be whole volume, sub-volume (encrypted container), or file only

– Encrypted by software on the PC before transfer to the USB

Which do you think is more secure (HW, HW hybrid, or SW encryption) ??

16

Standard

USB ASIC

Plaintext data

Encrypted

data

Agenda

What is Flash?





Summary

17


Flash memory involves many layers of abstraction

• File system Flash controller (FTL) Flash chip

– Recovery of bit-level data requires only access to last ‘layer’

• How do you ensure sensitive data is rendered unrecoverable from Flash?

– File system ‘erase’ is not sufficient (of course)

– What about overwriting the data?

– Physical destruction?

– Other?

• How do you secure data at the bit level?

– Encrypt with hardware of software?

– File or volume level encryption?

18

Flash Disk Attack

Attacking hardware encrypted Flash media

• Hardware encryption open to side channel analysis

– Same ASIC found in 90% of hardware encrypted flash disks

– But requires encryption to be running, so password/PIN already entered

– Not really much point (unless one key is being used across multiple devices)

• Attack key storage location

– Not always inside the ASIC, sometimes in external memory / micro-controller

– How is key erasure performed? Can ‘deleted’ keys be recovered?

• Attack PIN verification method

– PIN must be compared internally, and different actions taken if OK / not OK

– Different actions = different current draw

– Characterise current draw for PIN not OK, and disconnect power if this starts

19

Flash Disk Attack

Attacking software encrypted Flash media

• Password / encryption key exposed on system under use

– Not a problem with hardware systems that use embedded keypads

– Is a problem on hardware encrypted devices with PC password entry

• Does this matter?

– No requirement for installed software is convenient for different platforms/PCs

…. But if you don’t trust the PC to mange the keys/passwords securely, why do you

trust it to access plaintext data?

• Therefore compromised PC used to access the USB drive succeeds against

either hardware or software encrypted systems

– Exposure of keys/passwords or plaintext data is a semantic argument

– Hardware devices with embedded key storage are arguably less secure as they

can be stolen and attacked off-site to gain access to the key

20

Flash Data Recovery

It’s not just the flash transfer layer that causes problems with erasure

• Setting bits in flash memory is like pouring water into individual slots of an

ice tray – each slot with water in it is a ‘set’ bit

– Erasing the memory block is like tipping the tray to empty out the water

– But if you don’t tip far enough, or leave it tipped for long enough, some water will

remain in the slots

• ‘Erased’ data from flash memory can be re-read by lowering the operating

voltage of the chip

– Like looking for ‘less water’ in each ice tray slot to signify a bit that it set

211 0 1 1 0 10 0 0 0 0 0

Recovering Data from Flash Media

Physical data extraction from Flash memory

• Three types of attackers

– Unfunded, unsophisticated (‘script kiddies’ of the physical world)

– Some funds, and sophisticated (data recovery labs, some law enforcement)

– High funds, high sophistication (military and governmental agencies)

• Flash chips are composed of one or more physical dies

• Bonded into chip package with good physical strength properties

– Much better than ‘standard’ processor or logic die packaging

• Makes physical destruction difficult!

– Need to make sure die is damaged

– Damage to PCB, controller, and even flash chip package is not necessarily

enough to prevent data recovery by determined attacker

22

Agenda

What is Flash?





Summary

23

Flash Memory Structure

Flash chip package holds die on bottom, under leaded pin structure

24


Flash die may only take up part of the whole package

25


Can you ‘see’ data on a flash chip?

26


Bond-out pads can be accessed even if package destroyed

27


Physical destruction requires damage to flash die

28

+ =

Damage to package only is not sufficient for Type 2 attackers


Microwave of Flash part

29


30No visible damage to chip die (more research required!)

Agenda

What is Flash?





Summary

31

Summary

Flash storage cannot be treated in the same way as magnetic storage

• Data storage methods are fundamentally different

– Therefore different recovery methods can be applied

– Different erasure/destruction methods must be used

• Overwriting of files does not necessarily remove data

– Data will be duplicated across the die for wear leveling purposes

– Bypassing of USB controller provides access to wear leveled data

• Encryption can help to secure data on the chip

– Hardware encryption/password management provides interoperability value but

no real security value in the face of compromised PC

– File level encryption can help reduce exposure window during operation

• Great care is necessary to ensure data remains secure

– Best erasure method is complete die destruction or ensuring no plaintext data is

never written to the USB (therefore, only erase the key)32

THANK YOU.

gone in a flash pdf

Devices & Hardware