[Cryptography] Digital dyes for tracing digital leaks ?
John Gilmore
gnu at toad.com
Thu Jan 10 19:51:20 EST 2019
Henry Baker <hbaker1 at pipeline.com> wrote:
> Thus, "uninitialied" memory would be initialized to such a code in
> such a way that if some of the same bit sub-sequences showed up again,
> it might be indicative of a data leak.
UCSD researchers used a technique like this to discover that the
"Security Erase" command to SSD flash drives typically fails to securely
erase:
"Reliably Erasing Data from Flash-Based Solid State Drives"
https://www.usenix.org/legacy/events/fast11/tech/full_papers/Wei.pdf
"3.1 Validation methodology
Our method for verifying digital sanitization operations uses the
lowest-level digital interface to the data in an SSD: the pins of the
individual flash chips.
To verify a sanitization operation, we write an identifiable data
pattern called a fingerprint (Figure 3) to the SSD and then apply the
sanitization technique under test. The fingerprint makes it easy to
identify remnant digital data on the flash chips. It includes a
sequence number that is unique across all fingerprints, byte
patterns to help in identifying and reassembling fingerprints, and a
checksum. It also includes an identifier that we use to identify
different sets of fingerprints. For instance, all the fingerprints
written as part of one overwrite pass or to a particular file will
have the same identifier. Each fingerprint is 88 bytes long and
repeats fives times in a 512-byte ATA sector.
Once we have applied the fingerprint and sanitized the drive, we
dismantle it. We use the flash testing system in Figure 2 to extract
raw data from its flash chips. The testing system uses an FPGA running
a Linux software stack to provide direct access to the flash chips.
Finally, we assemble the fingerprints and analyze them to determine if
the sanitization was successful."
John
More information about the cryptography
mailing list