請選擇語言

Asia/Pacific
  • AustraliaAustralia
    English
  • BangladeshBangladesh
    English
  • CambodiaCambodia
    English
  • ChinaChina
    中文 (简体)
  • HongKongHongKong
    中文 (繁體)
  • IndiaIndia
    English
  • IndonesiaIndonesia
    English
  • JapanJapan
    日本語
  • KoreaKorea
    한국어
  • MalaysiaMalaysia
    English
  • MongoliaMongolia
    English
  • MyanmarMyanmar
    မြန်မာ
  • NepalNepal
    English
  • New ZealandNew Zealand
    English
  • PakistanPakistan
    English
  • PhilippinesPhilippines
    English
  • SingaporeSingapore
    English
  • SriLankaSriLanka
    English
  • TaiwanTaiwan
    中文 (繁體)
  • ThailandThailand
    English
  • VietnamVietnam
    Tiếng Việt
Europe
  • AustriaAustria
    Deutsch
  • BelarusBelarus
    Pусский
  • BelgiumBelgium
    Dutch
  • BosniaBosnia
    English
  • BulgariaBulgaria
    English
  • CroatiaCroatia
    English
  • CyprusCyprus
    English
  • Czech RepublicCzech Republic
    English
  • DenmarkDenmark
    English
  • EstoniaEstonia
    English
  • FinlandFinland
    English
  • FranceFrance
    Français
  • GermanyGermany
    Deutsch
  • GreeceGreece
    English
  • HungaryHungary
    English
  • IcelandIceland
    English
  • IrelandIreland
    English
  • ItalyItaly
    Italiano
  • KazakhstanKazakhstan
    Pусский
  • KosovoKosovo
    English
  • LatviaLatvia
    English
  • LithuaniaLithuania
    English
  • MacedoniaMacedonia
    English
  • MaltaMalta
    English
  • NetherlandsNetherlands
    Dutch
  • NorwayNorway
    English
  • PolandPoland
    Polski
  • PortugalPortugal
    English
  • RomaniaRomania
    English
  • SerbiaSerbia
    English
  • SlovakiaSlovakia
    English
  • SloveniaSlovenia
    English
  • SpainSpain
    Español
  • SwedenSweden
    English
  • SwitzerlandSwitzerland
    Deutsch
  • TurkeyTurkey
    Türkçe
  • UkraineUkraine
    English
  • United KingdomUnited Kingdom
    English
North America
  • CanadaCanada
    English
  • United StatesUnited States
    English
Latin America
  • ArgentinaArgentina
    Español
  • BoliviaBolivia
    Español
  • BrasilBrasil
    English
  • ChileChile
    Español
  • ColombiaColombia
    Español
  • Costa RicaCosta Rica
    Español
  • Dominican RepublicDominican Republic
    Español
  • EcuadorEcuador
    Español
  • El SalvadorEl Salvador
    Español
  • GuatemalaGuatemala
    Español
  • HondurasHonduras
    Español
  • MéxicoMéxico
    Español
  • PanamaPanama
    Español
  • ParaguayParaguay
    Español
  • PeruPeru
    Español
  • UruguayUruguay
    Español
  • VenezuelaVenezuela
    Español
Middle East/Africa
  • AlgeriaAlgeria
    English
  • EgyptEgypt
    English
  • IsraelIsrael
    English
  • KenyaKenya
    English
  • LebanonLebanon
    English
  • LibyaLibya
    English
  • MauritiusMauritius
    English
  • MoroccoMorocco
    Français
  • Saudi ArabiaSaudi Arabia
    English
  • South AfricaSouth Africa
    English
  • TunisiaTunisia
    English
  • UAEUAE
    English
  • YemenYemen
    English
Others
  • OthersOthers
    English

Reliably Erasing Data from an SSD

Reliably erasing data from storage devices is critical for secure data management. Solid state drives (SSDs) differ from hard disk drives in how they store and manage data using flash memory instead of magnetic disks. SSDs have an added level between the logical block addresses systems use to access data, and the physical flash addresses where data is actually stored. This layer improves SSD performance and reliability by masking the complex flash memory interface and managing its limited lifespan. However, it can also create hidden copies of data that a skilled attacker could recover, even if the user can't see them anymore. Because of this, it is extremely important to fully remove all data when sanitizing storage devices.

1. Whole-drive sanitization
There are four different techniques for sanitizing an entire SSD:

1.1 Built-in sanitize commands

Most modern drives have built-in sanitize commands that tell the drive's firmware to run a sanitization process. Traditionally, security commands specify an "erase unit" command that erases all accessible areas by writing all zeros or ones. There is also an "erase unit enhance" command that writes a pattern set by the manufacturer, like a 1MB file filled with 0x55. Standards specify a "block erase" command as part of sanitize functions. It erases all memory blocks with user data, even inaccessible ones. Industrial SSDs support these standards to effectively sanitize with fast multiple block erasing. For example, a 1TB or 512GB pSLC SSD can sanitize fully in about 10 seconds when triggered through a feature connector starting a 4-way simultaneous block erase process across the whole drive.

1.2 Repeatedly writing over the drive

The second method for sanitizing a drive is to use normal input/output (I/O) commands to overwrite each logical block address on the drive multiple times. Overwriting the entire drive repeatedly with different patterns is at the core of many disk sanitization standards and tools. Most standards and tools overwrite the drive sequentially with patterns of 1 to 35 bits. The U.S. Air Force System Instruction 5020 is a good example; it first fills the drive with zeros, then ones, and finally a random character. The data is then read back to confirm only the random character remains. Using different bit patterns aims to switch as many physical bits on the drive as possible, making the data harder to recover using analog methods.

Bit patterns could also be important for solid state drives (SSDs), but for different reasons. Some SSDs compress data before storing it, so they will write fewer bits to flash if the data is highly compressed. This suggests SSD overwrite procedures should use random data for maximum effectiveness.

The complexity of SSD firmware translation layers means how the drive was used before overwriting could impact the technique's effectiveness. We tested SSDs by writing the first pass of data either sequentially or randomly. Then, we performed 20 sequential overwrites. For the random writes, we wrote each LBA only once in a random order.

In most cases, overwriting the entire disk twice was enough to sanitize the drive, no matter the previous state. However, it takes a significant amount of time to fully sanitize a drive in this way.

1.3 Electrically destroying the drive via a high voltage generator

Degaussing is a quick and effective way to destroy hard drives by removing the drive's low-level formatting and damaging its motor. This erases all the data. However, flash memories in solid state drives (SSDs) don't store data using magnetism like hard drives. So a degausser won't directly erase the flash cells in an SSD.

Alternatively, an SSD could be designed with a high voltage generator and controller to physically destroy the NAND flash chips. But this type of design is not normal for SSDs. Industrial-grade SSDs from SP Industrial have a built-in power management unit for more reliable power than discrete circuits. They also have complete protection against overvoltage, overcurrent, surge and short circuits for higher safety than normal fuse designs. Therefore, using this technique to wipe the entire drive clean is not recommended.

1.4 Leveraging encryption

The self-encrypting drives in SP Industrial SSDs have an AES-256 encryption engine. This provides secure hardware-based data encryption without slowing down the SSD performance. The drive follows the TCG/Opal standard for trusted computer parts. Encryption is always on, but the encryption keys are not managed until security features from TCG/Opal or ATA are turned on. Deleting the encryption key makes the data very hard to access because it would take the encryption key away. This makes wiping the drive a quick way to securely remove all data, in theory.

Pin Function I/O Funtion Description
1 Write Protect input short to GND pin to enable write protection
2 GND n/a system ground
3 Device activity indicator output connect to an LED to indicate device activity
4 Security Erase trigger input short to GND pin to trigger security erase function
5 Erase activity indicator output connect to an LED to indicate erase function activity