70 likes | 298 Views
T13 Change Request re Security Erase. Gordon Hughes, CMRR @ UCSD 858-534-5317,gfhughes@ucsd.edu Formerly Seagate (until 1997) PI on NSA Secure Erase R&D program Original requester for SE in T13 and T10 Talk Outline: What SE Change is requested Will it change virus security?
E N D
T13 Change Request re Security Erase • Gordon Hughes, CMRR @ UCSD • 858-534-5317,gfhughes@ucsd.edu • Formerly Seagate (until 1997) • PI on NSA Secure Erase R&D program • Original requester for SE in T13 and T10 • Talk Outline: • What SE Change is requested • Will it change virus security? • Example SE utility showing present problem • Background on user benefits of change
Request ATA Spec change • For Security Freeze Lock command: • Remove SE from abort command list, • so Secure Erase can be issued by SE utilities, • by Windows, and by Unix/Linux • Table 10, Security mode command actions • Change SECURITY ERASE PREPARE from ABORTED to EXECUTABLE, in Frozen state • Change SECURITY ERASE from ABORTED to EXECUTABLE, in Frozen state • Virus security will be same as block write SE
Example: CMRR Freeware SE Utility • HDDerase.exe, a DOS floppy boot utility • Downloadable freeware utility from UCSD • Runs only from floppy drive (for virus protection) • 4 erase options: HDD SE, Fast Erase (with random password), • & block write SE (DoD 2550 triple and new DoD) • Checks if Security Feature Set is supported • Tries to turn it on, if set to off by Device Configuration • Checks if drive is Locked or Frozen • If Locked, asks user for HDD password • If Frozen, HDD SE commands Aborted (ATA spec) • Can always SE by block erase (DoD 5220) • CMRR working with Microsoft on Windows SE • Microsoft using utility for R&D to put SE command in Windows • Microsoft is aware of BIOS Freeze Lock problem
Why not just block write SE? (DoD 2550) • Block erase utilities (PC World May 20, 2003): • Summit Computer Hard Disk Scrubber • Jetico Inc.'s $40 BCWipe • LSoft Technologies Inc.'s $30 Active@ KillDisk Pro • Not secure per National Security Agency • Doesn’t erase reassigned blocks, success not certain • HDD SE is up to 3X faster, per CMRR tests • Enhanced SE can qualify for NSA secret data • DoD 2550 is for unclassified and confidential data only • Enhanced SE needs to be implimented and validated
CMRR SE Validation Tests • Tested 35 ATA & SCSI drives for SE • All recent ATA drives SE ok (>10-15 GB) • All 4 system board ports, all command combos, • Power interrupt leaves drive locked • SE doesn’t work if BIOS issues Freeze Lock • All SCSI drives don’t SE (optional in T10) • Means SATA drives all do SE?
Background for Spec change request • 2002, Gartner Dataquest: 150,000 hard drives "retired" • 2003 Garfinkel and Shelat, in newspapers worldwide • and in IEEE Journal of Security & Privacy • They bought 158 used hard drives at computer stores and on eBay. • 49 contained "significant personal information" • Medical correspondence, love letters, pornography,5,000 credit cards. • One had a account numbers from a cash machine in Illinois. • 2002: Pennsylvania sold computers with state employee information • 1997: Arizona pharmacy computer sold with 2,000 customer’s prescriptions. • CMRR buys eBay drives for SE tests • 1/3 have unerased user data.
References • “Secure Erase of Disk Drive Data” IDEMA Insight Magazine, Spring 2002 • Storage Visions Conference Las Vegas, talk on SE and intelligent storage, January 2003 • Letter to Computer World magazine, May 2003 • PC World letter, “Secure Erase Project,” October 2003 • “Secure Erase” CMRR Newsletter, Summer 2003 • DISKCON San Jose talk, Sept 2003