Secure erase, also known as secure data erase, is a process used to completely erase all data on a storage device, like a solid state drive (SSD), to prevent data recovery. But does secure erase actually work to permanently delete data on SSDs? Let’s take a closer look.
How Secure Erase Works
Secure erase works by overwriting all data on a drive with zeroes, ones, or random data patterns. This is done to completely obscure the original data to make it unrecoverable. The process adheres to standards set by organizations like the Department of Defense (DoD) and the National Institute of Standards and Technology (NIST).
On traditional hard disk drives (HDDs), secure erase overwrites all sectors of the disk, including remapped sectors and spare areas. This ensures no original data traces remain that could be recovered forensically.
SSD Architecture Complicates Secure Erase
The architecture of solid state drives makes secure erase more complex. SSDs organize data differently than HDDs, storing data in cells of NAND flash memory rather than magnetic sectors. They also use wear leveling and garbage collection processes to evenly distribute writes and reclaim unused space.
This means that overwriting cells once may not permanently obscure data. The SSD’s controller will simply mark overwritten cells as invalid and write the new data elsewhere. Old data can remain in cells that are no longer in use.
Secure Erase Commands for SSDs
To attempt to overcome these issues, SSD makers have implemented secure erase commands specifically designed for NAND architecture:
- ATA Secure Erase – Issued via the ATA command set for SATA SSDs
- NVMe Format NVM – For PCIe NVMe SSDs
- SCSI Block Erase – For SAS SSDs
These commands perform functions like cryptographic erase on internal encryption keys or voluntary disablement of chip regions to prevent further access.
Limitations of Secure Erase on SSDs
However, security experts argue these SSD secure erase techniques may still be limited in permanently removing all data remnants:
- Overprovisioning spaces can retain data outside user-addressable locations
- Voluntary disablement of memory regions could be reversible
- Wear leveling could maintain copies of data in unused cells
- TRIM and garbage collection processes can lag, delaying when cells are truly erased
For these reasons, a single pass of a secure erase command may not guarantee complete and permanent data removal on an SSD.
Multipass Overwrites Are Recommended
To increase effectiveness, experts strongly recommend using multipass overwrite techniques on SSDs, overwriting all logical blocks with multiple passes of random data.
While this process could still theoretically leave traces of data lingering in unused physical cells of the NAND flash, the more overwrite passes, the lower the chance of recovery.
The US Department of Defense recommends at least 3 overwrite passes for secure deletion of data from SSDs.
Degaussing and Physical Destruction Are Most Effective
For true peace of mind that SSD data is unrecoverable, degaussing or physical destruction of the device is recommended.
Degaussing exposes the SSD to a strong magnetic field, disrupting the electrical charges representing the 0s and 1s. This input of magnetic noise leaves all data in an unreadable, scrambled state.
Physical destruction via crushing, shredding, or incinerating the SSD chips will obviously permanently prevent any possible data recovery as well.
Conclusion
In summary, while secure erase commands are designed to permanently delete SSD data, experts caution they may be limited in effectiveness due to the intricacies of NAND flash memory and SSD architecture. Using multipass overwrites, degaussing magnetic fields, or physical destruction provide higher levels of assurance when completely removing data from a solid state drive.
So in the end, does secure erase truly work to permanently wipe an SSD? The answer is… it’s complicated. Secure erase provides a baseline level of data removal but realistically may not render all data forensically unrecoverable due to SSD design factors. Using enhanced processes like degaussing or physical destruction gives the highest guarantee of secure data elimination from modern solid state drives.
Frequently Asked Questions
What is secure erase?
Secure erase is a process of overwriting all data on a storage drive to completely obscure the original information and prevent recovery. It adheres to standards from organizations like the DoD and NIST.
How does secure erase work on traditional hard drives?
On HDDs, secure erase overwrites all disk sectors, remapped sectors, and spare areas with zeroes, ones, or random data to completely replace any original user information.
Why doesn’t secure erase fully work on SSDs?
Factors like wear leveling, TRIM, overprovisioning, and SSD architecture create challenges in completely replacing all original user data remnants on solid state drives.
What are the secure erase commands designed for SSDs?
ATA Secure Erase, NVMe Format NVM, and SCSI Block Erase are commands specifically designed to try to overcome SSD architecture obstacles and fully delete data.
What techniques provide the most secure SSD data erasure?
Multipass random overwrites, degaussing, and physical destruction give higher guarantees of complete user data removal from SSDs.
Comparison of Secure Erase Techniques
| Technique | Effectiveness | Ease of Use |
|---|---|---|
| 1-pass Secure Erase command | Limited due to SSD architecture | Very easy, built-in command |
| 7-pass Random Overwrite | Highly effective if completed | Easy software procedure |
| Degaussing | Nearly perfect data removal | Requires special degaussing equipment |
| Physical Destruction | Guaranteed secure data destruction | Difficult, requires physical disassembly and tools |
As shown, while basic 1-pass secure erase commands are easy to issue, they have limited effectiveness on SSDs. Degaussing provides excellent effectiveness with moderate ease of use. Physical destruction guarantees data removal but requires significant physical effort.
Best Practices for Securely Erasing SSDs
Follow these best practices when trying to fully erase an SSD:
- Use multipass software to overwrite all logical blocks with multiple rounds of random data
- Verify the SSD supports and can issue the ATA Secure Erase, NVMe Format NVM, or SCSI Block Erase command
- Check that SSD firmware is up-to-date for maximum command effectiveness
- Degauss drives using strong magnets to disrupt electrical charges representing data
- Physically destroy the SSD chips if 100% secure data elimination is mandatory
By using a combination of overwrite passes and degaussing, most scenarios can achieve excellent SSD data sanitization results, exceeding any reasonable standard for secure erase.
Glossary
Secure Erase – A standardized process to completely overwrite all data on a storage device to prevent forensic data recovery.
Solid State Drive (SSD) – A storage device that uses flash memory chips to store persistent data instead of magnetic platters like hard disk drives.
NAND Flash – The type of non-volatile memory used by SSDs to store data in electrical charges within memory cells made of floating gate transistors.
Wear Leveling – An SSD process that evenly distributes writes across flash memory to avoid excessive writes to any one cell.
TRIM – An SSD command that allows the operating system to notify the SSD which blocks of deleted data can be wiped and reused.
Garbage Collection – The process SSD controllers use to reclaim unused cells, wipe their data, and make them available again for writing.
ATA Secure Erase – A built-in SSD command executed via the ATA interface to perform a secure data deletion.
NVMe Format NVM – The secure data erase command used on NVMe PCIe SSDs to sanitze all user data.
SCSI Block Erase – The secure erase command designed for SAS-interfaced SSDs in enterprise environments.
Degaussing – The process of exposing magnetic storage media to strong magnetic fields in order to disrupt the magnetic domains and render data unreadable.
References
- Kuang-bin Feng, Bingchang Liu, Steven Swanson, “An Experimental Study of Secure Deletion on Solid State Drives”, Proceedings of the 5th USENIX Workshop on Hot Topics in Storage and File Systems, 2013.
- Wei, Michael Y., et al. “Reliably Erasing Data From Flash-Based Solid State Drives.” FAST, vol. 11, 2011, pp. 8-8.
- Reardon, Joel, et al. “Secure Data Deletion from Persistent Media.” Proceedings of the 2013 USENIX Security Symposium, 2013, pp. 271-287.
- Blancco Technology Group. “Best Practices for Securely Erasing SSDs & HDDs.” Blancco, 2018, www.blancco.com
- Kuang-bin Feng, Bingchang Liu, Steven Swanson, “An Experimental Study of Secure Deletion on Solid State Drives”, Proceedings of the 5th USENIX Workshop on Hot Topics in Storage and File Systems, 2013.
