Embedded devices today store a wide variety of data. You would be forgiven for thinking that when data is removed from such a device, it’s completely gone. Unfortunately, that isn’t always the case. While sometimes data is inherently secure through techniques like encryption or encoding, not all device designs provide secure means of data removal.
Just how hard is it to remove embedded device data?
For electronic media, the data must be both erased and overwritten – only then is the data securely deleted from the drive. Some use cases that demand such a thorough level of data erasure include: temporary storage of secure data (for example, a web browser cache), or when changing users on a shared device – or when a device will be sold. Another use case could be in the event of remote theft – a “kill pill” to remove secure data before hackers gain access.
Data that’s removed from such devices can sometimes be recovered – a potentially significant security risk. Suboptimal data removal can lead to sensitive data falling into the wrong hands, and may even reduce the lifetime of the device itself. For these reasons, methods like secure erase are used to make sure data that needs to be disposed of gets properly removed, without the possibility of recovery.
Overwriting data for proper security
Secure erase is a data sanitization method for completely erasing data off of a device. More specifically, it’s a group of firmware commands that together function as an interface for secure data removal. Importantly, secure erase does not simply move data to a different location on the device. Instead, sanitization methods like secure erase aim to permanently wipe data from the device, preventing recoverability.
Secure erase works by overwriting the data at its location with new data that’s random and useless (usually binary 1’s and 0’s). Once this overwriting has been accomplished, software-based data recovery methods (like file or partition recovery programs) won’t be able to recover the data. Furthermore, because secure erase is a command baked into the firmware, any missed write operations are checked – ensuring a more complete and watertight overwriting process.
The above overwriting process is also affected by the form of media on the device. NAND media, for example, is particularly tricky. It adds layers of difficulty to secure erasure as the data we want gone has to be written to a new location first – a technique is called “copy on write”.
While not everyone may agree on the very best method of data sanitization, secure erase is widely considered popular and reliable. It remains a good choice when a permanent solution is needed for data removal on embedded devices.
Secure erase and NAND at Embedded World 2021
Secure erase is a topic with a lot of detail – far too much for a single blog post. Join me this week at Embedded World, where I’ll be giving the following talk on secure erase on NAND media:
Title of talk: “Keeping device data safe with secure erase”
Session: 4.8 Safety & Security: Security Hardware
Date/Time: Wednesday, March 3, 2:00:00 PM – 2:30:00 PM (CET)
Abstract: Removing data securely from flash media is more challenging than older magnetic designs. The software and firmware must work in unison to provide secure solutions that are increasingly in demand. In this talk, we detail the secure interface from the application to the media and point out the possible pitfalls along the way.
After my talk, I’ll be online to answer your questions and talk about secure erase and NAND media.
Final thoughts
It is important to remember that for proper data security, how you get rid of the data is just as important as how you protect it while it’s kept on the device. It is not enough to store data securely and reliably – it must also be disposed of with the correct methods. Optimal data security is a process that encompasses the design of the entire embedded system – from the chosen media through the application itself.
