By Peter Cochrane, 15 December 2008 12:55
COMMENT
Written on BA289 flying from London to Phoenix, and dispatched to silicon.com a day later from my hotel via free wi-fi
I was recently handed a small number of USB memory sticks by people requesting copies of documents at a conference. On the face of it these folks appeared to have been sensible and gave me sticks that had been wiped clean - which, I might add, is not always the case.
So just for fun I thought I would dig a little deeper with a couple of simple utilities used for memory repair and file recovery. Within minutes each memory stick revealed a large number of files that I could access. I have no idea what the files contained (because I chose not to look) but some of the titles and sizes were intriguing.
I'm sure they held ammunition that would have embarrassed the owners and their organisations but fortunately for them I happen to be honest, and not a business competitor!
How come 'delete' doesn't actually invoke a full obliteration of files? It never does! In all our IT systems the prevalent mode is for the delete function to remove the link/pointer/identifier, directory and/or location header. This means the file icon disappears from our screens but the file itself remains. And this happens to be true on hard drives, flash memory and so on, and was also true of floppy discs and read/write CDs of our recent past.
It seems this fact has never been made clear to many people. The net result is a lot of undeleted information living on some of the most insecure memory devices on the market, which are carried in jacket pockets, cases and handbags.
As far as I am aware there are very few ways around this problem:
- Use a 1kg hammer or a welding torch to destroy your physical media
- Encrypt all sensitive files
- Never store sensitive information on any portable device
- Use a secure delete protocol
Unfortunately all of the above incur inconvenience and some expense, and even a secure protocol is seldom foolproof. Most systems have two file delete options: standard and secure. At an elementary level we should always opt for the secure option. Then you would think that would be an end to it - we should then be secure. Wrong!
The reality is that secure delete commonly employs one or more randomised overwriting sequences but someone armed with a deep knowledge of the operating system and the secure delete algorithm employed will most likely be able to reverse the process. Some companies boast their ability to recover data even after 10 overwrites.
If necessary, such abilities can be thwarted by using a large number of safe files, known only to you, to totally overwrite the memory device and fill up every available slot. A secure delete followed by a repeat of this entire process using a new set or randomised ordering of safe files each time more or less makes it impossible for anyone to recover the sensitive data once at risk. But this is inconvenient and really expensive in terms of time.
So there we have it! Security is only, and will most likely always be only, a relative condition. All we can do is make it really difficult for opportunists and attackers to get at our sensitive data.
Personally I use all of the above suggestions (1 - 4) as appropriate with a concentration on (3) when I can manage it, and (1) as my most certain method.
Comments
There are 8 comments. Join the discussion
1. Karen Challinor
as far as I am aware overwriting a file with randomised data prior to a deletion is a secure method of deletion for USB sticks as long as you ensure that you overwrite every block of the file in it's current physical location on the device
if you can do this then you can put the hammer away and reuse the device
unless someone uses something like a superconducting interference device to probe the charge levels on individual gates and attempts to work out the original charge pattern by subtracting an assumed pattern derived from a normal read of the device, but this is unlikely to be anyone outside of law enforcement
this doesn't work so well for disk drives though as it is sometimes possible to recover the original data by adjusting the head tracking to pick up data from the edge of a track, which depending on ambient factors such as the temperature at the time of the original recording may still have the original data
then hammers, drills and high temperatures are probably the best way to securely delete them
2. anonymous
My former employer (a major defence contractor) used to have all the hard discs from redundant PCs sent to a lady in the security department who took them apart (a trivial task), extracted the platters, then took these in person to the machine shop where she personally saw them all cut in half.
That's security!
3. Mike Parmley
All that any security mechanism provides is the increased time & effort required to break it. I.e. the more secure it is - the longer it will take to crack.
All you can reasonably hope to do is make it take too long/cost too much for a casual thief to bother.
This then brings a trade-off against the cost of protection against the value of what you are protecting.
This approach also applies to physical items as well as data - compare the lock on your shed to the lock on your house door. However, physical protection usually offers another dimension in that you should be able to tell if the protection has been broken, and this is not usually available when protecting data.
4. Paul Tidd
Drilled or smahed hard disks can have data recovered. Instances of 1inch of a spindle have revealed data recoverable and usable. For memory sticks applying to on/off switch on the chip will remove data. I have examples of PDA data recovered back over 7 years used in a divorce case.
5. Peter Cochrane
Karen = The reality is that PC generated random sequences are never truly random, they repeat over long cycles, and they can be recreated. Hence companies and agencies are able to recover data.
A PC only generates a pseudo-random sequence.
It turns out that generating a truly random sequence is a difficult problem and usually requires a random noise source - either electronic or photonic! Peter
6. Peter Cochrane
Anonymous = Agreed. Sophisticated brutality, or just plain brutality seems to be the final step! Peter
7. Peter Cochrane
Mike = Spot on! Peter
8. peter Cochrane
Paul = Hence my blow torch! Peter