8
  1. Is it possible to recovery data from SSD, that was secure erased (https://ata.wiki.kernel.org/index.php/ATA_Secure_Erase), by IT or professional data recovery company?
  2. Does this type of erasing reduce liftime of SSD?
Artur Szymczak
  • 463
  • 1
  • 5
  • 8

2 Answers2

19

A paper from 2011 by four people from the University of California, San Diego writes in section "3.2.1 Built-in sanitize commands":

Of the 12 drives we tested, [...] Eight of the drives reported that they supported the ATA SECURITY feature set. One of these encrypts data, so we could not verify if the sanitization was successful. Of the remaining seven, only four executed the “ERASE UNIT” command reliably.

So in 2010/2011, out of 12 commercially available SSDs models 8 advertised that they support ATA Secure Erase, and either 4 or 5 models performed a secure erase. The rest didn't, to varying degrees:

Drive B’s behavior is the most disturbing: it reported that sanitization was successful, but all the data remained intact. In fact, the filesystem was still mountable. Two more drives suffered a bug that prevented the ERASE UNIT command from working unless the drive firmware was recently reset, otherwise the command would only erase the first LBA. However, they accurately reported that the command failed. The wide variance among the drives leads us to conclude that each implementation of the security commands must be individually tested before it can be trusted to properly sanitize the drive

It would be nice to have more recent data, because SSD designs have changed a good deal since 2011. Sadly I haven't found anything newer.

  • Note that, while the secure erase failed on three drives, two out of the three accurately reported this. So if you actually read error messages, only one drive would have left you exposed. – sleske Apr 28 '16 at 08:24
8

No on both counts, assuming the implementation is within spec.

Secure erase works through encryption, usually AES. Essentially, everything that is written to the SSD is first encrypted with a master key. This happens all the time, is entirely managed by the device's on-board firmware, and is completely transparent. The master key is randomly generated on the production line.

The problem with erasing an SSD through traditional means is that it requires a lot of write operations, and these degrade the device. In order to combat that issue, secure erase simply changes the master key. This means that the old key is lost, and all data on the disk is automatically unreadable. The new key is then used to store new data.

There are only a few ways to "revert" a secure erase operation:

  • Get access to the device before the secure erase happens, and capture the master key from the controller's EEPROM. Though at that point, why not just steal the SSD?
  • Break AES in a way that allows full recovery of plaintext in a situation where you have a few hundred gigabytes of arbitrary ciphertext, but not the key.
  • Find a bug in the implementation of secure erase that causes the old key to be left on the device somewhere.

None of these are particularly feasible attack vectors. The first two aren't very feasible. Jesper's answer shows that the implementation certainly isn't infallible, though.

Polynomial
  • 133,763
  • 43
  • 302
  • 380
  • Do yo have any reference stating that secure erasing actually means changing that master key? – cprcrack Sep 17 '14 at 00:52
  • @cprcrack A few: [TechRepublic article](http://www.techrepublic.com/article/erasing-ssds-security-is-an-issue/), [Intel SSD booklet](http://www.intel.co.uk/content/dam/www/public/us/en/documents/technology-briefs/ssd-520-aes-tech-brief.pdf), [Sophos article](http://nakedsecurity.sophos.com/2011/02/20/ssds-prove-difficult-to-securely-erase/), [PC World article](http://www.pcworld.com/article/2084961/kill-your-data-dead-with-these-tips-and-tools.html), and a [Kingston article](http://www.kingston.com/us/community/articledetail?ArticleId=10) which implies it heavily without saying it. – Polynomial Sep 18 '14 at 20:25
  • 1
    Thank you. But to my understanding not all SSDs are encrypted and thus secure erasing them does not *always* mean erasing the encryption key. Do you agree? The reason why I'm wondering this is because I just secure erased an SSD that according to some reviews lacks encryption. But the secure erasing procedure only took about 4 seconds. How could be this possible? Are there any other fast secure erase methods for non-encrypted SSDs? – cprcrack Sep 19 '14 at 00:40
  • @cprcrack Usually the term "encrypted SSD" is reserved for SSDs that offer user-selectable keys. The specification for flash devices contains a section for protected area keys, vendor keys, data keys, and user keys. Whether these are externally accessible is implementation specific. In devices marketed as "encrypted", the user-specified key is (usually) used to encrypt the data key which is present in a normal SSD, so that destruction of data is assured during a secure erase operation even if an attacker gains knowledge of the user's password. – Polynomial Sep 19 '14 at 18:13
  • So you are saying that in reality *all* SSDs are encrypted internally? – cprcrack Sep 19 '14 at 21:36
  • @cprcrack Those that adhere to the specification (which should be all high-street brand drives) are encrypted internally, yes. – Polynomial Sep 21 '14 at 21:43