Secure Erase
Since I’ve made it to Sunday night without a post, I’m reproducing one of my older efforts that wasn’t migrated over. It was originally written in 2007, though I have made some minor edits to clarify dates and fix dead links. With a bit of luck and a bit more organisation, I’ll have something new and exciting for next week.
I recently found out about this not very well known technology (it currently has no Wikipedia page) with so many benefits. It’s titled Secure Erase and has been part of the ATA standard since ATA/ATAPI-4 (1997)1. The general principle was to introduce a hardware implementation of software “shredding” or “wiping” applications.
The concept was investigated and developed by the Centre for Magnetic Recording Research at the University of California, in conjunction with the U.S. Federal Government and hard drive manufacturers2. The major advantages of a hardware implementation would be increased speed and the ability to wipe areas of the disk not made available externally, such as bad sectors. The time taken to perform a secure erase is estimated to be between 10 and 60 minutes3 depending on capacity and speed, with the common software triple overwrite (very often incorrectly referred to as DoD Standard 5220) taking up to eight times longer.
On the topic of the US Department of Defence’s National Industrial Security Program Operating Manual (NISPOM2006-5220), almost universally referred to as a standard requiring that hard drives be wiped using a triple overwrite method, not only is it not a standard, it has only two paragraphs relating to data sanitisation (section 8-301) which make no mention of how a hard drive should be wiped before declassification. As of late June 2007, magnetic “Rigid Disk(s)” can no longer be declassified by overwriting4. The remaining options are degaussing which often destroys the attached controller along with the data making the hard drive completely useless, and destruction, either by incineration, smelting, abrasion or the use of chemicals.
Back on Secure Erase, one of the biggest advantages of implementing the overwrite in hardware is the ability to use a different frequency to write at a different frequency from normal. A very basic method of retrieving even data that has been overwritten is to read at an offset from the track. As time passes with data stored on a disk, the magnetic domains aligned to represent that data affect surrounding domains, causing a spreading effect. Immediately after overwriting, the domains slightly offtrack still represent the old data. The triple overwrite method causes large fluctuations in the ontrack domains with the desired effect being the offtrack ones change at a greater rate. However, writing with a different frequency is akin to writing over a wider area (or alternatively, a localised degaussing effect). It has been found that lower frequencies result in higher signal reduction4 and it is expected that hard drive manufactures will implement Secure Erase in this way.
The actual instructions required to initiate a secure erase are known as Secure Erase Prepare and Secure Erase Unit. Secure Erase Prepare is given first and may be refused, in which case the drive is not able to perform a secure erase at this time (either through lack of authentication or because the BIOS has locked it). When the Secure Erase Prepare has been accepted, Secure Erase Unit can be issued with a parameter indicating the type of erase: normal or enhanced5. A normal erase writes zeros to all user data locations. An enhanced erase, according to (5), writes a user defined pattern. The enhanced erase appears to be left open to manufacturers interpretation and a DC erase combined with an arbitrary patten can (and probably should) be used instead2.
The CMRR has a freeware utility available for performing a normal or enhanced erase (untested, since I have no hard drive I wish to erase right now), along with more reading at their Secure Erase page.
So now you know. If you’re selling/donating/disposing of a hard drive and are worried about what information may be stored on there, don’t bother wasting hours or days with a triple overwrite method or a program claiming to comply with a US standard that isn’t a standard. The erase program is built into the disk and the utility above will let you get to it. Hopefully the option will be exposed in operating systems soon, since the functionality is already widely available.
References:
1. C. E. Stevens, Mass Storage Media Locking, http://t10.t10.org/ftp/t10/document.05/05-438r0.pdf
2. G. Hughes & T. Coughlin, Secure Erase of Disk Drive Data, http://www.tomcoughlin.com/Techpapers/Secure%20Erase%20Article%20for%20IDEMA,%20042502.pdf
3. G. Hughes & T. Coughlin, Technical Proposal on ATA Secure Erase, http://www.t13.org/Documents/UploadedDocuments/docs2004/e04147r0-TechProposalFreezeLockSecureErase.doc
4. Defense Security Service, Updated DSS Clearing and Sanitization Matrix (June 28, 2007) http://www.dss.mil/isp/odaa/documents/clearing_and_sanitization_matrix.pdfhttp://it.ouhsc.edu/policies/documents/infosecurity/DoD_5220.pdf
5. D. Colegrove, Enhanced Security Erase Unit Proposal, http://t13.org/Documents/UploadedDocuments/technical/d96156r0.pdf