HiFlash: A History Independent Flash Device
This work addresses data retention regulations for flash storage, offering a novel solution to prevent history-based data recovery, though it is incremental in extending history independence from mechanical disks to flash devices.
The paper tackles the challenge of ensuring data deletion compliance on flash devices by designing HiFlash, a history independent flash device that defends against adversaries with temporal access, achieving strong history independence while trading minimal history leakage for significantly increased device lifetime.
Retention regulations require timely and irrecoverable disposal of data, a challenging task, as data and its side effects are stored and maintained at all layers of a computing system. Those side effects can be used as an oracle to derive the past existence of deleted data. Fortunately, history independence can be utilized to eliminate such history-related oracles. HIFS can provide history independence for file storage over mechanical disk drives. However, HIFS cannot provide history independence when deployed on top of flash devices, as flash memory manages its own internal block placement, which is often inherently history dependent. In this work, we initiate research on history independent flash devices. We design HiFlash, which achieves a strong notion of history independence by defending against an adversary allowed access to the flash at multiple different points in time. In addition, we design a simple, yet history independence friendly wear-leveling mechanism that allows HiFlash to smartly and advantageously trade off a tunable small amount of history leakage for a significant increase in the device's lifetime. Our prototype built in an actual flash device as well as extensive simulations validate the effectiveness of HiFlash.