Investigation of Data Deletion Vulnerabilities in NAND Flash Memory Based Storage
This addresses data security vulnerabilities for users of NAND Flash storage in critical applications, though it is incremental as it builds on known issues.
The paper investigates unreliable data deletion in commercial NAND Flash storage, finding that 100% data recovery is possible after standard delete/erase commands across different filesystems and operating systems, and identifies performance enhancement techniques as contributing factors.
Semiconductor NAND Flash based memory technology dominates the electronic Non-Volatile storage media market. Though NAND Flash offers superior performance and reliability over conventional magnetic HDDs, yet it suffers from certain data-security vulnerabilities. Such vulnerabilities can expose sensitive information stored on the media to security risks. It is thus necessary to study in detail the fundamental reasons behind data-security vulnerabilities of NAND Flash for use in critical applications. In this paper, the problem of unreliable data-deletion/sanitization in commercial NAND Flash media is investigated along with the fundamental reasons leading to such vulnerabilities. Exhaustive software based data recovery experiments (multiple iterations) has been carried out on commercial NAND Flash storage media (8 GB and 16 GB) for different types of filesystems (NTFS and FAT) and OS specific delete/Erase instructions. 100 % data recovery is obtained for windows and linux based delete/Erase commands. Inverse effect of performance enhancement techniques like wear levelling, bad block management etc. is also observed with the help of software based recovery experiments.