t13 change request re security erase
DESCRIPTION
T13 Change Request re Security Erase. Gordon Hughes, CMRR @ UCSD 858-534-5317,[email protected] Formerly Seagate (until 1997) PI on NSA Secure Erase R&D program Original requester for SE in T13 and T10 Talk Outline: What SE Change is requested Will it change virus security? - PowerPoint PPT PresentationTRANSCRIPT
Gordon HughesFeb 2004
1
T13 Change Request re Security Erase
• Gordon Hughes, CMRR @ UCSD858-534-5317,[email protected] Seagate (until 1997)PI on NSA Secure Erase R&D programOriginal requester for SE in T13 and T10
• Talk Outline:What SE Change is requestedWill it change virus security?Example SE utility showing present problemBackground on user benefits of change
Gordon HughesFeb 2004
2
Request ATA Spec change
• For Security Freeze Lock command:Remove SE from abort command list, so Secure Erase can be issued by SE utilities, by Windows, and by Unix/Linux
• Table 10, Security mode command actionsChange SECURITY ERASE PREPARE from ABORTED to
EXECUTABLE, in Frozen stateChange SECURITY ERASE from ABORTED to
EXECUTABLE, in Frozen state
• Virus security will be same as block write SE
Gordon HughesFeb 2004
3
Example: CMRR Freeware SE Utility• HDDerase.exe, a DOS floppy boot utility
Downloadable freeware utility from UCSDRuns only from floppy drive (for virus protection)4 erase options: HDD SE, Fast Erase (with random password),& block write SE (DoD 2550 triple and new DoD)
• Checks if Security Feature Set is supportedTries to turn it on, if set to off by Device Configuration
• Checks if drive is Locked or FrozenIf Locked, asks user for HDD password
• If Frozen, HDD SE commands Aborted (ATA spec)
• Can always SE by block erase (DoD 5220)• CMRR working with Microsoft on Windows SE
Microsoft using utility for R&D to put SE command in WindowsMicrosoft is aware of BIOS Freeze Lock problem
Gordon HughesFeb 2004
4
Why not just block write SE? (DoD 2550)
• Block erase utilities (PC World May 20, 2003):Summit Computer Hard Disk ScrubberJetico Inc.'s $40 BCWipe LSoft Technologies Inc.'s $30 Active@ KillDisk Pro
• Not secure per National Security AgencyDoesn’t erase reassigned blocks, success not certain
• HDD SE is up to 3X faster, per CMRR tests• Enhanced SE can qualify for NSA secret data
DoD 2550 is for unclassified and confidential data onlyEnhanced SE needs to be implimented and validated
Gordon HughesFeb 2004
5
CMRR SE Validation Tests
• Tested 35 ATA & SCSI drives for SE
• All recent ATA drives SE ok (>10-15 GB)All 4 system board ports, all command combos,
Power interrupt leaves drive locked
SE doesn’t work if BIOS issues Freeze Lock
• All SCSI drives don’t SE (optional in T10)
• Means SATA drives all do SE?
Gordon HughesFeb 2004
6
Background for Spec change request
• 2002, Gartner Dataquest: 150,000 hard drives "retired"
• 2003 Garfinkel and Shelat, in newspapers worldwide and in IEEE Journal of Security & Privacy
They bought 158 used hard drives at computer stores and on eBay. 49 contained "significant personal information" Medical correspondence, love letters, pornography,5,000 credit cards.One had a account numbers from a cash machine in Illinois.2002: Pennsylvania sold computers with state employee information 1997: Arizona pharmacy computer sold with 2,000 customer’s prescriptions.
• CMRR buys eBay drives for SE tests1/3 have unerased user data.
Gordon HughesFeb 2004
7
References
• “Secure Erase of Disk Drive Data” IDEMA Insight Magazine, Spring 2002
• Storage Visions Conference Las Vegas, talk on SE and intelligent storage, January 2003
• Letter to Computer World magazine, May 2003• PC World letter, “Secure Erase Project,”
October 2003• “Secure Erase” CMRR Newsletter, Summer 2003 • DISKCON San Jose talk, Sept 2003