Data erasure


Data erasure

Data erasure (also called data clearing or data wiping) is a software-based method of overwriting data that completely destroys all electronic data residing on a hard disk drive or other digital media. Permanent data erasure goes beyond basic file deletion commands, which only remove direct pointers to data disk sectors and make data recovery possible with common software tools. Unlike degaussing and physical destruction, which render the storage media unusable, data erasure removes all information while leaving the disk operable, preserving IT assets and the environment.

Software-based overwriting uses a software application to write patterns of random meaningless data onto all of a hard drive's sectors. There are key differentiators between data erasure and other overwriting methods, which can leave data intact and raise the risk of data breach or spill, identity theft and failure to achieve regulatory compliance. Many data eradication programs also provide multiple overwrites so that they support recognized government and industry standards. Good software should provide verification of data removal, which is necessary for meeting certain standards.

To protect data on lost or stolen media, some data erasure applications remotely destroy data if the password is incorrectly entered. Data erasure tools can also target specific data on a disk for routine erasure, providing a hacking protection method that is less time-consuming than encryption.

Contents

Importance

Information technology (IT) assets commonly hold large volumes of confidential data. Social security numbers, credit card numbers, bank details, medical history and classified information are often stored on computer hard drives or servers. These can inadvertently or intentionally make their way onto other media such as printer, USB, flash, Zip, Jaz, and REV drives.

Data breach

Increased storage of sensitive data, combined with rapid technological change and the shorter lifespan of IT assets, has driven the need for permanent data erasure of electronic devices as they are retired or refurbished. Also, compromised networks and laptop theft and loss, as well as that of other portable media, are increasingly common sources of data breaches.

If data erasure does not occur when a disk is retired or lost, an organization or user faces that possibility that data will be stolen and compromised, leading to identity theft, loss of corporate reputation, threats to regulatory compliance and financial impacts. Companies have spent nearly $5 million on average to recover when corporate data was lost or stolen.[1] High profile incidents of data theft include:

  • CardSystems Solutions (2005-06-19): Credit card breach exposes 40 million accounts.[2]
  • Lifeblood (2008-02-13): Missing laptops contain personal information including dates of birth and some Social Security numbers of 321,000.[3]
  • Hannaford (2008-03-17): Breach exposes 4.2 million credit, debit cards.[4]
  • Compass Bank (2008-03-21): Stolen hard drive contains 1,000,000 customer records.[5]
  • University of Florida College of Medicine, Jacksonville (2008-05-20): Photographs and identifying information of 1,900 on improperly disposed computer.[6]
  • Oklahoma Corporation Commission (2008-05-21): Server sold at auction compromises more than 5,000 Social Security numbers.[7]

Regulatory compliance

Strict industry standards and government regulations are in place that force organizations to mitigate the risk of unauthorized exposure of confidential corporate and government data. These regulations include HIPAA (Health Insurance Portability and Accountability Act); FACTA (The Fair and Accurate Credit Transactions Act of 2003); GLB (Gramm-Leach Bliley); Sarbanes-Oxley Act (SOx); and Payment Card Industry Data Security Standards (PCI DSS). Failure to comply can result in fines and damage to company reputation, as well as civil and criminal liability.

Preserving assets and the environment

Data erasure offers an alternative to physical destruction and degaussing for secure removal of all disk data. Physical destruction and degaussing destroy the digital media, requiring disposal and contributing to electronic waste while negatively impacting the carbon footprint of individuals and companies.[8] Hard drives are nearly 100% recyclable and can be collected at no charge from a variety of hard drive recyclers after they have been sanitized.

Limitations

Data erasure through overwriting only works on hard drives that are functioning and writing to all sectors. Bad sectors cannot usually be overwritten but may contain recoverable information. Software driven data erasure could also be compromised by malicious code.[9]

Differentiators

Software-based data erasure uses a special application to write a combination of 1s and 0s onto each hard drive sector. The level of security depends on the number of times the entire hard drive is written over.

Full disk overwriting

There are many overwriting programs, but data erasure offers complete security by destroying data on all areas of a hard drive. Disk overwriting programs that cannot access the entire hard drive, including hidden/locked areas like the host protected area (HPA), device configuration overlay (DCO), and remapped sectors, perform an incomplete erasure, leaving some of the data intact. By accessing the entire hard drive, data erasure eliminates the risk of data remanence.

Data erasure also bypasses the BIOS and OS. Overwriting programs that operate through the BIOS and OS will not always perform a complete erasure due to altered or corrupted BIOS data and may report back a complete and successful erasure even if they do not access the entire hard disk, leaving data accessible.

Hardware support

Data erasure can be deployed over a network to target multiple PCs rather than having to erase each one sequentially. In contrast with DOS-based overwriting programs that may not detect all network hardware, Linux-based data erasure software supports high-end server and storage area network (SAN) environments with hardware support for Serial ATA, Serial Attached SCSI (SAS) and Fibre Channel disks and remapped sectors. It operates directly with sector sizes such as 520, 524, and 528, removing the need to first reformat back to 512 sector size.

Standards

Many government and industry standards exist for software-based overwriting that removes data. A key factor in meeting these standards is the number of times the data is overwritten. Also, some standards require a method to verify that all data has been removed from the entire hard drive and to view the overwrite pattern. Complete data erasure should account for hidden areas, typically DCO, HPA and remapped sectors.

The 1995 edition of the National Industrial Security Program Operating Manual (DoD 5220.22-M) permitted the use of overwriting techniques to sanitize some types of media by writing all addressable locations with a character, its complement, and then a random character. This provision was removed in a 2001 change to the manual and was never permitted for Top Secret media, but it is still listed as a technique by many providers of data erasure software.[10]

Data erasure software should provide the user with a validation certificate indicating that the overwriting procedure was completed properly. Data erasure software should also comply with requirements to erase hidden areas, provide a defects log list, and list bad sectors that could not be overwritten.

Overwriting Standard Date Overwriting Rounds Pattern Notes
U.S. Navy Staff Office Publication NAVSO P-5239-26[11] 1993 3 A character, its complement, random Verification is mandatory
U.S. Air Force System Security Instruction 5020[12] 1996 4 All 0s, all 1s, any character Verification is mandatory
Peter Gutmann's Algorithm 1996 1 to 35 Various, including all of the other listed methods Originally intended for MFM and RLL disks, which are now obsolete
Bruce Schneier's Algorithm[13] 1996 7 All 1s, all 0s, pseudo-random sequence five times
U.S. DoD Unclassified Computer Hard Drive Disposition[14] 2001 3 A character, its complement, another pattern
German Federal Office for Information Security[15] 2004 2-3 Non-uniform pattern, its complement
Communications Security Establishment Canada ITSG-06[16] 2006 3 All 1s or 0s, its complement, a pseudo-random pattern For unclassified media
NIST SP-800-88[17] 2006 1 ?
U.S. National Industrial Security Program Operating Manual (DoD 5220.22-M)[10] 2006 ? ? No longer specifies any method.
NSA/CSS Storage Device Declassification Manual (SDDM)[18] 2007 0 ? Degauss or destroy only
Australian Government ICT Security Manual[19] 2008 1 ? Degauss or destroy Top Secret media
New Zealand Government Communications Security Bureau NZSIT 402[20] 2008 1 ? For data up to Confidential
British HMG Infosec Standard 5, Baseline Standard ? 1 All 0s Verification is optional
British HMG Infosec Standard 5, Enhanced Standard ? 3 All 0s, all 1s, random Verification is mandatory

Data can sometimes be recovered from a broken hard drive. However, if the platters on a hard drive are damaged, such as by drilling a hole through the drive (and the platters inside), then data can only be recovered by bit-by-bit analysis of each platter with advanced forensic technology. Seagate is the only company in the world to have credibly claimed such technology, although some governments may also be able to do this.[citation needed]

Number of overwrites needed

Data on floppy disks can sometimes be recovered by forensic analysis even after the disks have been overwritten once with zeros (or random zeros and ones).[21] This is not the case with modern hard drives:

  • According to the 2006 NIST Special Publication 800-88 Section 2.3 (p. 6): "Basically the change in track density and the related changes in the storage medium have created a situation where the acts of clearing and purging the media have converged. That is, for ATA disk drives manufactured after 2001 (over 15GB) clearing by overwriting the media once is adequate to protect the media from both keyboard and laboratory attack."[17]
  • According to the 2006 CMRR Tutorial on Disk Drive Data Sanitization Document (p. 8): "Secure erase does a single on-track erasure of the data on the disk drive. The U.S. National Security Agency published an Information Assurance Approval of single pass overwrite, after technical testing at CMRR showed that multiple on-track overwrite passes gave no additional erasure."[22] "Secure erase" is a utility built into modern ATA hard drives that overwrites all data on a disk, including remapped (error) sectors.
  • Further analysis by Wright et al. seems to also indicate that one overwrite is all that is generally required.[23]

See also

Notes

  1. ^ Fontana, John (2006-11-02). "Average data breach costs companies $5 million". Network World. http://www.networkworld.com/news/2006/110206-data-breach-cost.html. Retrieved 2010-07-20. 
  2. ^ Evers, Joris (2005-06-19). "Credit card breach exposes 40 million accounts". CNET News. ZDNET. http://www.zdnet.com.au/credit-card-breach-exposes-40-million-accounts-139197997.htm. Retrieved 2010-07-20. 
  3. ^ Powers, Mary (2008-02-13). "Laptops missing with IDs of donors". Memphis Commercial Appeal. http://www.commercialappeal.com/news/2008/feb/13/missing-lifeblood-laptops-personal-information-tho/. Retrieved 2010-07-20. 
  4. ^ Sharp, David (2008-03-17). "Breach exposes 4.2 million credit, debit cards.". Associated Press. MSNBC.com. http://www.msnbc.msn.com/id/23678909/. Retrieved 2010-07-20. 
  5. ^ Vijayan, Jaikumar (2008-03-21). "Programmer who stole drive containing 1 million bank records gets 42 months". Computer World. Retrieved 2010-07-20.
  6. ^ "UF warns patients of security breach". Jacksonville Business Journal. 2008-05-20. Retrieved 2010-07-20.
  7. ^ "OKC buyer finds sensitive information on server". Tulsa World. Associated Press. 2008-05-21. http://www.tulsaworld.com/news/article.aspx?articleID=20080521_12_OKLAH32253. Retrieved 2010-07-20. 
  8. ^ "Is America exporting a huge environmental problem?". 20/20. ABC News. 2006-01-06. http://abcnews.go.com/2020/Technology/story?id=1479506. Retrieved 2010-07-20. 
  9. ^ "NSA/CSS Storage Device Declassification Manual" (PDF). NSA. http://www.nsa.gov/ia/_files/government/MDG/NSA_CSS_Storage_Device_Declassification_Manual.pdf.  This Manual 912 supersedes NSA/CSS Manual 1302, dated 10 November 2000.
  10. ^ a b "U.S. National Industrial Security Program Operating Manual (DoD 5220.22-M)". dtic.mil. DOD National Industrial Security Program. 2006. Archived from the original on 2008-08-22. http://web.archive.org/web/20080822052147/http://www.dtic.mil/whs/directives/corres/pub1.html. 
  11. ^ "Navy Remanence Regulation, U.S. Navy Publication NAVSO P-5239-26". Fas.org. U.S. Navy Staff Office. 2008-05-30. http://www.fas.org/irp/doddir/navy/5239_26.htm. Retrieved 2010-07-20. 
  12. ^ "Air Force System Security Instruction 5020 - Remanence Security". JYA.com. 1996. http://jya.com/afssi5020.htm. Retrieved 2010-07-20. 
  13. ^ Schneier, Bruce (1996). Applied Cryptography. New York: Wiley. p. 229. ISBN 0471128457. 
  14. ^ "Unclassified Computer Hard Drive Disposition" (PDF). U.S. DoD. 2001. http://iase.disa.mil/policy-guidance/asd_hd_disposition_memo060401.pdf. Retrieved 2010-07-20. 
  15. ^ [1]. German Federal Office for Information Security, 2004.[dead link]
  16. ^ "Clearing and Declassifying Electronic Data Storage Devices ITSG-06" (PDF). Communications Security Establishment Canada. July 2006. http://www.cse-cst.gc.ca/documents/publications/itsg-csti/itsg06-eng.pdf. 
  17. ^ a b Kissel, Scholl, Skolochenko, Li (September 2006). "SP800-88 Guidelines for Media Sanitization" (PDF). Computer Security Division, Information Technology Laboratory. NIST. http://csrc.nist.gov/publications/nistpubs/800-88/NISTSP800-88_rev1.pdf. Retrieved 2010-07-20. 
  18. ^ "Storage Device Declassification Manual" (PDF). NSA. http://www.nsa.gov/ia/_files/government/MDG/NSA_CSS_Storage_Device_Declassification_Manual.pdf. 
  19. ^ "Australian Government Information Security Manual (ISM)"]. Defence Signals Directorate. 2006. http://www.dsd.gov.au/library/infosec/ism.html. Retrieved 2010-07-20. 
  20. ^ "New Zealand Security of Information NZSIT 402". Government Communications Security Bureau. 2008. http://www.gcsb.govt.nz/newsroom/nzsits.html. Retrieved 2010-07-20. 
  21. ^ Gutmann, Peter (1996). "Secure Deletion of Data from Magnetic and Solid-State Memory". Department of Computer Science, University of Auckland. http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html. Retrieved 2010-07-20. 
  22. ^ Hughes & Coughlin (2007). "Tutorial on Disk Drive Data Sanitization" (PDF). CMRR. http://cmrr.ucsd.edu/people/Hughes/DataSanitizationTutorial.pdf. Retrieved 2008-06-10. 
  23. ^ Wright, Craig; Kleiman, Dave; Sundhar R.S., Shyaam (December 2008). R. Sekar, R.; Pujari, Arun K.. ed. "Overwriting Hard Drive Data: The Great Wiping Controversy". Information Systems Security: 4th International Conference, ICISS 2008 (Springer-Verlag New York, LLC) 5352: 243–257. doi:10.1007/978-3-540-89862-7_21. ISBN 978-3-540-89861-0.  (Preview at Google Books).

Wikimedia Foundation. 2010.

Look at other dictionaries:

  • Data security — is the means of ensuring that data is kept safe from corruption and that access to it is suitably controlled. Thus data security helps to ensure privacy. It also helps in protecting personal data. Data security is part of the larger practice of… …   Wikipedia

  • Data remanence — is the residual representation of data that remains even after attempts have been made to remove or erase the data. This residue may result from data being left intact by a nominal file deletion operation, by reformatting of storage media that… …   Wikipedia

  • Data recovery — is the process of salvaging data from damaged, failed, corrupted, or inaccessible secondary storage media when it cannot be accessed normally. Often the data are being salvaged from storage media such as internal or external hard disk drives,… …   Wikipedia

  • Data Shredder — Developer(s) CBL Datenrettung Stable release 1.0.1 / April 3, 2007; 4 years ago (2007 04 03) Operating system Windows, MS DOS x86 …   Wikipedia

  • Data management — comprises all the disciplines related to managing data as a valuable resource. Contents 1 Overview 2 Topics in Data Management 3 Body Of Knowledge 4 Usage …   Wikipedia

  • Erasure code — In information theory, an erasure code is a forward error correction (FEC) code for the binary erasure channel, which transforms a message of k symbols into a longer message (code word) with n symbols such that the original message can be… …   Wikipedia

  • Data Protection Directive — The Data Protection Directive (officially Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data) is a European Union directive which regulates the processing of… …   Wikipedia

  • erasure — e|ra|sure [ıˈreıʒə US ʃər] n [U] formal when you erase something, or when something is erased ▪ a way to avoid accidental erasure of data from your computer …   Dictionary of contemporary English

  • data safety — protection of data from unauthorized users, means of preventing erasure or alteration of data …   English contemporary dictionary

  • Chorus (Erasure album) — Chorus Studio album by Erasure Released 14 October 1991 …   Wikipedia


Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”

We are using cookies for the best presentation of our site. Continuing to use this site, you agree with this.