The Physical and Logical Destruction of military SSD drive



For military applications, data security concerns military secrets or even decides the outcome of the war. Especially in modern warfare, on the one hand, countries go all out to develop more advanced and safer electronic systems, and on the other hand, they try every means to decrypt each other’s systems. And yet, as the data medium, the hard disks try all encryption means to prevent being decrypted and meanwhile pay closely attention to quick erase or data destruction under various emergency environments.

Initial news of a contract between IBM and DARPA (Defense Advanced Research Project Agency) asks IBM to develop a “new class of electronics that the computers, sensors and other network devices could disappear automatically based on the command”. When the commander sits in the command post with his feet up, he can just simply tap a button and the mobile phones, computers and all other devices in this controllable network could turn to ashes…

While technically this is obviously not just science fiction, we have got various weird demands and those technologies already realized are not lower than this at all.

Data Destruction Classification

In general, data destruction is divided into two types:

One is Logical Destruction which destroys the data only but not the physical chipsets, SSD is reusable just after destructing the data or re-implanting firmware.

Logical Destruction can be classified into two categories: one is Quick Destruction (namely Fast Purge), another one is over-writing which usually takes several hours depending on the SSD capacity. These data destruction methods can be implemented by software, but mostly by hardware.
Generally Quick Erase is not actually erasing data, thus it is risky at some level, but it is inevitable and important under urgent environments.


Another one is Physical Destruction with chipsets inside burned directly, data recovery is impossible in this way.

Physical Destruction generally utilizes the following means: Hammer or other heavy stuff for crush, strong acid for destruction, explosive to destroy it or high voltage to burn the chipsets.

Approaches for Data Destruction

In general, both logical and physical data destruction can be implemented through specified pin or a hardware button if the host system and SSD device unify the pin definition.

It is necessary to set misoperation time for the destruction through hardware button, normally a few seconds before triggering the destruction function.

Physical destruction by high voltage is much more difficult than logical destruction, and the more difficult part is how to ensure every piece of NAND flash chipset being burned up. Theoretically, it can be easily realized by several means to burn the chipsets one by one, while in view of practice, burning up one chipset usually takes long time and may not continue burning the next chipset thereafter or maybe there’s some chipset failed to be burned up. 


Destruction Standards

The data destruction standard in each country maybe different, some countries require over-writing for 7 times while some others require for 4 times, and some countries regard deleting the encryption key as secure destruction. The security department in each country has different requirements for data destruction standards and methods, so just implement corresponding mechanism for SSD solutions.


Application Scenarios

I. Acceleration Sensing Physical Destruction SSD

This is an application in some country’s warcraft, the design purpose is to prevent military data leaks when the warcraft is shot down. In such case, the pilot is probably dead, or even if he is still alive, then he can use the limited time for escape but no need to destruct the data by himself with sacrificing the chance of survival. When the craft starts falling down, the accelerometer in the SSD would sense the acceleration and triggers the data destruction automatically when reaching the preset threshold value to destruct the SSD physically, no need manual operation during the whole process. Even if the enemy finds the crashed warcraft, the internal military data has vanished.

II. Remote Destruction

Remote Destruction is getting pretty common, even iPhone support remote data destruction function and many SSD solutions also utilizes a SIM card internally to implement the remote destruction function. Therefore the data destruction by means of sending messages is quite “low” among present technologies. 

For military applications especially outdoor ones, utilizing GPS (e.g.BeiDou in China) can also realize remote positioning and destruction, and more reliable. It requires authorization to use GPS, navigation system is usually one-way communication which can only receive satellite signal but not send signal to satellite, the military can execute remote destruction through satellite after getting authorized.  

Whether it is GPS or SIM card, the signal problem is faced in both cases.

III. Automatic Destruction When Leaving the Specified Location

Restrict the use of the disk in a certain area (e.g. inside the Command Post), the destruction program will start automatically when the computer is detected leaving out of the distance of the specified location.

IV. Physical Destruction Continues after External Power Supply Being Cut off

When the external power supply is cut off during executing data destruction, SSD will continue to finish the process using the reserved power offered by built-in batteries or capacitors.


V. Unfinished Destruction Continues after Retry Powering on the Disk

When the external power supply is cut off during the data destruction process, the destruction will be stopped, but it will continue the unfinished part after retrying powering on the SSD.

The disadvantage for this method is that there is a potential risk for the un-destructed data to be recovered if the enemy decodes data through disassembling the NAND Flash chips. 

VI. Re-Define Pin Assignment, SSD Starts Destruction When Connecting to a New Device after Leaving the Original Device

The SSD is bounded together with the client’s hardware, thus the SSD is irregular, and it will be burned when connected to other devices for decoding data if the enemy doesn’t know the pin definition.    



Renice (www.renice-tech.com) has exiting solution for options, welcome to contact May Lau at may@renice-tech.com. 

Comments

Post a Comment

Popular posts from this blog

Renice r-Backup® Power Failure Protection of SSD

Image
rBackup (Rapid Backup) refers to a technique of how to flush data stored in DDR into NAND Flash within a very short period. It is developed by Renice to solve the problem that regular power failure protecting mechanism (based on super capacitor or tantalum capacitor) does not work when capacitor ages with power less than initial design as time goes by. Background Mainstream SSD deploy SDRAM or DDR to improve the R/W speed. That follows the issue of data loss or mapping table loss when sudden power failure occurs. To guarantee the data integrity, usually SSD makers design a power failure protecting mechanism based on Super-Capacitor or Tantalum Capacitor, which will work as backup power for SSD in power failure circumstance. This design seems to be perfect to balance the performance and reliability. However there is a potential hazard behind it in real application. Both Super-Capacitor and Tantalum Capacitor keep aging as charge & discharge times increase. Common warranty pe...
Read more

About SSD AES-encryption

Self-encrypting drives use an encryption engine built into the SSD’s controller to encrypt every file stored on the drive. The purpose of AES Encryption is to convert standard input data known as plaintext to an unintelligible output known as cipher text. So if AES encryption on SSD used for data randomization function only, it only provides some data protection in the sense that if the controller is damaged, a 3rd party would not be able to read the data on the flash. In normal usage, however, there would be no data protection as any party that is in possession of the drive can read the data. Methods of using AES on SSD to Secure Data Hardware-based Encryption Self-encrypting drives include dedicated AES encryption engines that do not require software to run on the host. The randomized AES encryption keys are generated at product initialization using the controller’s true random number generator and encrypted in the SSD. This could also be implemented by a Trusted Platform Modu...
Read more

How to extend SSD life expectancy by 3 folds? Renice Non-Balance Wear Leveling Algorithm

Image
The first portion of this article introduces the background of wear leveling and some commonly used algorithm while the second portion covers a kind of wear leveling that can prolong life by three folds: Non-balance Algorithm. Experts may skip directly to the later portion. In order to prolong the life cycle of NAND flash by avoiding some blocks being frequently erased and becoming bad blocks rapidly while the existence of other less erased blocks will cause an unbalance Program/Erase situation that shorten the overall SSD product life as a drawback. There are various algorithm towards wear leveling and garbage collection raised by NAND flash practitioner as strategy to avoid these potential problems. Background of Wear Leveling Algorithm The wear leveling algorithm is based on the basic characteristics of flash memory: 1. Do not support local update (outplace-update that is data in original location cannot be overwrite or change directly, this data will need to be relocated t...
Read more