Secure Data Deletion for USB Flash Memory Contents

Secure Data Deletion for USB Flash Memory 성균관대학교 윤 재 성 시스템 컨설턴트

Contents NOR vs NAND Sun et al. 's method Lee et al. ’s method Proposed method 비교 및 결론 YAFFES Strict. Mode Page 2

NOR vs NAND Differences between NOR and NAND NOR NAND Write Unit Byte or Word Page Erase Unit Block Page Size - 4 KB(typically) # of Page per Block - 32 KB(typically) Block Size 64 KB(typically) 128 KB(typically) Block Endurance 104 - 105 times 104 - 106 times `NOR : byte or word 단위로 읽기/쓰기를 하며, random access 방식 `NAND : Page단위로 읽기/쓰기를 하며, page단위의 순차적인 접근방식을 사용 Page 3

Sun et al. 's method(Hybrid method) Zero-overwrite process Deleted page 0 x 00 Valid page Deleted page 0 x 00 … … Empty page block Page 4 zero-overwrite block

Sun et al. 's method(Hybrid method) Block erase process Page 5 Deleted page 0 x. FF Valid page 1 0 x. FF Valid page 2 Deleted page 0 x. FF Valid page 3 … 0 x. FF … Valid page 2 0 x. FF Empty page Valid page 3 0 x. FF Empty page block other block

Lee et al. ’s method(Encryption method) Data storing in encryption method Encryption key Store on header block Encrypted page Other file’s key 1 Encryption Data Page 6 Empty page Other file’s key 2 … … Data block Header block

Lee et al. ’s method(Encryption method) Data deletion in encruption method Copy to another header block Ox. FF Other file’s key 1 Other file’s key 2 Ox. FF Empty page … Ox. FF … Header block Encrypted page Empty page … Page 7 Data block Encrypted page Empty page … Data block

Proposed method Key generation process Step 1 CSPRNG() FEKi Used to encrypt files File Encryption Step 2 EMaster. Key(FEKi) Master. Key N-times Hash Func User password Page 8 … Header Block

Proposed method Key generation process Step 1 CSPRNG() FEKi Cryptographically seucre pseudo-random number generator ANSI 표준(X 9. 82, NIST SP 800 -90 and PKCS#14) FEKi = CSPRNG() Page 9

Proposed method Key generation process Step 2 EMaster. Key(FEKi) Master. Key N-times Hash Func User password … Header Block SHA-1과 같은 해쉬함수를 사용 Brute Force를 방해하기 위해 적어도 1000이상 수행 Masterkey = Hn(user password) =>EMaster key (FEKi) Page 10

Proposed method Data encryption process Page 11

Proposed method Data deletion(Overwrite process) Encrypted page Other file’s key 1 Empty page Other file’s key 2 … … Data block Header block Overwrite with 0 x 00 Encrypted page Other file’s key 1 Page 12 Empty page Other file’s key 2 … 0 x. FF Data block Header block

Proposed method Data deletion(Eraseure process) 0 x 00 Overwrite with 0 x 00 0 x. FF Erase 0 x. FF 0 x 00 0 x. FF Header block Page 13

Proposed method Data store FEKi Stored on header block Encrypted page Data Page 14 Encryped Data Encrypted page . . . Empty page . . . … … Data block Header block

YAFFES(2/7) Chunk 구조 Page 20

YAFFES(3/7) Chunk 구조 Page 21

YAFFES(5/7) 메인 메모리 구조 Page 23

YAFFES(6/7) YAFFES Object Data Structure Page 24

YAFFES(7/7) YAFFES Object Data Structure Page 25

Strict. Mode [사용 예] Strict. Mode의 정의 - 전체 어플리케이션에 Strict. Mode 설정 진저브래드에서부터 public void on. Create() { 추가된 일종의 개발툴로 개발자가 실수하는 것들을 if (DEVELOPER_MODE) 감지하고 해결할해결 할 {수 있도록 돕는 모드 Strict. Mode. set. Thread. Policy(new Strict. Mode. Thread. Policy. Builder() (실재로 수정하지는 않음 단지 알려줌) . detect. Disk. Reads() . detect. Disk. Writes() . detect. Network() Strict. Mode의 주요기능 // or. detect. All() for all detectable problems . penalty. Log() 메인 스레드에서 디스크 접근, 네트워크 접근등의 비효율적인 작업을 . build()); 하려는Strict. Mode. set. Vm. Policy(new 것을 감지하여 프로그램 이 부드럽게 작동하도록 돕고, 빠른 응답을 Strict. Mode. Vm. Policy. Builder() 가지도록 함. detect. Leaked. Sql. Lite. Objects() . detect. Leaked. Closable. Objects() 안드로이드의. penalty. Log() 파일 시스템인 YAFFS(Yet Another Flash File System) 파일 시스템은. penalty. Death() I/O 작업을 할 때 Global 범위의 lock이 사용됨. . build()); 간단히 말하면 전체 디바이스 상에서 오직 한 번에 하나의 디스크작업만이 } super. on. Create(); 가능한 것 } 26 Page