take the liberty... -oli
-------- Original Message -------- Subject: Re: [liberationtech] secure wipe of flash memory Date: Sun, 15 Jul 2012 11:17:59 -0400 From: Nathan <nat...@freitas.net> To: oli <o...@cryptosms.org> Can't reply to list right now, but feel free to forward. Generally agree that encryption by default is the best answer. However, if you look at the j2me/blackberry version of InTheClear, after deleting data, it begins to fill up all free space on internal and external storage with zeros or random data. This can help address the flash memory issue. We have not implemented this feature yet on Android but hope to in a future release. You can also achieve this on a smartphone by recording an HD video multiple times over to the full limit of your sdcard. If you really want to have some fun with potential adversaries, rename that video file SecretPlans.gpg! Best, Nathan oli <o...@cryptosms.org> wrote: >hi all, > >I came across a problem which seems to reamin unresolved but not taken >seriously by many liberation tech coders. maybe this has been discussed >already some years ago, but i think it might be good to rediscuss it >anyway, since flash memory use is growing rapidly. > >Flash memory is using a technique called wear leveling [1], which uses >all physical blocks of the sd card equally to prolong its life time. A >side effect of this smart approach is that it becomes nearly impossible >for wiping applications to overwrite all blocks that were used by one >file since they are distributed almost randomly across the memory card >and the controller between the physical and logical level would not >allow an application to access the physical layer directly. > >If it is okay to delete the whole card or whatever incarnation of flash >you have there, the scene is a bit different as the wear leveling logic >will write data on all blocks albeit not in any order you can trace. > >There are many applications around that claim to secure wipe flash, I >only pick this one, because I like the guardian project and take >anything happening there seriously: the app Data Wipe (“Poison Pill”) [2]. > >On http://lab.safermobile.org/wiki/InTheClear it says: > >"Data Wipe > >While Emergency SMS is designed to send alert messages to your contacts, >Data Wipe helps protect you and your personal network by removing >sensitive information from your device just as easily. A mobile device >is often the first personal article confiscated by authorities, and it >only takes a browse through your list of contacts to discover your >social network. This puts others in your social networks at immediate >risk as well. While some mobile devices provide easy ways to erase or >hide address books, performing this action manually can take time that >is often not available. Data Wipe lets you pre-configure a specific set >of rules to erase or overwrite your personal data at a moment's notice." > >This is not possible: to overwrite specific blocks of flash memory. the >controller doesnt allow direct access. > >Here you find one of the android version's lines of code that "wipe": > >https://github.com/guardianproject/InTheClear/blob/master/projects/android/src/org/safermobile/intheclear/data/PIMWiper.java > >I see the point of this app and it might be really helpful vis-a-vis non >trained attacks. But once the phone is in a forensic lab, one can bypass >the flash controller and access the physical layer directly, retrieving >all the data that was "wiped" with this app. > >See "Data Remanence in Semiconductor Devices" for a longer discussion >by Peter Gutmann: http://www.cypherpunks.to/~peter/usenix01.pdf > >If I am right, then the only real solution is to safe sensitive data on >e.g. smartphones in an encrypted container from the start. But how can >you make sure, that some dump app doesnt write it into a tmp directory >while you are working on it? Only by full disk encryption, I guess, then >it doesnt matter. > >-oli > >[1] https://en.wikipedia.org/wiki/Wear_leveling > >[2] https://guardianproject.info/apps/ >_______________________________________________ >liberationtech mailing list >liberationtech@lists.stanford.edu > >Should you need to change your subscription options, please go to: > >https://mailman.stanford.edu/mailman/listinfo/liberationtech > >If you would like to receive a daily digest, click "yes" (once you click >above) next to "would you like to receive list mail batched in a daily digest?" > >You will need the user name and password you receive from the list moderator >in monthly reminders. You may ask for a reminder here: >https://mailman.stanford.edu/mailman/listinfo/liberationtech > >Should you need immediate assistance, please contact the list moderator. > >Please don't forget to follow us on http://twitter.com/#!/Liberationtech _______________________________________________ liberationtech mailing list liberationtech@lists.stanford.edu Should you need to change your subscription options, please go to: https://mailman.stanford.edu/mailman/listinfo/liberationtech If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?" You will need the user name and password you receive from the list moderator in monthly reminders. You may ask for a reminder here: https://mailman.stanford.edu/mailman/listinfo/liberationtech Should you need immediate assistance, please contact the list moderator. Please don't forget to follow us on http://twitter.com/#!/Liberationtech
