Data Recovery from “Scrubbed” NAND Flash Storage: Need for Analog Sanitization

Md Mehedi Hasan and Biswajit Ray

Department of Electrical and Computer Engineering, University of Alabama in Huntsville, Huntsville, AL 35899 USA Outline

• Motivation and background Flash Translation Layer (FTL) NAND memory system Address Error Wear State-of-the-art sanitization methods Mapping Correction Leveling Threat model Scrubbed image • Experimental evaluation Original image Recovered image

Attack demonstration Overwrite Partial Bit recovery efficiency Erase Erase

• New ideas and conclusion 1. Reprogram all bits to a higher value 2. History dependent erase Page-level analog sanitization Future work Motivation: Preserving user privacy

According to the Data Protection Act (DPA) 2018, the deletion of information must be real

Flash is ubiquitous Unfortunately, flash users don’t have the capability for instant data sanitization

Data remains in the non-volatile flash media long after user-deletion Background: NAND flash memory system

Solid State Drive Memory cell File System Control Gate Blocking Oxide I/O with logical address - - - - - Floating Gate Flash Translation Layer (FTL) - - - - - Memory Tunnel Oxide Controller Address Error Wear Mapping Correction Leveling Source Drain Si- Substrate Garbage Collection

I/O with physical address Vref Memory Program state Chip Erase state ….. 1 0

block page NAND Array Threshold voltage

Flash is a charge based analog memory Why instant-sanitization is a problem?

Bit Line Copy valid pages to a new block Select Gate 1 block

WL N Deleted page 1111111111…. Valid page-1 Valid page-1 1111111111…. Valid page-2 1 page Deleted page 1111111111…. Valid page-3 Deleted WL 1111111111…. 2 pages Block erase WL1 Valid page-2 1111111111…. Empty page 1 cell Valid page-3 1111111111…. Empty page WL0 Select Old block Old block New block Gate

Ground • Erase takes place block by block • Hefty overhead is involved for using block erase • Write/read happens page by page • No command is available for page deletion State-of-the-art sanitization methods

1) Logical sanitization Invalid page address 2) Encryption based sanitization Data block Key storage block 00101001001 00101001001 Encrypted page Valid page-1 Update page- Valid address Encrypted page Other file’s key 011100010101 mapping table 011100010101 Encrypted page Other files key Valid Valid pages addresses Empty page Empty page Empty page Empty page Empty page Empty page Empty page Empty page Not secure 3) Over-write based sanitization Key points: 00101001001 0x0000000.. • Logical sanitization is quick but not secure Valid page-1 Valid page-1 • Encryption techniques are used in high end 011100010101 All-zero overwrite 0x0000000.. Valid Valid system. It also needs key-sanitization. pages pages • All-zero overwrite offers page level digital Empty page Empty page sanitization Empty page Empty page Does all-zero overwrite ensure true sanitization?

Digital: Old zero New zero After After Page n 1 0 1 1 1 0 1 0 1 0 0 1 1 1 0 1 1 1 0 1 0 1 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 few days overwriting

횫퐕퐭 Analog: 푽풓풆풇 푽풓풆풇 푽풓풆풇

Erased state Programmed state Erased state Programmed state Weak “0” Strong “0”

1 0 1 0

Threshold Voltage Threshold Voltage Threshold Voltage

Key points: • Flash memory slowly loses charge due to data retention effects • All-zero overwrite crates strong and weak zeros with different threshold voltages Threat model and experimental set-up

Flash memory chips Adversarial Model and Assumptions: • Adversary has physical access to the flash chip • Adversary can perform low-level memory operation

Our Experimental Set-up

Flash memory chip TSOP Socket Interface device Computer interface Outline

Attack demonstration Overwrite Partial Bit recovery efficiency Erase Erase

• New ideas and conclusion 1. Reprogram all bits to a higher value 2. History dependent erase Page-level analog sanitization Future work System commands to probe analog properties

Method-1: Read Retry Method-2: Partial Erase

Shifting the read reference level RESET command Terminate erase prematurely status

푽풓풆풇 푽풓풆풇 Erase Erase Erased state Weak “0” Strong “0” Erase Weak “0” Strong “0” 1ms 3ms Time state 1 0 1 0

Threshold Voltage Threshold Voltage

Key points: Key points: • Many SLC chips do not offer this feature • Prior characterization of partial erase • Very small voltage (Vref) shifts are allowed time is needed Results: Data recovery process

Data recovery process

Original image Image after bake Scrubbed image Recovered image (inverted)

Digital 3 hrs bake All-zero Partial @120 0C Scrubbing Erase

(a) (b) (c) (d)

Vref Programmed state ref ref Vref V Erased (after DR) V Weak “0” Erased Programmed state Strong “0” Weak “0” Analog state state Strong “0” 0 1 0 1 0 0 1 0 V V V (a’) V (b’) (c’) (d’)

Results: Bit accuracy of recovered image

Bit accuracy (%) accuracy Bit Bit accuracy (%) accuracy Bit

Micron 8Gb SLC chip Toshiba 2Gb SLC chip Micron 4Gb SLC chip

Partial erase time (ms) Bake time (hour) Key points: • Approximately 70% bits are correct in the recovered image • Higher the bake time more is recovery efficiency • All the bits are not recoverable due to overlap in Vt distribution Outline

Attack demonstration Overwrite Partial Bit recovery efficiency Erase Erase

• New ideas and conclusion 1. Reprogram all bits to a higher value 2. History dependent erase Page-level analog sanitization Future work Ideas for analog sanitization

Idea-1: Reprogram all the bits to a higher threshold voltage level

Vref Vref Key points: Weak Strong New “0” Erase • Need design change of flash chip “0” “0” Analog sanitization • Not possible with current chips state 1 0 0 0

Threshold Voltage Threshold Voltage

Idea-2: Create weak zeros during all-zero overwrite using page creation history

Vref Key points: Vref Old “0” Weak Strong • Use partial program for weak-zero Erase “0” “0” Analog sanitization New “0” creation 1 0 state 0 • Partial program time depends on state-decay model Threshold Voltage Threshold Voltage Conclusion and future work

1) All-zero overwrite is vulnerable Future Work: 횫퐕 푽풓풆풇 퐭 1. Attack demonstration on MLC, TLC and 3D NAND Weak “0” Strong “0” 2. Experimental evaluation of the new ideas

Threshold Voltage 2) New ideas for page-level analog sanitization 1. Reprogram all bits to high voltage 2. History dependent weak-zero erase Thank You Mr. Md Mehedi Hasan Dr. Biswajit Ray

email: [email protected] email: [email protected]