A survey of confidential data storage and deletion methods

ACM Computing Surveys

Volumn 43, Issue 1, 2010, Pages

  Diesburg, Sarah M ^a   Wang, An I Andy ^a  

^a Florida State University   (United States)

Author keywords

Data overwriting techniques; Data theft; Personal privacy; Secure deletion; Secure erasure

Indexed keywords

CRIME; HARD DISK STORAGE; PERSONAL COMPUTING; SURVEYS;

CONFIDENTIAL DATA; DATA OVERWRITING TECHNIQUE; DATA STORAGE; DATA THEFTS; DELETION METHODS; PERSONAL PRIVACY; SECURE DELETION; SECURE ERASURES; SENSITIVE DATAS; STORAGE MEDIUM;

SENSITIVE DATA;

EID: 78650122777     PISSN: 03600300     EISSN: 15577341     Source Type: Journal    
DOI: 10.1145/1824795.1824797     Document Type: Article

References (108)

1. ADYA, A., BOLOSKY, W. J., CASTRO, M., CERMAK, G., CHAIKEN, R., DOUCEUR, J. R., HOWELL, J., LORCH, J. R., THEIMER, M., AND WATTENHOFER, R. P. 2002. FARSITE: Federated, available, and reliable storage for an incompletely trusted environment. In Proceedings of the 5th Symposium on Operating Systems Design and Implementation. 1-14.
2. ARPACI-DUSSEAU, A. C., ARPACI-DUSSEAU, R. H., BAIRAVASUNDARAM, L. N., DENEHY, T. E., POPOVICI, F. I., PRABHAKARAN, V., AND SIVATHANU, M. 2006. Semantically-smart disk systems: past, present, and future. ACM SIGMETRICS Perform. Eval. Rev. 33 , 4.
3. BAUER, S. AND PRIYANTHA, N. B. 2001. Secure data deletion for Linux file systems. In Procceding of the 10th USENIX Security Symposium. USENIX Association, Berkeley, CA, 153-164.
4. BELAL, A. AND ABDEL-GAWAD, M. 2001. 2D-encryption mode. In Procceding of the 2nd NIST Modes of Operation Workshop.
5. BENNISON, P. AND LASHER, P. 2004. Data security issues relating to end of life equipment. In Procceding of the IEEE International Symposium on Electronics and the Environment. IEEE, Los Alamitos, CA, 317-320.
6. BLAZE, M. 1993. A cryptographic file system for UNIX. In Proceedings of the 1st ACM Conference on Computer and Communications Security (CCS'93). ACM, New York, 9-16.
7. BOHMAN, T. 2007. Critical recording benefits from cryptic measures. VME Critical Syst. 26-28.
8. BOYKO, V. 1999. On the security properties of OAEP as an all-or-nothing transform. In Proceedings of Advances in Cryptology (Crypto'99). Springer, Berlin, 503-518.
9. CAMPBELL, C. 1978. Design and specification of cryptographic capabilities. In National Bureau of Standards Special Publications, D. Branstad et al. Eds., U.S. Department of Commerce, Washington, D.C., 54-66.
10. CATTANEO, G., CATUOGNO, L., DEL SORBO, A., AND PERSIANO, P. 2001. The design and implementation of a transparent cryptographic filesystem for UNIX. In Proceedings of the Annual USENIX Technical Conference. USENIX Association, Berkeley, CA, 245-252.
11. CHAUM, D., AND EVERTSE, J.-H. 1985. Cryptanalysis of DES with a reduced number of rounds sequences of linear factors in block ciphers. In Proceedings of Advances in Cryptology (Crypto'85). Lecture Notes in Computer Science, vol. LNCS 218, Springer, Berlin, 192-211.
12. CHOW, J., PFAFF, B., GARFINKEL, T., CHRISTOPHER, K., AND ROSENBLUM, M. 2004. Understanding data lifetime via whole system simulation. In Proceedings of the 12th USENIX Security Symposium. USENIX Association, Berkeley, CA, 2004.
13. CHOW, J., PFAFF, B., GARFINKEL, T., AND ROSENBLUM, M. 2005. Shredding your garbage: Reducing data lifetime through secure deallocation. In Proceedings of the USENIX Security Symposium. USENIX Association, Berkeley, CA, 331-346.
14. DARIK'S BOOT AND NUKE. 2008. Homepage. http://dban.sourceforge.net/.
15. DOWDESWELL, R. AND IOANNIDIS, J. 2003. The CryptoGraphic disk driver. In Proceedings of the Annual USENIX Technical Conference (FREENIX Track). USENIX Association, Berkeley, CA, 179-186.
16. DUMESNIL, A. 2008. e2compr homepage. http://e2compr.sourceforge.net.
17. DWORKIN, M. 2001. Recommendation for block cipher modes of operation, methods and techniques. NIST Special Publication 800-38A. National Institute of Standards and Technology. http://www.csrc.nist.gov/publications/nistpubs/800- 38a/sp800-38a.pdf.
18. FEDERAL TRADE COMMISSION. 1999. Gramm-Leach-Bliley Financial Services Modernization Act, Pub. L. No. 106-102, 113 Stat. 1338, codified at 15 U.S.C. §§6801-09.
19. FERGUSON, N., SCHROEPPEL, R., AND WHITING, D. 2001. A simple algebraic representation of Rijndael. In Proceedings of Selected Areas in Cryptography. Lecture Notes in Computer Science, vol. 2259, Springer, Berlin, 103-111.
20. FERGUSON, N. 2006. AES-CBC + Elephant diffuser: A disk encryption algorithm for Windows Vista. Tech. rep. http://www.microsoft.com/downloads/ details.aspx?FamilyID=131dae03-39ae-48bea8d6- 8b0034c92555&DisplayLang=en.
21. FU, K. 1999. Group sharing and random access in cryptographic storage file systems. Master's thesis, MIT, Cambridge, MA.
22. GARFINKEL, T., PFAFF, B., CHOW, J., AND ROSENBLUM, M. 2004. Data lifetime is a systems problem. In Proceedings of the 11th Workshop on ACM SIGOPS European Workshop: Beyond the PC. ACM, New York.
23. GARLICK, J. 2008. Scrub utility project homepage. http://www.llnl.gov/ linux/scrub/scrub.html.
24. GLIGOR, V. AND DONESCU, P. 2000. On message integrity in symmetric encryption. In Proceeding of the 1st NIST Workshop on AES Modes of Operation.
25. GOH, E., SHACHAM, H., MODADUGU, N., AND BONEH, D. 2003. SiRiUS: Securing remote untrusted storage. In Proceedings of the ISOC Network and Distributed Systems Security Symposium (NDSS). 131-145.
26. GOMEZ, R., ADLY, A., MAYERGOYZ, I., AND BURKE., E. 1992. Magnetic force scanning tunneling microscope imaging of overwritten data. IEEE Trans. Magnetics 28, 5, 3141-3143.
27. GOUGH, V. 2008. EncFS: Encrypted file system. http://arg0.net/wiki/encfs.
28. GRANCE, T., STEVENS, M., AND MYERS, M. 2003. Guide to selecting information security products. NIST special publication 800-36, National Institute of Standards and Technology, Gaithersburg, MD. http://csrc.nist.gov/ publications/nistpubs/800-36/NIST-SP800-36.pdf.
29. GUTMANN, P. 1996. Secure deletion of data from magnetic and solid-state memory. In Proceedings of the 6th USENIX Security Symposium. USENNIX Association, Berkeley, CA, 77-90.
30. HALCROW, M. 2007. eCryptfs: A stacked cryptographic filesystem. Linux J. 156, 2.
31. HARTMAN, J. AND OUSTERHOUT, J. 1995. The Zebra striped network file system. In ACM Trans. Comput. Syst. 13, 3, 274-310.
32. HEWLETT-PACKARD. 2007. Encrypted volume and file system v1.0.02 release notes. Hewlett-Packard. http://docs.hp.com/en/5992-3353/5992-3353.pdf.
33. HALDERMAN, J. A., SCHOEN, S. D., HENINGER, N., CLARKSON, W., PAUL, W., CALANDRINO, J. A., FELDMAN, A. J., APPELBAUM, J., AND FELTEN, E. W. 2008. Lest we remember: Cold boot attacks on encryption keys. In Proceedings of the 17th USENIX Security Symposium (Sec'08). USENIX Association, Berkeley, CA.
34. HALEVI, S. AND ROGAWAY, P. 2003. A tweakable enciphering mode. In Proceedings of the Crypto'03. Lecture Notes in Computer Science, vol. 2729, Springer, Berlin, 482-499.
35. HINES, M. 2007. IRS still losing laptops. InfoWorld. http://www. infoworld.com/article/07/04/05/HNirslostlaptops 1.html.
36. HOHMANN, C. 2008. CryptoFS. http://reboot.animeirc.de/cryptofs/.
37. HOUSLEY, R. 2004. Cryptographic message syntax. Network Working Group RFC 3825, Standards Track. http://www.ietf.org/rfc/rfc3852.txt.
38. HUGHES, G. 2004. CMRR Protocols for disk drive secure erase. http://cmrr.ucsd.edu/people/Hughes/CmrrSecureEraseProtocols.pdf.
39. IRONKEY. 2007. Benefits of hardware-based encryption. https://learn.ironkey.com/docs/IronKey WhitepaperBenefits of Hardware Encryption.pdf.
40. JETICO, INC. 2008. BestCrypt software home page. http://www.jetico.com/.
41. JOUKOV, N. AND ZADOK, E. 2005. Adding secure deletion to your favorite file system. In Proceedings of the 3rd International IEEE Security In Storage Workshop. IEEE, Los Alamitos, CA.
42. JOUKOV, N., PAPAXENOPOULOS, H., AND ZADOK, E. 2006. Secure deletion myths, issues, and solutions. In Proceedings of the 2nd ACM Workshop on Storage Security and Survivability. ACM, New York.
43. KALLAHALLA, M., RIEDEL, E., SWAMINATHAN, R., WANG, Q., AND FU, K. 2003. Plutus: Scalable secure file sharing on untrusted storage. In Proceedings of the 2nd USENIX Conference on File and Storage Technologies (FAST). USENIX Association, Berkeley, CA.
44. KAUFMAN, C., PERLMAN, R., AND SPECINER, M. 2002. Network Security: Private Communication in a Public World 2nd Ed. Prentice Hall, Englewood Cliffs, NJ.
45. KENT, S. AND ATKINSON, R. 1998. Security architecture for the Internet Protocol. Technical rep. RFC 2401. http://www.ietf.org/rfc/rfc2401.txt.
46. KILIAN, J. AND ROGAWAY, P. 1996. How to protect DES against exhaustive key search. In Proceedings of the 16th Annual International Conference on Advances in Cryptology (CRYPTO '96). N. Koblitz Ed., Springer, Berlin, 252-267.
47. KINGSTON TECHNOLOGY. 2008. Data traveler secure. http://www.kingston.com/ flash/dt secure.asp.
48. KLEIMAN, S. R. 1986. Vnodes: An architecture for multiple file system types in Sun UNIX. In Proceedings of the USENIX Annual Technical Conference. USENIX Association, Berkeley, CA, 238-247.
49. KNUDSEN, L. 2000. Block chaining modes of operation. In Proceeding of the Symmetric Key Block Cipher Modes of Operation Workshop.
50. KOCH, W. 2008. The GNU privacy guard. http://www.gnupg.org/.
51. LISKOV, M., RIVEST, R., AND WAGNER, D. 2002. Tweakable block ciphers. In Advances in Cryptology (CRYPTO '02). Lecture Notes in Computer Science, Springer, Berlin.
52. LUBY, M. AND RACKOFF, C. 1988. How to construct pseudorandom permutations from pseudorandom functions. SIAM J. Comput. 17, 2, 373-386.
53. MAZIÈRES, D., KAMINSKY, M., KAASHOEK M., AND WITCHEL, E. 1999. Separating key management from file system security. In Proceedings of the 17th ACM Symposium on Operating System Principles. ACM, New York.
54. MAYERGOYZ, I., SEPRICO, C.,KRAFFT, C., AND TSE, C. 2000. Magnetic imaging on a spin-stand. J. Appl. Phys. 87, 9, 6824-6826.
55. MCNEVIN, G. 2007. 2.9 million US residents at risk of ID theft. Image Data Manager. http://www.idm.net.au/story.asp?id=8270.
56. MENEZES, A., OORSHOT, P., AND VANSTONE, S. 1997. Handbook of Applied Cryptography. CRC Press.
57. MICROSOFT CORP. 2002. Encrypting file system in Windows XP and Windows Server 2003. Tech. rep. http://technet.microsoft.com/en-us/library/bb457065. aspx.
58. MICROSOFT CORP. 2003. Microsoft Office 2003 Eds. Security whitepaper. http://www.microsoft.com/technet/prodtechnol/office/office2003/operate/o3secdet. mspx.
59. MICROSOFT CORP. 2006. Bitlocker drive encryption: Executive overview. Tech. rep. http://technet.microsoft.com/en-us/windowsvista/aa906018.aspx#EQB.
60. MICROSOFT CORP. 2007. How to back up the recovery agent Encrypting File System (EFS) private key in Windows Server 2003, in Windows 2000, and in Windows XP. http://support.microsoft.com/kb/241201.
61. MICROSOFT CORP. 2008. How EFS works. Tech. Rep. 2008. http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/distrib/ dsck efs duwf.mspx? mfr=true.
62. MILLER, E., LONG, D., FREEMAN, W., AND REED, B. 2002. Strong security for network-attached storage. In Proceedings of the 1st USENIX Conference on File and Storage Technologies (FAST). USENIX Association, Berkeley, CA.
63. MOOLENAAR, B. 2008. Vim the editor. http://www.vim.org/.
64. NESTER. 2008. Wipe homepage. http://wipe.sourceforge.net/.
65. NIST. 2007. Proposal to extend CBC mode by "Ciphertext stealing". http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/ ciphertext%20stealing%20proposal.pdf.
66. NIST. 2008. Request for public comments on XTS. National Institute of Standards and Technology, Gaithersburg, MD. http://csrc.nist.gov/groups/ST/ documents/Request-for-PublicComment-on XTS.pdf.
67. OPREA, A. 2007. Efficient cryptographic techniques for securing storage systems. Tech. rep. CMU-CS-07-119, Carnegie Mellon University.
68. OSS-SPECTRUM PROJECT. 2008. Disposition of computer hard drives: Specifications for sanitization of hard drives, Attachment 2. http://www.spectrumwest.com/Attach2.htm.
69. PATTERSON, D., GIBSON, G., AND KATZ, R. 1988. A case for redundant arrays of inexpensive disks. In Proceeding of the International Conference on Management of Data (ACM SIGMOD). ACM, New York, 109-116.
70. PETERS, M. 2004. Encrypting partitions using dm-crypt and the 2.6 series kernel. Linux.com. http://www.linux.com/articles/36596.
71. PETERSON, Z., BURNS, R., HERRING, J., STUBBLEFIELD, A., AND RUBIN, A. 2005. Secure deletion for a versioning file system. In Proceedings of the 4th USENIX Conference on File and Storage Technologies. USENIX Association, Berkeley, CA,143-154.
72. PETERSON, Z. AND BURNS, R. 2005. Ext3cow: A time-shifting file system for regulatory compliance. ACM Trans. Storage 1, 2, 190-212.
73. PLETKA, R. AND CACHIN, C. 2007. Cryptographic security for a high-performance distributed file system. In Proceedings of Mass Storage Systems and Technologies (MSST). 227-232.
74. RICHARDSON, R. 2007. CSI survey 2007: The 12th annual computer crime and security survey. Computer Security Institute. http://www.gocsi.com/forms/csi survey.jhtml.
75. RIEDEL, E.,KALLAHALLA, M., AND SWAMINATHAN, R. 2002. A framework for evaluating storage system security. In Proceedings of the 1st USENIX Conference on File and Storage Technologies (FAST'02). USENIX Association, Berkeley, CA, 15-30.
76. RIVEST, R. L. 1997. All-or-nothing encryption and the package transform. In Proceedings of the Fast Software Encryption Conference.
77. ROCSECURE. 2008. RocSecure security encrypted hard drives. http://www.datamediastore.com/rocstor-rocsecure-security-encripted-hard-drives. html.
78. ROSENBAUM, J. 2000. In defense of the DELETE key. The Green Bag 3, 4. www.greenbag.org/rosenbaum deletekey.pdf.
79. ROSENBLUM, M. AND OUSTERHOUT, J. 1991. The design and implementation of a log-structured file system. In Proceedings of the 13th Symposium on Operating Systems Principles.
80. RSA LABORATORIES. 1993. Cryptographic message syntax standard. Tech. note, PKCS 7, v1.5. ftp://ftp.rsasecurity.com/pub/pkcs/ps/pkcs-7.ps.
81. RSA LABORATORIES. 1999. PKCS 5 v2.0: Password-based cryptography standard. ftp://ftp.rsasecurity.com/ pub/pkcs/pkcs-5v2/pkcs5v2-0.pdf.
82. SANDBERG, R., GOLDBERG, D., KLEIMAN, S., WALSH, D., AND LYON, B. 1985. Design and implementation of the Sun network file system. In Proceedings of the USENIX Annual Technical Conference. USENIX Association, Berkeley, CA, 119-130.
83. SEAGATE. 2006. DriveTrust technology: A technical overview. http://www.seagate.com/docs/pdf/whitepaper/TP564 DriveTrust Oct06.pdf.
84. SECUREDISK. 2008. Hardware SecureDisk encryption. http://www.usbgear.com/ secure-disk-hardware-encryptedusbdrive.html.
85. SHAMIR, A. 1979. How to share a secret. Comm. ACM 22, 11, 612-613.
86. SHIROBOKOV, A. 2006. Drive imaging as part of data recovery. Whitepaper, ACE Data Recovery Engineering Inc. http://www.acedre.com.
87. SISWG. 2008a. IEEE Standard for Cryptographic Protection of Data on Block-Oriented Storage Devices. IEEE Std 1619-2007, vol., no., pp.c1-32. http://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=4493450&isnumber= 4493449.
88. SISWG. 2008b. Standard for Wide-Block Encryption for Shared Storage Media. Draft Standard P1619.2/D7. https://siswg.net/index.php?option=com docman&task=doc download&gid=134&Itemid=41.
89. SIVATHANU, M., PRABHAKARAN, V., POPOVICI, F. I., DENEHY, T. E., ARPACI-DUSSEAU, A. C., AND ARPACI-DUSSEAU, R. H. 2003. Semantically-smart disk systems. In Proceedings of the 2nd USENIX Conference on File and Storage Technologies. USENIX Association, Berkeley, CA.
90. SIVANTHANU, M., BAIRAVASUNDARAM, L. N., ARPACI-DUSSEAU, A. C., AND ARPACI-DUSSEAU, R. H. 2004. Life or death at block level. In Proceedings of the 6th Symposium on Operating Systems Design and Implementation (OSDI'04). 379-394.
91. SIVATHANU, G., SUNDARARAMAN, S., AND ZADOK, E. 2006. Type-safe disks. In Proceedings of the 7th Symposium on Operating Systems Design and Implementation (OSDI'06).
92. SMITH, J. Mcrypt home page. http://mcrypt.sourceforge.net/.
93. SOBEY, C., ORTO, L., AND SAKAGUCHI, G. 2006. Drive-independent data recovery: The current state-of-theart. IEEE Trans. Magnetics 42, 2, 1, 188-193.
94. SPIES, T. 2008. Feistel finite set encryption mode. NIST proposed encryption mode. http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/ proposedmodes/ffsem/ffsem-spec.pdf.
95. SQUARE, L. 2007. Stolen laptop may hold ID numbers. The Daily Reveille. http://media.www.lsureveille.com/media/storage/paper868/news/2007/05/03/News/ Stolen.Laptop.May. Hold.Id.Numbers-2892874.shtml.
96. STINSON, D. 2002. Cryptography: Theory and Practice. 2nd Ed. Chapman & Hall/CRC, Boca Raton, FL.
97. SULLIVAN, B. 2005. Help! I left my identity in the backseat of a taxi. MSNBC: The Red Tape Chronicles. http://redtape.msnbc.com/2005/11/why you should .html.
98. SZEREDI, M. 2008. Filesystem in USEr space. http://sourceforge.net/ projects/avf.
99. U.S. CENSUS BUREAU. 2005. Computer and Internet use in the United States: 2003. http://www.census.gov/prod/2005pubs/p23-208.pdf.
100. U. S. DEPARTMENT OF DEFENSE. 1995. National Industrial Security Program Operating Manual. 5220.22- M, U.S. Government Printing Office, Washington, D.C.
101. WIRELESSWEEK. 2007. Alcatel-Lucent loses computer disk. Wirel. Week http://www.wirelessweek.com/article.aspx?id=148070.
102. WHITTEN, A. AND TYGAR, J. D. 1999. Why Johnny can't encrypt: A usability evaluation of pgp 5.0. In Proceedings of the 8th USENIX Security Symposium. USENIX Association, Berkeley, CA, 169-184.
103. WOODHOUSE, D. 2001. JFFS: The journaling flash file system. In Proceedings of the Ottawa Linux Symposium. RedHat Inc.
104. WRIGHT, C., DAVE, J., AND ZADOK, E. 2003. Cryptographic file systems performance: What you don't know can hurt you. In Proceedings of the IEEE Security in Storage Workshop (SISW). IEEE, Los Alamitos, CA, 47-61.
105. WRIGHT, C. P., MARTINO, M., AND ZADOK, E. 2003. NCryptfs: A secure and convenient cryptographic file system. In Proceedings of the Annual USENIX Technical Conference. USENIX Association, Berkeley, CA, 197-210.
106. YOUNG, E. AND HUDSON, T. 2008. OpenSSL project home page. http://www.openssl.org/.
107. ZADOK, E., BADULESCU, I., AND SHENDER, A. 1998. Cryptfs: A stackable vnode level encryption file system. Tech. rep. CUCS-021-98, Computer Science Dept., Columbia University.
108. ZADOK, E. AND NIEH, J. 2000. FiST: A language for stackable file systems. In Proceedings of the Annual USENIX Technical Conference. USENIX Association, Berkeley, CA, 55-70.