-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 17/12/12 23:25, Eric S Johnson wrote: >> Secure deletion is a problem we could solve in software, by >> encrypting the data and then destroying the key to render the >> data unrecoverable, *if* we had a few bytes of persistent, >> erasable storage in which to store the key. (Storing the key on >> the SSD itself doesn't work, because then we can't securely >> delete the key.) >> >> I'm not aware of any suitable storage on current smartphones or >> personal computers > > Isn't this exactly how the iOS (v4+) can be remotely "wiped" in a > couple seconds? Everything's encrypted, so deleting the key ... > > Or are we saying the iOS's storage of the key is insecure?
A quick follow-up on this: iOS 4 and 5 store the encryption key for the data partition in a special effaceable area of the SSD. The flash translation layer, which maps logical to physical blocks, is implemented in software, and thus the data partition can be securely deleted when the device is wiped, by erasing the physical blocks of the effaceable area. However, secure deletion is all or nothing: if the device is wiped before the adversary gains access to it, no data can be recovered. But if the adversary gains access before the device is wiped, the device can be booted with a custom ramdisk that can dump the contents of the data partition - presumably including any deleted/overwritten data left behind by the flash translation layer, since the custom ramdisk can use its own software FTL to read the physical blocks. That's not the end of the story: individual files within the data partition can be further encrypted with keys derived from a combination of a device-specific UID key and the user's passcode. Even with a custom ramdisk, decrypting those files requires a brute force attack on the passcode, which is slow because the device doesn't allow direct access to the UID key and thus the brute force attack must be run on the device itself. TL;DR: wiping the device securely deletes everything, but if the device isn't wiped, deleted data that wasn't protected by the passcode can be recovered, and deleted data that was protected by the passcode may be recoverable by brute forcing the passcode or learning it from the user. Source: http://esec-lab.sogeti.com/dotclear/public/publications/11-hitbamsterdam-iphonedataprotection.pdf Cheers, Michael -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJQ2L81AAoJEBEET9GfxSfMWzMH/0gjaOxitGgQnpq0tULWJe+9 +/i6vMlnFuLvPbVeYbV732hC89wGbxIks68hBc0eDCm5/rfnXH9AaCUpOlfQ+dlv fgnrvFfbe+3hW1uHKo0R6fmx+/HUINW0UOxqaDn9hcIMbS+5J8mtuDpB8M8RwoWq Y0q8LWZJfG8QojaMVTnTic+J8E4mde6sgFAvRGPhGz1ZoUZDxwgcEbsU25J949ZX 64K3pP6GM8/l/i0tQJzJDFEkLTKgRfa7nrXbX068pAXVbqsoOzTl7Qzl2T9q6fOk B+zdI8hSv291OEQ20Bf7FHlEKWwG9mKEQWWJk+OaghmDsAr8j8lAZKNB4eh5t7M= =N9sd -----END PGP SIGNATURE----- -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
