click to visit home page
leading the way to the new storage frontier .....
Fast Purge flash SSDs directory & articles
fast purge SSDs ..
Disk Sanitizers
sanitizers ..
Military storage
military SSDs ..
SSD SoCs controllers
SSD controllers ..
image shows Megabyte's hot air balloon - click to read the article SSD power down architectures and acharacteristics
SSD power loss ..
SSD myths - write endurance
SSD endurance ..

SSD Security - news etc

see past versions of this storage security page (2002 to 2018) on the wayback machine
STORAGE Security
Megabyte used one of Gunnar's goblin
to stop pesky goblin minions
and other pests from interfering with his
bits and bytes.
SSD news
SSD software
SSD endurance
secrets of 1,000 data recoveries
reminiscing about storage security
can you trust SSD performance data?
how fast can your SSD run backwards?
BOM control and the mythical "standard" SSD
Sanitization Methods for Cleaning Up Hard Disk Drives
is data remanence in persistent memory a new risk factor?
Privacy and Security Regulations, and How they Impact Storage Systems

SSD news

NL university researchers disclose delusion of security blanket delivered by popular self encrypting SSDs

Editor:- November 8, 2018 - Researchers at Radboud University, in the Netherlands have recently published a paper - self-encrypting deception: weaknesses in the encryption of SSDs (pdf).

The authors conclude - "we found that many hardware implementations of full disk encryption in SSDs have critical security weaknesses, for many models allowing for complete recovery of the data without knowledge of any secret... This challenges the view that hardware encryption is preferable over software encryption. We conclude that one should not rely solely on hardware encryption offered by SSDs."

After discovering the ineffectiveness of the protection offered by the encryption hardware in the models affected - the authors alerted the authorities and agreed to wait 6 month before publishing their paper so as to enable the manufacturers - whose products had been tested (Micron and Samsung confirmed the vulnerability issues) to work on firmware updates.

The paper also examines commonly held assumptions about the security of encryption engines in various states when analyzed from particular attack directions. the artice (pdf)

Editor's comments:- as with all aspects of SSD design - the correlation between what the customer expects and what does actually happen in the real world depends on the quality of the designers and the verification process. That's why it's not unusual in mission critical projects using industrial SSDs for the customer verification process to take longer in elapsed time than it took to design the original SSD.

See also:- Why consumers should expect to see more flaky SSDs (2009)

dust to dust and SSD data sanitization

Editor:- October 2, 2018 - Is there an opposite concept to data recovery? - is how I approached the tail end of a long blog - written during the 2018 hurricane season - which looked back at many things I had learned about the capabilities of the data recovery market in my 19 years or so of easy access to them in my role as a storage blogologist. SSD analyst / futurologist sounds better.

Is there an opposite concept to data recovery?

It was rhetorical question - to which I immediately appended a ready made answer which I had used here on several times before to link disparate themes which in my view sometimes needed reminders that they were - in extremis - unwillingly linked.

You may have your own retorts. But mine - aiming swiftly I thought to end an already long blog - was this...

"Yes. The flip side to data recovery is fast purge SSDs and disk sanitizers."

There aren't any prizes if you thought of similar answers.

I thought that was that and a good enough ending - but then a reader from an SSD / HDD sanitization services company contacted me about the blog.

He said I could share what we had talked about. So I added our conversation and some links to the end of my retrospective data recovery blog - where it fits in more snugly than it may appear to do right here and now. Anyway you can read it here.

new report lists malware attack vectors for memory in processors

Editor:- June 14, 2018 - Security Issues for Processors with Memory is a new report (90 pages, $975) by Memory Strategies International with ramifications (I had to use that word) for the memoryfication of processors market.

The report includes a comprehensive list of the dimensions in which security can be attacked and outline of design mitigation directions.

Among other things the scope includes:- "Issues of volatile vs. non-volatile memory for cache and main memory involve consideration of security hazards. Cryptography in multicore coprocessor systems are an issue. Security of data on network buses is critical for military, medical and financial systems with remedies suggested for replay attacks..." ...see more about this report

See also:- optimizing CPUs for use with SSD architectures

How do banks use big memory systems to detect and prevent fraud?

Editor:- January 9, 2017 - In the early 2000s I started hearing stories from vendors of ultrafast SSDs about how their fast memory systems were helping banks to not only ease the choke points in their transactions but also provide insights into fraud prevention.

A new white paper GridGain Systems provides a good introduction and synthesis of the various roles of in-memory computing in accelerating financial fraud detection and prevention (pdf) which includes many named bank examples.

This paper describes how in memory computing provides the low latency data sharing backbone which is needed to enable pattern detection for fradulent activity to be assessed in real-time while at the same time enabling genuine transactions to proceed quicky.

Among other things, the paper says...

"The move from disk to memory is a key factor in improving performance. However, simply moving to memory is not sufficient to guarantee the extremely high memory processing speeds needed at the enterprise level... Clients who have implemented the GridGain In-Memory Data Fabric to detect and prevent fraud in their transactions have found that they can process those transactions about 1,000 times faster." the article (pdf)

Maxim samples deep cover security chip

Editor:- October 5, 2016 - A nonvolatile, decrement-only counter with authenticated read and tiny amount - 8Kbits - of EEPROM for user data, keys, and certificates are part of an interesting DeepCover Secure Authenticator chip which is now sampling and was announced today by Maxim .

new memories, new questions about data security

Editor:- August 4, 2016 - the need to manage data risk when recycling hard drives, SSDs and other storage devices is well known. But what about so called "volatile memory" like DRAM?

We've become accustomed to seeing crossover architecture concepts between storage and memory as the market progresses towards more complex memory systems and enterprise storage.

Interesting security questions arise when virtual RAM becomes implemented by memories such as flash and other alternative nvms. And what about DRAM itself?

It was those thoughts which led to my new blog - is data remanence a new risk factor in persistent memory?

FIPS makes for health compliant SSDs

Editor:- July 28, 2016 - A new blog by Micron - discusses FIPS 140-2 validation in its range of SAS SSDs.

click to see directory of SAS SSD companies
The author - Anne Haggar, Product Marketing Leader, Micron says (among other things)...

"We are finding that U.S. federal agencies arent the only organizations that are interested in the extra security these drives provide. Companies in health care and financial services who face stiff fines for non-compliance and huge risks if they have a data breach are adding FIPS 140-2 compliance to their requirements." the article

Virtium offers encryption in all its industrial SSD form factors

Editor:- June 28, 2016 - Virtium today announced self-encrypting drive features as options throughout all the form factors in its StorFly range of industrial SSDs.

Virtium  SSDs - click for more info"These support multiple SATA form factors, including 2.5", 1.8", Slim SATA, mSATA, M.2, and CFast. Additionally, they support all 3 StorFly reliability classes – CE (MLC), XE (industrial-grade MLC) and PE (SLC)" said Scott Phillips, VP of marketing at Virtium.

more about the security features

Virtium SED uses random AES encryption keys that are generated at product initialization (leveraging the drive controller's integrated random number generator), which are hashed and then stored within the drive itself. They are used in conjunction with the integrated AES encryption engine to encrypt and store the host data on the NAND flash without burdening the host system.

The encryption keys are non-retrievable and cannot be changed without the complete loss of the data on the SSD. Virtium's new StorFly SEDs are Trusted Computing Group Opal 2.0-compatible and support hardware and software initiated crypto-erase and block-erase features that satisfy requirements of the National Institute of Standards and Technology Special Publication 800-88 Revision 1 Guidelines for Media Sanitization. These features are persistent through power interruption cycles.

what goes on inside AES encrypted SSDs?

Editor:- May 6, 2016 - Securing SSDs with AES Disk Encryption - by C.C. Wu, VP Innodisk - is a new article published on Electronic Design.

Among other things in this very detailed and educational article Wu cautions readers about the limitations of encrypted SSDs...

"As strong as the 256-bit AES encryption is on encrypted SSDs, it only protects data at rest, i.e., when the system is turned off. To protect data in flight, data-loss-prevention (DLP) techniques, use of secure communication protocols, and other security measures must be taken." the article

what's a military SSD?

Editor:- April 18, 2016 - what's a military SSD? Unlike other parts of the SSD market such as where SSDs designed for one market can be redeployed into another (consumer technology drives placed in arrays and wrapped around by enough RAM, RAID and software to enable their safe use for enterprise arrays) you'd think that the determination of what is a military SSD should be quick and relatively unambiguous.

So when we ask the next question - what is a military SSD company? That should be even easier to decide.

I've long believed it would be useful to compile and publish a simple frills-free list of military SSD companies which readers could use a guide for their own follow-up research. You can see more about my progress on this editorial project in my new home page blog - a simple list of military SSD companies (how hard can it be to compile one?)

Apple and FBI case demonstrated difficulties of SSD data recovery

broken barrel image - click to see the SSD data recovery directory
SSD data recovery
Editor:- March 3, 2016 - If anyone still had doubts about how difficult it is to recover data from an encrypted SSD in the absence of a universal back-door key - the proposition has been lent weight by the recent story rippling around the world's news media about the FBI's efforts to force Apple to assist in unlocking iphones. In the unlikely event you don't know what I'm talking about - click here to see summaries of the unfolding story.

Data recovery techniques have multiple uses and many of them originated as part of intelligence and law enforcement data gathering activities.

Defeating data recoverability is a primary objective of security and autonomous data destruction design techniques used in many military SSDs.

Kingston toughens up USB range with IronKey

editor:- February 8, 2016 - Kingston today announced it has acquired the USB technology and assets of IronKey from Imation.

Implementing the XTS-AES Standard for SSDs on Xtensa Processors

Editor:- February 5, 2016 - "An XTS-AES engine based on the Xtensa processor can provide performance that rivals most hardware solutions, but retains the ease of design and flexibility found in software based solutions."

That's the summary of a paper - Implementing the XTS-AES Standard on Xtensa Processors (pdf) - which is one of several resources in a new set of the SSD Bookmarks today on the home page of

The new set of bookmarks were suggested by Neil Robinson who is Product Marketing Director, Tensilica Processor IP, Cadence.

how fast is fast erase?

Editor:- January 26, 2016 - When it comes to SSD security - how fast is fast erase?

Over the years I've reported many examples of this (erase) and also other methods of data destruction the rule of thumb has been:- the bigger the capacity of the drive - the more time in seconds it takes (and more electrical energy too).

A press release today from Foremay suggests a fast and scalable sanitization route may come from what they call "crypto erase" - which renders all data scrambled, scattered and useless.

It's fast. Takes only a second to complete the crypto erase of a Foremay SED SSD with capacity of up to 20TB.

This erase can be triggered by a command or a user presettable threshold of failed access attempts.

Commenting on the benefits of intrinsic hardware encryption instead of relying on software and aside from the obvious performance - Foremay says hardware encryption is far more secure because software can be corrupted...

"Information security on SSD drives has become increasingly important to all users, particularly in government, defense, financial and medical industries," said Jack Winters, Foremay's CTO and cofounder.

Editor's comments:- The effect - I guess - is a bit like the accidental predicament of needing data recovery for a damaged and unsupported encrypted SSD. But a deliberate erase like this will be more systematic and probably doesn't have a single mode recovery lever.
SSD ad - click for more info
Cache latency is key to side-channel attack technique which can breach cloud server security walls

Editor:- October 29, 2015 - Cache jitter and latencies are more than simply performance quality issues - they can be the root of security vulnerabilities too.

The juxtaposition of these concepts in colocated cloud servers presents risks which were reported recently by researchers at Worcester Polytechnic Institute.

The research team used a combination of techniques to first create a virtual machine on the same Amazon cloud server as a target machine (a technique known as co-location). They then used the co-located machine to spy on the target. By observing how it accessed information in memory, they could determine when it was retrieving its RSA key. Then by charting the timing of the memory access they were able to deduce the key's actual numeric sequence. the summary

new ORG - Drive Trust Alliance seeks sponsors

Editor:- August 10, 2015 - if you didn't think there were already enough ORGs related to the storage market - then a new one today has been proposed by Coughlin Associates and (new to me) Bright Plaza, Inc.

The Drive Trust Alliance at (which currently redirects to is "an alliance of companies, organizations, and individuals that will benefit from cost efficiencies in marketing on-going education and the creation and support of open source software for managing Self-Encrypted Drives".

Microsem licenses DPA countermeasure technologies from Rambus

Editor:- January 29, 2015 - Rambus today announced that Microsemi will serve as reseller in the government and military sectors for certain differential power analysis (DPA) technologies developed by Rambus's cryptography research division.

As the first major FPGA company to license DPA countermeasures, Microsemi has identified DPA as a significant vulnerability in chip security, specifically for the mission-critical applications found in government and military settings.

SSD Encryption Everywhere?

Editor:- August 25, 2014 - the future of SSDs is "self-encryption everywhere!"

That's the conclusion of a paper - SSDs with Self Encryption: Solidly Secure (pdf) - which was presented recently at the Flash Memory Summit.

The author Michael Willett (who has worked as a storage security strategist for various leading organizations) reviews the threats and business impacts posed by data security breaches, and compares the performance of HDDs and SSDs both with and without encryption.

Editor's comments:- while I'd agree that security inside storage devices is nearly always a good thing - I can think of some examples in which the opposite is true.

For example:- when scientists are using SSDs as data loggers which collect raw physical data - particularly in experiments where due to environmental conditions there is a possibility that the drives may fail during the experiments.

Drives which are encrypted pose challenges for data recovery.

So disabling encryption - or not having it in the first place - may be a good thing for this type of application.

The biggest risk posed by losing the drive in a phsyics experiment - or astronomical observation - is that one of your colleagues extracts the data before you - but you'd know that by reading their paper!

On the other hand if the drive fails - and it's still in your possession - then you can recover the data for yourself - you may change your career prospects by having captured the details of a rare event.

Cactus adds write disable switch to industrial CFast

Editor:- April 10, 2014 - Cactus Technologies today announced that it has introduced a new security option - of having a physical write protect switch - in its 900S series of industrial SLC CFast SSDs.

It works like this. When the write protect switch is in the disabled position, the CFast card reads and writes as normal. When the switch is enabled, the card will read as normal, but all write attempts are ignored. Data already stored on the card is safe from overwrite.

"This write protect feature has already been successfully implemented in the gaming, military and other markets" said Sai-Ying Ng, President of Cactus Technologies.

Who's got your keys?

Editor:- April 5, 2014 - "Think about it" says Chandar Venkataraman, Chief Product Officer, Druva - "If your service provider has access to your encryption keys, can you really say that your data is secure?"

That's just one of the thought provoking ideas in his new blog - 5 Things You Didn't Know About the Cloud

See also:- SSD empowered cloud, SSD enterprise software

Apacer's new waterproof SSD

Editor:- January 28, 2014 - Apacer says it wil demonstrate a new "seamless waterproof SSD that operates even when immersed in water" on Booth #700 at the DistribuTECH 2014 show which starts today in San Antonio, TX.

see also:- industrial SSDs

Microsemi's new SSD for vetronics can erase 256GB in < 8S

Editor:- May 23, 2013 - Microsemi today announced that it has secured multiple design-wins for its new Series 200 TRRUST-Stor (rugged self encrypting, 2.5" SATA SSD with 256GB SLC capacity and fast purge).

The company says a full hardware-based erase takes less than 8 seconds. The 200 model has R/W throughput which is twice as fast as the company's earlier TRRUST-Stor due to a new generation of the company's Armor processor. Developed to endure harsh environments the new SSD - which has hardware-implemented AES 256 encryption - can withstand up to 3,000G shock and 30G rms of vibration.

Toshiba samples encrypted SAS SSD

Editor:- January 6, 2013 - Toshiba says it's sampling a new range of 2.5" SAS MLC SSDs - with self encrypting security features and on board sanitization. The PX02SMQ/U has upto 1.6TB capacity.

Crocus will sample secure fast MRAM controllers in January 2013

Editor:- November 5, 2012 - Crocus Technology today announced that in January 2013 it will sample 1.2MByte high speed SIMs and small secure MRAM controllers. The fast R/W speeds will enable optimized personalization and over-the-air updates in NFC-enabled smartphones.

"The CT32MLU product family breaks the barrier of traditional non-volatile memory that will provide smartcard makers with best-in-class secure element microcontrollers with a 20 to 30% smaller footprint," said Alain Faburel, VP security business unit at Crocus Technology.

SSDs or hard drives? - the data forensics differences

Editor:- October 23, 2012 - When you need to retrieve critical unbacked up data from a damaged notebook (which you left in the car when you clambered out the window after realizing that the puddle across the road was much deeper than you first thought) you call the process "data recovery" - but when a court seizes a suspect's notebook to try and retrieve data which may have been deliberately "deleted" - they call it "data forensics" - either way - in the most demanding cases the experts who work on these tasks are the same.

SSD Data Recovery (as opposed to dumb flash memory recovery) is a relatively new market which didn't exist 5 years ago.

A recent article Why SSD Drives Destroy Court Evidence - on a site called - discusses how techniques which are essential to the operation of flash SSDs (such as garbage collection and wear leveling) mean that from the forensic viewpoint SSDs yield up potentially much less deliberately deleted recoverable data than hard drives.

RunCore's video - phone to purge USB SSD

Editor:- May 22, 2012 - sometimes if I'm watching a movie I realize it's going to be bad - but in a way which is nevertheless all too fascinating to watch. How bad it will get? Look! - see it's getting worse - but still taking itself seriously. So - instead of zapping it like I should - I stay transfixed. Such bad movies are an artform.

What about promotional videos though? - on the subject of SSDs...

Mostly these are just time wasting. But today - in the "so dreadful I kept watching it nearly to the end" category was a new video on YouTube from RunCore about its Xapear SSD.

RunCore was the first company to haul "phone to purge capability" over the cost chasm which divides military SSDs over to the consumer SSD market - which it did 2 years ago - and the new video is simply about their latest model which combines RFID with the phone zap technology in an external USB connected SSD.

As a security concept I was convinced the idea had merit - when I first wrote about it 2 years ago. So I wasn't keen to see another new video about the same topic. But I'm glad I did - because it's an artform. to watch video

Samsung enters fast erase SSD market

Editor:- January 5, 2012 - Samsung has entered the fast purge SSD market - which currently numbers about 25 companies.

The company says that models of its PM810 2.5" SATA SSD family with its Crypto Erase technology deletes targeted data in a couple of seconds regardless of the overall volume of data or the capacity of the SSD. These models have been validated for compliance to NIST FIPS 140-2

a new way to kill flash SSD data

Editor:- March 15, 2011 - Pangaea Media has recently entered the SSD backup market with a removable 2.5" SSD which integrates backup, encryption and a completely new (to me) patented fast purge technology.

SSD Bookmarks - from Foremay's CTO and co-founder

Editor:- March 1, 2011 - today published SSD Bookmarks - suggested by Jack H Winters, CTO, Foremay .

Jack H Winters' suggestions are focused on the topic of managing data security in flash SSDs (both in working and not working devices). These links take you on a tour of the published state of the art in fast / secure SSD data erase and the related issue of SSD encryption.

RunCore launches world's 1st CF card SSD with fast purge

Editor:- November 9, 2010 - RunCore has launched the world's first CF card compatible SSDs with fast (typically 30 seconds) on-board sanitization functions.

The fast erase - which is designed to protect confidential data leaks and thwart any attempts at data recovery - is achieved by pressing a button or activating erase pins while the device is powered. It can be once again used by formatting after the data destruction process.

Editor's comments:- due to the popularity of the CF form factor in consumer products many equipment designers have adopted it as a convenient way of incorporating solid state storage into products in the industrial, medical and prosumer markets. Without an on-board fast purge feature - achieving effective disk sanitization as a software process in an SSD can take upto 24 hours (depending on disk capacity). RunCore's industrial CF cards are true SSDs with wear-leveling, vibration tolerance and low power consumption.

a reader asked me about notebook SSD encryption

Editor:- June 29, 2010 - a reader asked me some good questions about notebook SSD encryption.

Did encryption impact performance and endurance? Had I already written about this in another article he had missed? ...see what I said

Super Talent's Cryptic USB 3 SSD

Editor:- March 2, 2010 - Super Talent Technology today announced imminent availability of a new encrypted USB 3 flash SSD - with upto 256GB capacity.

When I asked for more technical details I was told the datasheet isn't ready yet. The USB 3.0 SuperCrypt is a true SSD (with wear-leveling). Internally the module (95 x 34 x 15.4 mm) is a SATA SSD with a USB bridge chip.

Fast Purge flash SSDs

Editor:- September 25, 2009 - today published a new directory of Fast Purge flash SSDs.

The need for fast and secure data erase - in which vital parts of a flash SSD or its data are destroyed in seconds - has always been a requirement in military projects. Although many industrial SSD vendors are offering their products with extended "rugged" operating environment capabilities - it's the availability of fast purge which differentiates "true military" SSDs which can be deployed in defense applications.

Most Secure USB Flash Memory Stick

Editor:- July 13, 2009 - IronKey today announced the launch of its S200 USB flash drive for government and enterprise customers.

IronKey's CEO David Jevans said: "The IronKey S200 is the first and only USB flash drive to achieve the demanding FIPS 140-2, Level 3 security validation from NIST, giving even more proof that IronKey is the world's most secure flash drive. We are also releasing a suite of new enterprise remote management capabilities, available over the Internet from the IronKey managed service, or from our enterprise server software that companies can install and operate themselves."

ZoneLoc Prevents flash SSD Data Walking into the Wrong Hands

Phoenix, Arizona - February 12, 2009 - White Electronic Designs Corp announced a new technology - ZoneLoc - which automatically desanitizes a flash SSD to military standards - when the device is moved outside a specified operating zone - to prevent data falling into enemy hands.

The boundary can be tied to a fixed location or made to be portable for mobile applications. ZoneLoc has configurable features and options, including audible warnings, programmable response times, wireless remote purging and sensitivity modes. Because the protected device takes its own action, autonomously, security is guaranteed. ...White Electronic Designs profile, Storage Security, Disk Sanitizers

STMicroelectronics Samples Secure e-Passport Microcontroller

Geneva, Switzerland - November 25, 2008 - STMicroelectronics is sampling a new microcontroller for secure identity cards.

The ST23YR80, which offers contact and contactless interfaces, complies with the most advanced security smartcard standards and meets ICAO requirements for machine readable travel documents. The EAC (extended access control) e-Passport operation will be supported in less than 3.5 seconds. The device can also optimize the operating distance and transaction time by adapting its processor clock speed to the magnetic field of the application reader It has 80Kbytes of onchip flash memory to store extra biometric data. ...STMicroelectronics profile, storage chips

storage search banner

SSD ad - click for more info

"Don't use Self-Encrypting SSDs (if you think you might need a future data recovery)..."
That's the "advice" in a blog SSDs: Flash Technology with Risks and Side-Effects (August 2013) - by Kroll Ontrack - which goes on to say -

"This type of encryption is very secure, but ensures total data loss in the event of a failure. With SEDs, the encryption keys are only known to the hardware manufacturers and will not be released. What this means is in the event of a failure, the data is no longer accessible to professional data recovery companies".

SSD ad - click for more info

In June 2006 - SiliconSystems launched its SiliconDrive Secure family which had the widest range of available storage security features in a solid state disk. New features included security zoning (which controlled access rights to different segments of the disk) in addition to a range of conventional disk sanitization options.
SSD Market History

Why can't SSD's true believers agree on a single shared vision for the future of solid state storage?
the SSD Heresies

Military projects started using SSDs as early as the 1970s because they were faster, more rugged and more reliable than hard drives.
Military & Rugged Storage market news and history

Targa Series 4 - 2.5 inch SCSI flash disk
Removable Military Solid State Disks
from Targa Systems