Thursday, April 15, 2010

Data Remembrance

Project Reading Questions
1. Briefly define the Data Remembrance Problem.
Computer systems used by people with varying authorization levels typically employ authentication, access, control lists, and a privileged operating system to maintain information privacy. Much of information security research over the past 30 years has centered on improving authentication techniques and developing methods to assure that computer systems properly implement these access control rules.
Yet, there is a public misconception that deleting information from a computer is just a matter of following the normal procedures of deleting files and reformatting hard disks. Data remembrance is data that remains after it is thought to be deleted or its disk formatted. Many hard disks are discarded without a second thought that someone could possibly retrieve its confidential personal, financial, or medical information. The user is getting an incorrect message when they receive the following message:

Yet, after all has been taken into consideration, users are basically handing over their confidential information to whomever is ready to dive into disposed hard drives.
2. Is the problem getting better or worse?
There has been a dramatic increase in disk-drive capacity and a corresponding decrease in mass - storage costs in recent years. Still, few people realize how truly staggering the numbers actually are. According to the market research firm Dataquest, nearly 150 million disk drives will be retired in 2002—up from 130 million in 2001. Although many such drives are destroyed, a significant number are repurposed to the secondary market. This market is rapidly growing as a supply source for even mainstream businesses, as evidenced by the 15 October cover story in CIO Magazine, “Good Stuff Cheap: How to Use the Secondary Market to Your Enterprise’s Advantage.” According to the market research firm IDC, the worldwide disk-drive industry will ship between 210 and 215 million disk drives in 2002; the total storage of those disk drives will be 8.5 million terabytes. So what does this mean? It means bad news for computer users because not only will we see an increase in secondary market hard drives but public awareness is way behind. The following is a list of possible explanations as to why it will get worse.

• Lack of knowledge. The individual (or organization) disposing of the device simply fails to consider the problem (they might, for example, lack training or time).

• Lack of concern for the problem. The individual considers the problem, but does not think the device actually contains confidential information.
• Lack of concern for the data. The individual is aware of the problem—that the drive might contain confidential information— but doesn’t care if the data is revealed.

• Failure to properly estimate the risk. The individual is aware of the problem, but doesn’t believe that the device’s future owner will reveal the information (that is, the individual assumes that the device’s new owner will use the drive to store information, and won’t rummage around looking for what the previous owner left behind).

• Despair. The individual is aware of the problem, but doesn’t think it can be solved.

• Lack of tools. The individual is aware of the problem, but doesn’t have the tools to properly sanitize the device.

• Lack of training or incompetence. The individual attempts to sanitize the device, but the attempts are ineffectual.

• Tool error. The individual uses a tool, but it doesn’t behave as advertised. (Early versions of the Linux wipe command, for example, have had numerous bugs which resulted in data not being actually overwritten. Version 0.13, for instance, did not erase half the data in the file due to a bug; see http://packages.debian.org/unstable/utils/wipe.html)

• Hardware failure. The computer housing the hard drive might be broken, making it impossible to sanitize the hard drive without removing it and installing it in another computer—a time-consuming process. Alternatively, a computer failure might make it seem that the hard drive has also failed, when in fact it has not.

3. Outline the components of a solution that a small organization could implement for
the Data Remembrance Problem.
· Users must be educated about the proper techniques for sanitizing disk drives.

· Organizations must adopt policies for properly sanitizing drives on computer systems and storage media that are sold, destroyed, or repurposed.

· Operating system vendors should include system tools that securely delete files, and clear slack space and entire disk drives.

· Future operating systems should be capable of automatically sanitizing deleted files. They should also be equipped with background processes that automatically sanitize disk sectors that the operating system is not currently using.

· Vendors should encourage the use of encrypting file systems to minimize the data sanitization problem.

· Disk-drive vendors should equip their drives with tools for rapidly or even instantaneously removing all disk drive information. For example, they could equip a disk drive with a cryptographic subsystem that automatically encrypts every disk block when the block is written, and decrypts the block when it is read back. Users could then render the drive’s contents unintelligible by securely erasing the key.