Category Archives: Book/Paper

Sanitizing SSD

Posted on by
Reply

Sanitizing a drive is the action to fully and securely erase the information on a drive so that there is no mean, logical through commands, or analog through examination of stored analog information, to recover any erased data. This action is well-known and mastered for magnetic drives. There are clear documented software methods and even ATA or SCSI dedicated commands.

What about Solid State Drives (SSD)? SSD are becoming mainstream. They offer the benefits of speed and low consumption. Can they be securely erased? WEI, GRUP, SPADA and SWANSON presented at Usenix FAST a study. Their paper, entitled “Reliably Erasing Data From Flash-Based Solid State Drives”, checks whether the methods used for magnetic drives are still valid, and if the ATA and SCSI commands are efficient.

The conclusions are worrying.

For sanitizing entire disks, built-in sanitize commands are effective when implemented correctly, and software techniques work most, but not all, of the time. We found that none of the available software techniques for sanitizing individual files were effective.

In other words, if nobody has done the test before and published it, you cannot be sure. You have to either trust the manufacturer or do the test (which is destructive) yourself.

Funnily, BELL and BODDINGTON published in the The Journal of Digital Forensics, Security and Law, a paper entitled “Solid State Drives: The Beginning of the End for Current Practice in Digital Forensic Recovery?”. Their conclusion was that because SSD implemented automatic garbage collection that erased unused sectors, remnant data would be erased.

Who is right? I would believe the conclusions of the first team. The second team assumes that the forensics team accesses the data through logical commands or means. In that case, yes, data may be erased. On the other hand, the first team directly accesses the physical flash chips. Thus, they bypass the garbage collection. We may assume, that a serious forensics team, being aware of this problem, would rather directly work on the physical components. By the way, forensics teams are already doing this same type of examination when the hard disk has been voluntarily smashed.

Conclusion: Be aware of this risk at least until SSD manufacturers will have agreed on a certification that would prove the efficiency of the implementation of their sanitizing commands.

Security Newsletter #18 is available

Posted on by
Reply
Finally, the Summer 2011 edition is out. It took a long time to issue it. I expect the next one to come faster.

In this issue, you will find an interview of Jean Jacques QUISQUATER, a leading and respected character of the crypto community. Of course, we tackle the HDCP hack explaining what it is exactly and what are the expected consequences. This issue has also a look on the banning strategy in games. The big slice of the cake is a deep dive into sandboxing.
I hope you’ll enjoy it. Do not hesitate to send your comments

Anonymity Loves Company

Posted on by
Reply

It is the title of an interesting paper by Roger Dingledine and Nick Mathewson. They are members of the Free Haven project. This project studies topics such us onion routing (technology used by TOR), or Mixminion an anonymous email network.

The paper presents two challenges: usability and network effect.

  • Usability is a typical challenge of security solutions. The authors show that often privacy setting requires technological skills that are opposed to ease of use for everybody. The easy solution is often to delegate security decision to the user, who is not necessarily the best person to decide. This reminds me the security model of Android, where you have to decide (too) many parameters.
  • Network effect; efficient anonymity requires to have a lot of traffic to hide within. This rises the problem of bootstrapping. And here is a nice tradeoff. If your system is extremely secure, it will most probably be difficult to use, thus attract fewer people, thus reducing the strength of anonymity. On the other hand, if the system is easy to use, thus less secure, it may attract more users, thus strengthening anonymity.
    For instance, in the design of Mixminion, they had to answer the following tradeoff:

    Since fewer users mean less anonymity, we must
    ask whether users would be better off in a larger network where their messages
    are likelier to be distinguishable based on email client, or in a smaller network
    where everyone’s email formats look the same.

The three described use cases, Mixminion, TOR, and JAP, are excellent illustrations of the issues. An excellent paper.

Citation: N. Mathewson and R. Dingledine, “Anonymity Loves Company: Usability and the Network Effect,” Proceedings of the Fifth Workshop on the Economics of Information Security WEIS 2006, pp. 547-559.

A Taxonomy of Social Networking Data

Posted on by
Reply

In July 2010’s issue of IEEE Security & Privacy, Bruce Schneier in a one-page paper presented his taxonomy. It is extremely interesting. My comments are in italics.

  • 1. Service data is the data used to manage the service such as your name.
    You have control on the creation, although you may be obliged to give sometimes real data.
  • 2. Disclosed data is what you post on your own pages.
    You normally have full control on it.
  • 3. Entrusted data is what you post on other people’s pages.
    You have control on the creation, but lose control on its life.
  • 4. Incidental data is what other people post about you.
    You do not have control on the creation, nor on its life. Of course, your entrusted data are incidental data for other people.
  • 5. Behavioral data is data the site collects about your habits by recording what you do and who you do it with.
    This is the “raison d’être” of many social networks. Never forget that there is no free lunch. Most of the business models are based on “selling/using” your profile. You have no control, excepted that you may try to control your behavior.
  • 6. Derived data is data about you that is derived from all the other data.
    This is where the social networks are polishing your profile and thus increasing its value. The more they know you, the more valuable ads/personalized services they will be able to offer. You have definitively no control.

Category 5 and 6 are the most interesting ones from the privacy point of view. How can you control what the social network provider will infer from your activity on the social network.

The reference of the paper is
B. Schneier, “A Taxonomy of Social Networking Data,” IEEE Security and Privacy, vol. 8, 2010, p. 88.

Predictably Irrational

Posted on by
Reply

“Predictably Irrational” from Dan Ariely is not a book about security (neither Sci-Fi). Thus, why do I report about it?

“Predictably Irrational” highlights that many of our reactions are not rational. Every body knows that it is true in extreme conditions. Dan Ariely demonstrates that it is also true in our daily reactions. To prove it, he describes some of the many experiments that he run.

Law 6: You’re the weakest link reminds us that human behaviour is key for security. This book helps to better understand human behaviour. For instance, a full chapter is about honesty. Great to read. This book is a tool to better understand some tricks used by social engineer.

This is related to the latest Bruce Schneier’s pet’s subject societal security.

A book to read.

Proliferation and Detection of Blog Spam

Posted on by
Reply

In a recent article, published in October’s IEEE Security and Privacy issue, S. ABU-NIMEH and T. CHEN studied the so-called blog spam. Spam blog is the phenomenon to add spamming comments, totally irrelevant to the topic. There are several categories:

  • Comment spam who try to corrupt the feedback of the community. Often done by trolls, they are not very problematic. This is the price of democracy and Web 2.0.
  • Term spam add some words to be more relevant to search queries
  • Link spam contains links to sites to increase the number of sites pointing towards the spamming site, thus increasing the famous page rank.
  • splogs or spam blogs are fake blogs which sole purpose is to increase the pagerank of a given site.

The study showed that the practice is increasing. From more than one million collected comments, 75% were spams! They were issued by a limited number of emails address and IP addresses.

Studies try to build classifiers that attempt to detect blog spams. They are not yet accurate.

Meanwhile, there are a few lines of defense:

  • CAPTCHA
  • Black lists of email and IP address
  • Black list of words

End of 2010, I experienced this damned attack on this site. In one night, I could find more several tens of blog spams on one topic. It even reached 300 in one night. At the beginning, I indulged (you may still find some of them) and cleaned the mess. Then, it started to become worrying. The default installation of my blog provides a basic anti-spam test that is the answer to a simple arithmetic calculus. It seemed not deterrent enough. Then I started to black list some words such as codeine, Valium or hemoroid. This is not the usual vocabulary of security :( It slowed down the number of comments, but did not stop them. My last solution was to use CAPTCHA. CAPTCHAs are not user friendly, and may even rebuke some people to post comments. Nevertheless, it seems to have (temporarily?) stopped the spammers.

By the way, this issue of IEEE security and privacy has also an excellent paper from Teddy Furon and Gwenael Doerr about “tracing pirated contents on the Internet” :)