TREA

Implementing secure erase for solid state drives

Follow

Information

  • Patent Grant
  • 8250380
  • Patent Number
    8,250,380
  • Date Filed
    Thursday, December 17, 2009
    16 years ago
  • Date Issued
    Tuesday, August 21, 2012
    13 years ago
Information
Abstract
A method and apparatus are provided for implementing secure erase for solid state drives (SSDs). An encryption key is used to encrypt data being written to SSD. A controller identifies a key storage option, and responsive to the identified key storage option, stores a key for data encryption and decryption. The controller deletes the key within the SSD responsive to the identified key storage option, ensuring that once the key is deleted, the key is not recoverable and data is effectively erased.
Description
FIELD OF THE INVENTION

The present invention relates generally to the data storage field, and more particularly, relates to a method and apparatus for implementing secure erase for solid state drives (SSDs).


DESCRIPTION OF THE RELATED ART

United States Patent Application 2009/0119191, application Ser. No. 11/923,123 filed Oct. 24, 2007 to Marco Sanvido et al., and assigned to the present assignee discloses techniques for encrypting data stored on data storage devices using an intermediate key. A data storage device encrypts data stored in non-volatile memory using a bulk encryption key. The data storage device uses a key derivation function to generate an initial encryption key. The data storage device then wraps an intermediate encryption key with the initial encryption key and stores the wrapped intermediate key in the non-volatile memory. The data storage device wraps the bulk encryption key with the intermediate encryption key and stores the wrapped bulk encryption key in the non-volatile memory. The data storage device can unwrap the wrapped intermediate key to generate the intermediate encryption key using the initial encryption key. The data storage device can unwrap the wrapped bulk encryption key to generate the bulk encryption key using the intermediate encryption key. The data storage device decrypts data stored in the non-volatile memory using the bulk encryption key. Bulk encrypting data prevents hard disk drives (HDDs) with user data from being disclosed to unauthorized individuals. Bulk encryption can also be used to enable a fast secure erase of data on a HDD, or to simplify the redeployment and decommissioning of used systems.


In solid state drives (SSDs), extra memory cells beyond what is allocated to the file system are used for wear leveling. The wear-leveling feature distributes data across that larger area to extend the life of the SSD. These cells may be swapped in and out of the area used by the file system.


It is desirable to use bulk encryption to simplify the erasure task for SSDs. A need exists to provide effective, secure and efficient secure erase functionality for solid state drives (SSDs).


SUMMARY OF THE INVENTION

Aspects of the present invention are to provide a method and apparatus for implementing secure erase for solid state drives (SSDs). Other important aspects of the present invention are to provide such method and apparatus substantially without negative effect and that overcome some of the disadvantages of prior art arrangements.


In brief, a method and apparatus are provided for implementing secure erase for solid state drives (SSDs). An encryption key is used to encrypt data being written to SSD. A controller identifies a key storage option, and responsive to the identified key storage option, stores a key for data encryption and decryption. The controller responsive to the identified key storage option, deletes the key within the SSD and data is effectively erased.





BRIEF DESCRIPTION OF THE DRAWINGS

The present invention together with the above and other objects and advantages may best be understood from the following detailed description of the preferred embodiments of the invention illustrated in the drawings, wherein:



FIG. 1 is a block diagram representation illustrating a system for implementing secure erase methods for solid state drives (SSDs) in accordance with an embodiment of the invention;



FIGS. 2, 3A, and 3B illustrate secure erase key storage operations in accordance with embodiments of the invention;



FIGS. 4A, and 4B are flow charts illustrating example operations of the system of FIG. 1 in accordance with secure erase embodiments of the invention; and



FIG. 5 is a block diagram illustrating a computer program product in accordance with embodiments of the invention.





DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS

In the following detailed description of embodiments of the invention, reference is made to the accompanying drawings, which illustrate example embodiments by which the invention may be practiced. It is to be understood that other embodiments may be utilized and structural changes may be made without departing from the scope of the invention.


Having reference now to the drawings, in FIG. 1, there is shown a system for implementing secure erase methods for solid state drives (SSDs) generally designated by the reference character 100 in accordance with an embodiment of the invention. System 100 includes a solid state drive 102 and a host computer 104. SSD 102 includes a controller 106 coupled to a dynamic random access memory (DRAM) 108, and a flash translation layer/wear leveling block 110. SSD 102 includes a plurality of flash blocks 112 coupled to the flash translation layer/wear leveling functional block 110 and a boot flash 114 coupled to the controller 106, such as a NOR-flash or electrically erasable programmable read only memory (EEPROM). SSD 102 includes a host interface 116 coupled between the host computer 104, and the controller 106 and the flash translation layer/wear leveling functional block 110.


SSD 102 implements secure erase, ensuring that once a key used for bulk encryption is deleted, the key is not recoverable in accordance with embodiments of the invention. The controller 106 of SSD 102 includes firmware that is given direct access to erase flash blocks 112. The firmware of controller 106 of SSD 102 is given information on the flash translation layer/wear leveling functional block 110, for searching and deletion and overwriting keys in the flash block 112, and for garbage collection to delete duplicate keys created from wear-leveling.


Referring now to FIGS. 2, 3A, and 3B, there are shown secure erase key storage operations in accordance with embodiments of the invention.



FIG. 2 illustrates the system 100 with a split key embodiment of SSD 102 in accordance with the invention. A key is distributed or split between the NOR-flash 114, and the flash locks 112. A key distribution generally designated by the reference character 200 in accordance with an embodiment of the invention includes a key share 202 stored in the NOR-flash or EEPROM 114, and other key shares 202 stored the flash blocks 112. The size of the key chunk or share 202 stored in the NOR-flash 114 can be smaller that a full key bundle, for example, 128 bit instead of 1 Kb.


Erasing the key with the key distribution 200 or split key storage option 200 of FIG. 2 can be handled by only erasing the NOR flash part 202 and recalculating all the other key shares 202 of the flash blocks 112 for effectively and securely erasing data.



FIGS. 3A, and 3B respectively illustrate another embodiment of SSD 102 of system 100 with a key storage area of flash that is not wear-leveled and the key stored in predictable location/blocks during wear-leveling in accordance with the invention.


In FIG. 3A, a key storage operation of controller 106 generally designated by the reference character 300 in accordance with the embodiment of the invention includes a key stored in a key area 302 of the flash block 112 that is not wear-leveled. The key area 302 used for key storage includes blocks with guaranteed reliability. The firmware of controller 106 and the flash translation layer/wear leveling functional block 110 handle wear-leveling.


In FIG. 3B, a key storage operation of controller 106 generally designated by the reference character 310 in accordance with an embodiment of the invention includes a key stored in a plurality of key locations 312 of the flash block 112 that include predefined physical addresses during wear-leveling. The controller 106 keeps track of the key locations 312 used for key storage. The firmware of controller 106 and the flash translation layer/wear leveling functional block 110 handle wear-leveling and enable erasing all copies of a key. A simple example where it is generally easy for the controller 106 to keep track of where previous versions of the stored key follows:


Key A stored on all physical addresses with same residue A mod p.


Host 104 erases block A, controller 106 erases all blocks with physical addresses N, such that N mod p=A.


When the key needs to be erased, the firmware of controller 106 erases the key and requests garbage collection so that all the locations containing the key and that were not reused are erased for effectively and securely erasing data.



FIGS. 4A, and 4B are flow charts illustrating example operations of the system 100 of FIG. 1 in accordance with secure erase embodiments of the invention.


In FIG. 4A, example operations starting at a block 400, first a key storage option is identified as indicated at a block 402. When the split key option, such as illustrated in FIG. 2, is identified, the key is distributed between the NOR-flash 114 and the regular flash blocks 112 as indicated at a block 404. If information theoretic security is required, then all the shares need to be at least as large as the key. A simpler and more efficient solution is to relax the information-theoretic requirement, and allow for computational complexity assumptions. Then it is sufficient to have one symmetric encryption key stored in the NOR-flash 114 and this one symmetric encryption key encrypts all the media keys. Those encrypted media keys can be stored anywhere on the media flash blocks 112 at block 404.


As indicated at a block 406 when the flash option, such as illustrated in FIGS. 3A and 3B, is identified, the key is stored in area, such as key area 302 in FIG. 3A that is not wear-leveled, or the key stored in the predictable key locations 312 of the flash block 112 that include predefined physical addresses during wear-leveling.


In FIG. 4B, there are shown example operations starting at a block 410, with the split key option, such as illustrated in FIG. 2, the key is erased by only erasing the NOR-flash part for effectively and securely erasing data as indicated at a block 412. Optionally with the relaxed information-theoretic requirement upon erasure, the one main symmetric encryption key gets re-generated and the wrapped key values are recalculated at block 412 for effectively and securely erasing data.


As indicated at a block 414 with the flash option, such as illustrated in FIGS. 3A and 3B, when the key needs to be erased, the firmware of controller 106 requests garbage collection and erases the key by erasing all the locations containing the key that were not reused, effectively and securely erasing data.


As indicated at a block 416, another embodiment of the invention includes the controller 106, upon receiving a host instruction to purge date, first disabling host access and blocking remapping, then entering a selected purging mode. The purging mode can employ operations for effectively and securely erasing data as indicated at a block 418, or as indicated at a block 420 or both operations at blocks 418, and 420. Searching for keys within the flash, then deletion/overwriting of the keys are performed at block 418. At block 420, garbage collection is performed to delete duplicate keys created from wear-leveling.


Referring now to FIG. 5, an article of manufacture or a computer program product 500 of the invention is illustrated. The computer program product 500 includes a computer readable recording medium 502, such as, a floppy disk, a high capacity read only memory in the form of an optically read compact disk or CD-ROM, a tape, or another similar computer program product. Computer readable recording medium 502 stores program means or control code 504, 506, 508, 510 on the medium 502 for carrying out the methods for implementing secure erase of the embodiments of the invention in the system 100 of FIG. 1.


A sequence of program instructions or a logical assembly of one or more interrelated modules defined by the recorded program means or control code 504, 506, 508, 510, direct SSD controller 106 of the system 100 for implementing secure erase of the embodiments of the invention.


While the present invention has been described with reference to the details of the embodiments of the invention shown in the drawing, these details are not intended to limit the scope of the invention as claimed in the appended claims.

Claims
  • 1. A method for implementing secure erase for solid state drives (SSDs) comprising: using an encryption key to encrypt data being written to SSD;identifying a key storage option,responsive to the identified key storage option, storing a key within the SSD for data encryption and decryption; anddeleting the stored key using selected ones of a plurality of predefined operations responsive to the identified key storage option for effectively and securely erasing data, by searching for keys within flash blocks and erasing the key in all locations storing the key to delete keys created from wear-leveling.
  • 2. The method for implementing secure erase as recited in claim 1 wherein identifying a key storage option includes identifying a flash key storage option.
  • 3. The method for implementing secure erase as recited in claim 2 wherein responsive to the identified flash key storage option, storing a key within the SSD for data encryption and decryption includes storing a key within an area of a flash block that is not wear-leveled.
  • 4. The method for implementing secure erase as recited in claim 3 includes storing a key within predictable locations of a flash block during wear-leveling.
  • 5. The method for implementing secure erase as recited in claim 1 includes receiving a host instruction to purge data, disabling host access and disabling block remapping.
  • 6. The method for implementing secure erase as recited in claim 5 includes entering a selected purge mode.
  • 7. The method for implementing secure erase as recited in claim 6 wherein entering a selected purge mode includes searching for keys within flash blocks, and performing deletion/overwriting of located keys.
  • 8. A method for implementing secure erase for solid state drives (SSDs) comprising: using an encryption key to encrypt data being written to SSD;identifying a key storage option,responsive to the identified key storage option, storing a key within the SSD for data encryption and decryption;deleting the stored key responsive to the identified key storage option for effectively erasing data;receiving a host instruction to purge data, disabling host access and disabling block remapping; andentering a selected purge mode including erasing the key in all locations storing the key to delete keys created from wear-leveling.
  • 9. The method for implementing secure erase as recited in claim 8 wherein identifying a key storage option includes identifying a split key storage option.
  • 10. The method for implementing secure erase as recited in claim 9 wherein responsive to the identified split key storage option, storing a key within the SSD for data encryption and decryption includes storing a key share within a NOR-flash, and storing a key share within a flash block.
  • 11. The method for implementing secure erase as recited in claim 10 wherein deleting the stored key for effectively erasing data includes erasing the key share stored in the NOR-flash.
  • 12. An apparatus for implementing secure erase for solid state drives (SSDs) comprising: a controller using an encryption key to encrypt data being written to SSD;said controller identifying a key storage option,said controller responsive to the identified key storage option, storing a key within the SSD for data encryption and decryption;said controller responsive to the identified key storage option and said controller responsive to receiving a host instruction to purge data, disabling host access and disabling block remapping, and said controller deleting the stored key for effectively erasing data; andsaid controller performing a selected purge mode including said controller searching for keys within flash blocks, and performing deletion/overwriting of located keys, and said controller erasing the key in all locations storing the key to delete keys created from wear-leveling.
  • 13. The apparatus as recited in claim 12, includes control code stored on a computer readable medium, and wherein said controller uses said control code for implementing secure erase.
  • 14. The apparatus as recited in claim 12, wherein said controller responsive to identifying a split key storage option, stores a key share within a NOR-flash, and stores a key share within a flash block, and said controller deleting the stored key for effectively erasing data includes said controller erasing said key share stored in said NOR-flash.
  • 15. The apparatus as recited in claim 12, wherein responsive to identifying a flash key storage option, said controller stores a key within an area of a flash block that is not wear-leveled, said controller stores a key within predictable locations of a flash block during wear-leveling, and said controller deleting the stored key for effectively erasing data includes said controller erasing the key stored in all locations storing the key.
US Referenced Citations (20)
Number Name Date Kind
5623546 Hardy et al. Apr 1997 A
20020019935 Andrew et al. Feb 2002 A1
20030084290 Murty et al. May 2003 A1
20030110382 Leporini et al. Jun 2003 A1
20030174840 Bogan Sep 2003 A1
20050138374 Zheng et al. Jun 2005 A1
20080065905 Salessi Mar 2008 A1
20080183953 Flynn et al. Jul 2008 A1
20080282027 Chen et al. Nov 2008 A1
20080313453 Booth et al. Dec 2008 A1
20090043831 Antonopoulos et al. Feb 2009 A1
20090044003 Berthiaume et al. Feb 2009 A1
20090094406 Ashwood Apr 2009 A1
20090110191 Sanvido et al. Apr 2009 A1
20100154053 Dodgson et al. Jun 2010 A1
20100229005 Herman et al. Sep 2010 A1
20110035813 Trantham Feb 2011 A1
20110041039 Harari et al. Feb 2011 A1
20110085657 Matthews, Jr. Apr 2011 A1
20110087896 Thom et al. Apr 2011 A1
Related Publications (1)
Number Date Country
20110154060 A1 Jun 2011 US