A New Hope: The One Last Chance to Save Your SSD Data

Presented at Black Hat Europe 2020 Virtual, Dec. 9, 2020, 11:20 a.m. (40 minutes).

<p>There are some reasons why vendors keep their details of controller and flash chip information confidential. One of the reasons is that their unique management techniques are deployed differently, that is relevant to SSD capacity and speed, such as TRIM, Garbage Collection, and Wear Leveling are preserved code on flash. Despite these techniques being used by vendors, we show that SSD do not erase all the stored physical data because it might wear lifespan sooner.</p><p>We figured out that SSD still leaves sensitive data when overwritten to the same logical block, so they do not overwrite to fixed physical block, they only grab other empty physical block and write over that, so they leave the erased data. For these analyses, we perform extract the Nand chip data with only internal controller PBA manipulation because logical block address cannot be used anymore in normal. In the case of SSD used to crypto engine built into the SSD's controller encrypt every block data stored on the flash memory, we recover old LPN which used before erased/overwritten to be decrypted naturally in the controller.</p><p>As a practical case, we study how to recover data after a Ransomware attack even if prior L2P table's value has changed with new one. We also analyze that feasibility to recover data depending on the number of overwrites on same physical block.</p>

Presenters:

  • Seungjoon Lee - Senior Researcher, SNT Works, Inc.
    Seung Joon Lee holds a PhD from Korea University and works as a Senior Researcher at SNTWorks. His research interests focus on hardware security, reverse engineering, FPGA based crypto system designs. He is currently in the process of preparing his thesis for publication.
  • Kwonyoup Kim - CEO, SNT Works, Inc.
    Kwon Youp Kim is the founder and CEO of SNTWORKS, providing cutting edge information security services and intellectual property litigation support to clients around the globe. The company identifies security vulnerabilities in embedded devices and provides countermeasures. And SNTWORKS provides an evidence analysis service for patent infringement litigation of embedded devices. He is currently working on various projects and systems development and processes to provide efficient analysis services.
  • Taehyun Kim - CTO, SNT Works, Inc.
    Tae Hyun Kim is the CTO of SNTWORKS and a lecture of Sejong cyber University, Rep. of Korea. He received his PhD in engineering in information security from Korea University, Seoul, Rep. of Korea, in 2009. Before joining SNTWORKS, He was a security analyst of Telecommunication Technology Association. In the past, he was a research professor of the Center for Information Security Technologies (CIST) at Korea University, Seoul, Rep. of Korea, and a visiting researcher with the School of Systems Information Science, Future University, Hakodate, Japan. Moreover, he was a researcher with the Attached Institute of ETRI, Daejeon, Rep. of Korea. His research interests include side channel attacks, fault injection attacks, and the design and implementation of the cryptosystems.
  • Taewon Kim - Senior Researcher, SNT Works, Inc.
    Tae Won Kim is a senior engineer at SNTWORKS company. He focuses specifically on hacking real world devices such as smartcards, mobile phones, IoT devices, etc. using side-channel analysis attacks beyond theoretical research. Tae Won Kim has a lot of experience analyzing smart devices such as printers, IC cards, and USIM chips.
  • Hanjun Chung - Researcher, SNT Works, Inc.
    Hanjun Chung is a researcher. His research interests focus on firmware reverse engineering.

Links:

Similar Presentations: