NFPS: Adding Undetectable Secure Deletion to Flash Translation Layer

Securely removing data from modern computing systems is challenging, as past existence of the deleted data may leave artifacts in the layout at all layers of a computing system, which can be utilized by the adversary to infer information about the deleted data. Conventional overwriting-based and encryption-based solutions are not sufficient, as they cannot remove these artifacts. In this work, we aim to securely remove data from NAND flash-based block devices. We observed that completely removing the aforementioned artifacts from NAND flash is expensive, as it may require re-organizing the entire flash layout. We thus approach this security goal from a new angle. We investigate undetectable secure deletion, a novel security notion which can 1) remove the deleted data from flash devices, such that the adversary cannot have access to the deleted data once they have been removed, and 2) conceal the deletion history, such that the adversary cannot find out there was a deletion in the past. We design NAND Flash Partial Scrubbing (NFPS), the first undetectable secure deletion scheme for NAND flash-based block devices. We propose partial page reprogramming and partial block erasure methods to sanitize data from NAND flash. In addition, we incorporate NFPS to typical Flash Translation Layer (FTL) algorithms. Finally, we implement NFPS and experimentally evaluate its effectiveness.