skip to main content
US FlagAn official website of the United States government
dot gov icon
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
https lock icon
Secure .gov websites use HTTPS
A lock ( lock ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Explore Research Products in the PAR
It may take a few hours for recently added research products to appear in PAR search results.


Title: Instant data sanitization on multi-level-cell NAND flash memory
Deleting data instantly from NAND flash memories incurs hefty overheads, and increases wear level. Existing solutions involve unlinking the physical page addresses making data inaccessible through standard interfaces, but they carry the risk of data leakage. An all-zero-in-place data overwrite has been proposed as a countermeasure, but it applies only to SLC flash memories. This paper introduces an instant page data sanitization method for MLC flash memories that prevents leakage of deleted information without any negative effects on valid data in shared pages. We implement and evaluate the proposed method on commercial 2D and 3D NAND flash memory chips.  more » « less
Award ID(s):
2007403
PAR ID:
10349939
Author(s) / Creator(s):
; ; ;
Date Published:
Journal Name:
ACM International Conference on Systems and Storage
Page Range / eLocation ID:
85 to 95
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. ; ; ; (, ACM Transactions on Embedded Computing Systems)
    Instant data deletion (or sanitization) in NAND flash devices is essential for achieving data privacy, but it remains challenging due to the mismatch between erase and write granularities, which leads to high overhead and accelerated wear. While page-overwrite-based instant data sanitization has proven effective for 2D NAND, its applicability to 3D NAND is limited due to the unique sub-block architecture. In this study, we experimentally evaluate page-overwrite-based sanitization on commercial 3D NAND flash memory chips and uncover significant threshold voltage disturbances in erased cells on adjacent pages within the same layer but across different sub-blocks. Our key findings reveal that page-overwrite sanitization increases the median raw bit error rate (RBER) beyond correction limits (exceeding 0.93%) in Floating-Gate (FG) Single-Level Cell (SLC) technology, whereas Charge-Trap (CT) SLC 3D NAND flash memories exhibit higher robustness. In Triple-Level Cell (TLC) 3D NAND, page-overwrite sanitization proves impractical, with the median RBER of ∼13% for FG and ∼5% for CT devices. To overcome these challenges, we proposePULSE, a low-disturbance sanitization technique that balances sanitization efficiency ({{\eta }_{san}}) and data integrity (RBER). Experimental results show that PULSE eliminates RBER increases in SLC devices and reduces the median RBER to below 0.57% for FG and 0.79% for CT in fresh TLC blocks, demonstrating its practical viability for 3D NAND flash sanitization. 
    more » « less
  2. ; ; (, Proceedings of the 15th ACM Workshop on Hot Topics in Storage and File Systems)
    In this paper, we propose a new page-writing technique to hide secret information using the threshold voltage variation of programmed memory cells. We demonstrate the proposed technique on the state-of-the-art commercial 3D NAND flash memory chips by utilizing common user mode commands. We explore the design space metrics of interest for data hiding: bit accuracy of public and secret data and detectability of holding secret data. The proposed method ensures more than 97% accuracy of recovered secret data, with negligible accuracy loss in the public data. Our analysis shows that the proposed technique introduces negligible distortions in the threshold voltage distributions. These distortions are lower than the inherent threshold voltage variations of program states. As a result, the proposed method provides a hiding technique that is undetectable, even by a powerful adversary with low-level access to the memory chips. 
    more » « less
  3. ; (, 29th USENIX Security Symposium)
    null (Ed.)
    Digital sanitization of flash based non-volatile memory system is a well-researched topic. Since flash memory cell holds information in the analog threshold voltage, flash cell may hold the imprints of previously written data even after digital sanitization. In this paper, we show that data is partially or completely recoverable from the flash media sanitized with “scrubbing” based technique, which is a popular technique for page deletion in NAND flash. We find that adversary may utilize the data retention property of the memory cells for recovering the deleted data using standard digital interfaces with the memory. We demonstrate data recovery from commercial flash memory chip, sanitized with scrubbing, by using partial erase operation on the chip. Our results show that analog scrubbing is needed to securely delete information in flash system. We propose and implement analog scrubbing using partial program operation based on the file creation time information. 
    more » « less
  4. ; ; (, ACM Transactions on Embedded Computing Systems)
    Modern solid-state disks achieve high data transfer rates due to their massive internal parallelism. However, out-of-place updates for flash memory incur garbage collection costs when valid data needs to be copied during space reclamation. The root cause of this extra cost is that solid-state disks are not always able to accurately determine data lifetime and group together data that expires before the space needs to be reclaimed. Real-time systems found in autonomous vehicles, industrial control systems, and assembly-line robots store data from hundreds of sensors and often have predictable data lifetimes. These systems require guaranteed high storage bandwidth for read and write operations by mission-critical real-time tasks. In this article, we depart from the traditional block device interface to guarantee the high throughput needed to process large volumes of data. Using data lifetime information from the application layer, our proposed real-time design, called Telomere , is able to intelligently lay out data in NAND flash memory and eliminate valid page copies during garbage collection. Telomere’s real-time admission control is able to guarantee tasks their required read and write operations within their periods. Under randomly generated tasksets containing 500 tasks, Telomere achieves 30% higher throughput with a 5% storage cost compared to pre-existing techniques. 
    more » « less
  5. ; ; (, ACM Transactions on Embedded Computing Systems)
    null (Ed.)
    Electronic device fingerprints, unique bit vectors extracted from device's physical properties, are used to differentiate between instances of functionally identical devices. This article introduces a new technique that extracts fingerprints from unique properties of partially erased NOR flash memory cells in modern microcontrollers. NOR flash memories integrated in modern systems-on-a-chip typically hold firmware and read-only data, but they are increasingly in-system-programmable, allowing designers to erase and program them during normal operation. The proposed technique leverages partial erase operations of flash memory segments that bring them into the state that exposes physical properties of the flash memory cells through a digital interface. These properties reflect semiconductor process variations and defects that are unique to each microcontroller or a flash memory segment within a microcontroller. The article explores threshold voltage variation in NOR flash memory cells for generating fingerprints and describes an algorithm for extracting fingerprints. The experimental evaluation utilizing a family of commercial microcontrollers demonstrates that the proposed technique is cost-effective, robust, and resilient to changes in voltage and temperature as well as to aging effects. 
    more » « less
  • Citation Formats
  • MLA
  • APA
  • Chicago
  • BibTeX
  • Save / Share this Record
  • Send to Email