Remote Wiping and Secure Deletion on Mobile Devices: A Review

Mobile devices have become ubiquitous in almost every sector of both private and commercial endeavors. As a result of such widespread use in everyday life, many users knowingly and unknowingly save significant amounts of personal and/or commercial data on these mobile devices. Thus, loss of mobile devices through accident or theft can expose users—and their businesses—to significant personal and corporate cost. To mitigate this data leakage issue, remote wiping features have been introduced to modern mobile devices. Given the destructive nature of such a feature, however, it may be subject to criminal exploitation (e.g., a criminal exploiting one or more vulnerabilities to issue a remote wiping command to the victim's device). To obtain a better understanding of remote wiping, we survey the literature, focusing on existing approaches to secure flash storage deletion and provide a critical analysis and comparison of a variety of published research in this area. In support of our analysis, we further provide prototype experimental results for three Android devices, thus providing both a theoretical and applied focus to this article as well as providing directions for further research.

[1]  Srdjan Capkun,et al.  SoK: Secure Data Deletion , 2013, 2013 IEEE Symposium on Security and Privacy.

[2]  From MobileMe to iCloud , 2011 .

[3]  Thorsten Holz,et al.  Towards Secure Deletion on Smartphones , 2010, Sicherheit.

[4]  Richard Mislan,et al.  Mobile Device Analysis , 2008 .

[5]  Colin Percival STRONGER KEY DERIVATION VIA SEQUENTIAL MEMORY-HARD FUNCTIONS , 2009 .

[6]  John D. Davis,et al.  FRP: A Nonvolatile Memory Research Platform Targeting NAND Flash , 2009 .

[7]  S. Subha An algorithm for secure deletion in flash memories , 2009, 2009 2nd IEEE International Conference on Computer Science and Information Technology.

[8]  Bernd Freisleben,et al.  Why eve and mallory love android: an analysis of android SSL (in)security , 2012, CCS.

[9]  Ke Zhou,et al.  ShiftFlash: Make flash-based storage more resilient and robust , 2011, Perform. Evaluation.

[10]  Tracey Caldwell The mobile ‘kill pill’ – poison or panacea? , 2011 .

[11]  Abhi Shelat,et al.  Remembrance of Data Passed: A Study of Disk Sanitization Practices , 2003, IEEE Secur. Priv..

[12]  Craig Valli,et al.  Exchanging Demands: Weaknesses in SSL Implementations for Mobile Platforms , 2013 .

[13]  Helen J. Wang,et al.  Smart-Phone Attacks and Defenses , 2004 .

[14]  Ariel J. Feldman,et al.  Lest we remember: cold-boot attacks on encryption keys , 2008, CACM.

[15]  Tilo Müller,et al.  FROST - Forensic Recovery of Scrambled Telephones , 2013, ACNS.

[16]  Nikolai Joukov,et al.  Secure deletion myths, issues, and solutions , 2006, StorageSS '06.

[17]  Johannes Götzfried,et al.  ARMORED: CPU-Bound Encryption for Android-Driven ARM Devices , 2013, 2013 International Conference on Availability, Reliability and Security.

[18]  Jihong Kim,et al.  BlueSSD: An Open Platform for Cross-layer Experiments for NAND Flash-based SSDs , 2010 .

[19]  Yookun Cho,et al.  An Efficient Secure Deletion Scheme for Flash File Systems , 2010, J. Inf. Sci. Eng..

[20]  Ilhoon Shin Secure File Delete in NAND-based Storage , 2012 .

[21]  Tongxin Li,et al.  Mayhem in the Push Clouds: Understanding and Mitigating Security Hazards in Mobile Push-Messaging Services , 2014, CCS.

[22]  Juho Kim,et al.  Cost effective data wiping methods for mobile phone , 2013, Multimedia Tools and Applications.

[23]  Jin-Hyuk Kim,et al.  A Page Padding Method for Fragmented Flash Storage , 2007, ICCSA.

[24]  Abhishek Mishra,et al.  SDC: Secure deletion classification , 2011, 2011 International Conference on Recent Trends in Information Technology (ICRTIT).

[25]  Inwhee Joe,et al.  Design of remote control system for data protection and backup in mobile devices , 2011, The 4th International Conference on Interaction Sciences.

[26]  Laurent Simon Security Analysis of Android Factory Resets , 2015 .

[27]  Ethan L. Miller,et al.  Long-term threats to secure archives , 2006, StorageSS '06.

[28]  Wolfgang J. Paul,et al.  System Architecture , 2016, Springer International Publishing.

[29]  Australian Signals Directorate Australian government information security manual , 2018 .

[30]  Thomas Zefferer,et al.  Mobile Device Encryption Systems , 2013, SEC.

[31]  Heloise Pieterse,et al.  Security steps for smartphone users , 2013, 2013 Information Security for South Africa.

[32]  Riqui Schwamm Effectiveness of the Factory Reset on a Mobile Device , 2014 .

[33]  Srdjan Capkun,et al.  On Secure Data Deletion , 2014, IEEE Secur. Priv..

[34]  Jongmoo Choi,et al.  Models and Design of an Adaptive Hybrid Scheme for Secure Deletion of Data in Consumer Electronics , 2008, IEEE Transactions on Consumer Electronics.

[35]  Sangrae Cho,et al.  Smartphone remote lock and wipe system with integrity checking of SMS notification , 2011, 2011 IEEE International Conference on Consumer Electronics (ICCE).

[36]  Mat Honan 29. How Apple and Amazon Security Flaws Led to My Epic Hacking , 2013 .

[37]  Gary C. Kessler,et al.  The growing need for on-scene triage of mobile devices , 2010, Digit. Investig..

[38]  Vitaly Shmatikov,et al.  The most dangerous code in the world: validating SSL certificates in non-browser software , 2012, CCS.

[39]  Steven Swanson,et al.  Beyond the datasheet: Using test beds to probe non-volatile memories' dark secrets , 2010, 2010 IEEE Globecom Workshops.

[40]  Alexander Tereshkin Evil maid goes after PGP whole disk encryption , 2010, SIN.

[41]  Justin Marshall,et al.  TrueErase: per-file secure deletion for the storage data path , 2012, ACSAC '12.

[42]  Kim-Kwang Raymond Choo,et al.  Forensic Collection and Analysis of Thumbnails in Android , 2015, 2015 IEEE Trustcom/BigDataSE/ISPA.

[43]  Steven Swanson,et al.  Reliably Erasing Data from Flash-Based Solid State Drives , 2011, FAST.

[44]  Donald Rich,et al.  Authentication in Transient Storage Device Attachments , 2007, Computer.

[45]  G. F. Hughes Secure Erase of Disk Drive Data , 2002 .

[46]  Yi Qin,et al.  SmSD : A Smart Secure Deletion Scheme for SSDs , 2014 .

[47]  Srdjan Capkun,et al.  User-level secure deletion on log-structured file systems , 2012, ASIACCS '12.

[48]  An-I Andy Wang,et al.  Per-file full-data-path secure deletion for electronic storage , 2012 .

[49]  Stefano Zanero,et al.  Black-box forensic and antiforensic characteristics of solid-state drives , 2014, Journal of Computer Virology and Hacking Techniques.

[50]  Johannes Götzfried,et al.  Analysing Android's Full Disk Encryption Feature , 2014, J. Wirel. Mob. Networks Ubiquitous Comput. Dependable Appl..

[51]  YunSeung Shin,et al.  Non-volatile memory technologies for beyond 2010 , 2005, Digest of Technical Papers. 2005 Symposium on VLSI Circuits, 2005..

[52]  Giuseppe Cattaneo,et al.  A Novel Anti-forensics Technique for the Android OS , 2011, 2011 International Conference on Broadband and Wireless Computing, Communication and Applications.

[53]  Jos Wetzels Hidden in snow, revealed in thaw: Cold boot attacks revisited , 2014, ArXiv.

[54]  Lori M. Kaufman,et al.  A New Era of Presidential Security: The President and His BlackBerry , 2009, IEEE Security & Privacy.

[55]  Yu Chen,et al.  A study of SSL Proxy attacks on Android and iOS mobile applications , 2014, 2014 IEEE 11th Consumer Communications and Networking Conference (CCNC).

[56]  Neil C. Rowe,et al.  Effects of the Factory Reset on Mobile Devices , 2014, J. Digit. Forensics Secur. Law.

[57]  Mohammad Mannan,et al.  On Implementing Deniable Storage Encryption for Mobile Devices , 2013, NDSS.

[58]  T. Shallice What ghost in the machine? , 1992, Nature.

[59]  Christian K. Hansen Technology Trends in Mobile Communication: How Mobile are Your Data? , 2009 .

[60]  Salima Benbernou,et al.  A survey on service quality description , 2013, CSUR.

[61]  Rina Panigrahy,et al.  Design Tradeoffs for SSD Performance , 2008, USENIX ATC.

[62]  Neng Gao,et al.  Remotely wiping sensitive data on stolen smartphones , 2014, AsiaCCS.

[63]  이상호,et al.  Flash memory device having secure file deletion function and method for securely deleting flash file , 2008 .

[64]  Peter Gutmann,et al.  Secure deletion of data from magnetic and solid-state memory , 1996 .

[65]  Steven Swanson,et al.  SAFE : Fast , Verifiable Sanitization for SSDs Or : Why encryption alone is not a solution for sanitizing SSDs , 2010 .

[66]  Srdjan Capkun,et al.  Data Node Encrypted File System: Efficient Secure Deletion for Flash Memory , 2012, USENIX Security Symposium.

[67]  Vashek Matyas,et al.  The TrueCrypt On-Disk Format--An Independent View , 2014, IEEE Security & Privacy.

[68]  Royce D. Burnett,et al.  Managing laptop security , 2011 .

[69]  Andrea C. Arpaci-Dusseau,et al.  Getting real: lessons in transitioning research simulations into hardware systems , 2013, FAST.

[70]  X Li,et al.  Guidelines for Media Sanitization , 2006 .

[71]  G. Aghila,et al.  A Model for Remote Access and Protection of Smartphones using Short Message Service , 2012, ArXiv.

[72]  Craig S. Wright,et al.  Overwriting Hard Drive Data: The Great Wiping Controversy , 2008, ICISS.

[73]  Guoliang Li,et al.  A survey of address translation technologies for flash memories , 2014, CSUR.

[74]  Friedrich-Alexander,et al.  Self-Encrypting Disks pose Self-Decrypting Risks How to break Hardware-based Full Disk Encryption , 2013 .

[75]  Donghoon Lee,et al.  Password-based single-file encryption and secure data deletion for solid-state drive , 2014, ICUIMC '14.

[76]  Dongho Won,et al.  Secure Data Deletion for USB Flash Memory , 2011, J. Inf. Sci. Eng..