• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

Math to prove no deletion method is perfect?

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Cryptographic Theory and Cryptanalysis - Internal and Transmission Security

View previous topic :: View next topic  
Author Message
ChrisM
Just Arrived
Just Arrived


Joined: 13 Apr 2004
Posts: 0


Offline

PostPosted: Fri May 07, 2004 4:51 pm    Post subject: Math to prove no deletion method is perfect? Reply with quote

Is there math to prove that no deletion method is perfect?
Back to top
View user's profile Send private message Send e-mail
data
Forum Fanatic
Forum Fanatic


Joined: 08 May 2004
Posts: 16777211
Location: India

Offline

PostPosted: Sat May 08, 2004 6:44 pm    Post subject: Reply with quote

hi,

there will always be some magnetic residue on the previous allignment of the magnetic domain. Each time we operate on it,the magnetic strength always decreases but is never nullified.
For practical applications, where we can hope that the nsa can't recover wiped data, look at peter gutmann's secure deletion from magnetic media and use the maximum pass shredder specified in it.

The proof is the experimental nature. the more resolution devices we come up to detect the orientation of the magnetic domain, the more number of passes we will need.

Regards,
Data.
Back to top
View user's profile Send private message Visit poster's website Yahoo Messenger
AnonViper
Just Arrived
Just Arrived


Joined: 13 Mar 2004
Posts: 0


Offline

PostPosted: Mon May 10, 2004 3:40 am    Post subject: Reply with quote

*deleted*

Last edited by AnonViper on Sat Dec 04, 2004 2:18 am; edited 1 time in total
Back to top
View user's profile Send private message Visit poster's website
ChrisM
Just Arrived
Just Arrived


Joined: 13 Apr 2004
Posts: 0


Offline

PostPosted: Mon May 10, 2004 4:43 am    Post subject: Reply with quote

Do you want to dumify that statement?
Back to top
View user's profile Send private message Send e-mail
AnonViper
Just Arrived
Just Arrived


Joined: 13 Mar 2004
Posts: 0


Offline

PostPosted: Mon May 10, 2004 6:19 am    Post subject: Reply with quote

*deleted*

Last edited by AnonViper on Sat Dec 04, 2004 2:18 am; edited 1 time in total
Back to top
View user's profile Send private message Visit poster's website
JustinT
Trusted SF Member
Trusted SF Member


Joined: 17 Apr 2003
Posts: 16777215
Location: Asheville, NC, US / Uberlāndia, MG, Brazil

Offline

PostPosted: Mon May 10, 2004 7:17 am    Post subject: Conditional. Reply with quote

In my opinion, the above statement and reference to Gutmann's paper is not a demonstratively formal mathematical proof. It's aimed specifically at providing a broad opinion, and focuses more so on one particular methods, and how insignificant their effects render them, when proposed for certain storage media. However, I do believe the seminal "Secure Deletion of Data from Magnetic and Solid-State Memory" and follow-up "Data Remanence in Semiconductor Devices" are vital in understanding the intricacies that lead us to draw educated conclusions as to what conventional algorithms and methodologies for data deletion can and can not achieve, from the standpoint of sound security. Memory and storage, combined, make for an extremely complex science that is arcane to many. You must consider the fact that actual physical alteration takes place, with such devices, and the environmental conditions play significant roles in how such devices react during operation. To attempt formulation of a mathematical proof which states that no given data deletion method is completely secure is much more difficult than proving that a given data deletion method is problematic, and can be insecure. The myriad of analyses we have now, such as Gutmann's, exploit the problematic associations with deletion methods, and how the particular behavior patterns of storage devices affect them. From this, we can easily gather mathematical and mechanical properties that portray how the effects of a given data deletion method's purpose is negated by some operational characteristic of the medium on which that data exists. It's obvious that securely deleting data can be difficult, without some supposedly-secure physical (i.e., chemical, composition, et cetera) alteration, for most conventional means in utilization today; therefore, as mirrored in cryptography, we mitigate.

In other words, the study, in its entirety, is incredibly conditional. Thus, there will be numerous, unique properties, or "proofs", that exist to fit each condition, where the condition may be, for example, the relationship between the data, the storage medium, and the interactive products of the data deletion method with the relationship of the former two. If you take a look at the analyses in the aforementioned papers, you'll notice many of these properties, which are constant occurrences that vary with each environment.

Because of certain properties, it's considered infeasible to completely sanitize a medium on which data is stored, by simply overwriting (which is a general response to "deleting" data). And too, there is data remanence to cope with, which is simply the property that remnants of magnetic induction exist in magnetized media, even after the influence of external magnetization. Along with the pitfalls of nontrivial, secure sanitation, data remanence, and similar properties, this is as close to formidable "proofs" as current analysis has stepped. In concept, it's a lot like certain problem-based assumptions in cryptography, where only the most impractical of methods are unconditionally secure. Since these impractical methods hold up, in theory and practice, you won't find a mathematical proof that constantly demonstrates all data deletion methods (assuming any) to have exploitable insecurities, but again, with current analyses, you will be able to form proofs based on mathematical and mechanical properties, for particular methods operating on particular media under particular environmental conditions.
Back to top
View user's profile Send private message Visit poster's website
AnonViper
Just Arrived
Just Arrived


Joined: 13 Mar 2004
Posts: 0


Offline

PostPosted: Mon May 10, 2004 8:25 am    Post subject: Reply with quote

*deleted*

Last edited by AnonViper on Sat Dec 04, 2004 2:19 am; edited 1 time in total
Back to top
View user's profile Send private message Visit poster's website
ChrisM
Just Arrived
Just Arrived


Joined: 13 Apr 2004
Posts: 0


Offline

PostPosted: Mon May 10, 2004 2:18 pm    Post subject: Reply with quote

Thanks Justin for answering me. One question? What does this mean?

$ shred --iterations=1000 $filename
Back to top
View user's profile Send private message Send e-mail
JustinT
Trusted SF Member
Trusted SF Member


Joined: 17 Apr 2003
Posts: 16777215
Location: Asheville, NC, US / Uberlāndia, MG, Brazil

Offline

PostPosted: Tue May 11, 2004 12:10 am    Post subject: Not a problem. Reply with quote

ChrisM wrote:
Thanks Justin for answering me. One question? What does this mean?

$ shred --iterations=1000 $filename


Not a problem at all.

The obvious synopsis of that routine appears to be a shredding function, which iterates, or performs, a particular function one thousand times, for a given file. This is variable of course, and may be a concatenation of any methods, such as overwriting with random data in an iterative manner.

AnonViper wrote:

I never stated that my comments were meant as a mathematical "proof".


No worries. I never stated that you did. As the original post requested such information, I followed up with my opinion on addressing the initial matter, and how I found the particular bold referencing to Gutmann's paper as irrelevant to what mathematical proofs usually consist of.

But, in summation of my opinion, it's just not sensible to confine this entire science to one negating mathematical proof. The associated and natural phenomenons that can, and do, take place, be it environmental, physical, chemical, mechanical, mathematical, et cetera, exhibit a plethora of conditions that exist for numerous occurring properties. Because of this, there is a fine line between theory and practice, and one of which a proof could not straddle. Specific, conditional analyses are as close to viable proofs as there exist, in either theory or practice. Physical alteration, done properly, is essentially the most consistent and definite route for justifying secure "deletion", but we've covered that numerous times already.
Back to top
View user's profile Send private message Visit poster's website
ChrisM
Just Arrived
Just Arrived


Joined: 13 Apr 2004
Posts: 0


Offline

PostPosted: Tue May 11, 2004 12:24 am    Post subject: Reply with quote

Can you give me some math proofs?
Back to top
View user's profile Send private message Send e-mail
JustinT
Trusted SF Member
Trusted SF Member


Joined: 17 Apr 2003
Posts: 16777215
Location: Asheville, NC, US / Uberlāndia, MG, Brazil

Offline

PostPosted: Tue May 11, 2004 5:00 am    Post subject: What I was getting at is. Reply with quote

ChrisM wrote:
Can you give me some math proofs?


Simply, what I mean is that if you study the current analyses of data deletion methodology, you can generally associate the relationship between three elements within the concept - the data, the device on which it is stored, and the method of deletion in which removal of the data is attempted. These interactions may be subtle or monumentally unambiguous, and contain relationships that allow the establishment of proofs to describe constantly reoccurring phenomenon among these three elements, due to certain properties of each. These relationships may be slightly mathematical, physically mechanical, et cetera. This is where environmental condition comes into play, and ultimately determines certain "proofs" and the conditions for which they apply. I was merely making a general observation for a broad exploitation of this, for any given analysis. Such proofs can be independently, and variationally, extracted, and dissected, trivially. By reading the works of Gutmann, and searching for these relationships, there's an applicable source of "proof" for a particular environment of elements. In other words, it's something you have to extract and conclude, rather than something that is stated verbatim and jumps out at you.
Back to top
View user's profile Send private message Visit poster's website
data
Forum Fanatic
Forum Fanatic


Joined: 08 May 2004
Posts: 16777211
Location: India

Offline

PostPosted: Tue May 11, 2004 7:13 am    Post subject: Reply with quote

hi,


write data on cd's. they are very easy to destroy. Multipass shredding may also decrease the life or your hard disk.

Data.
Back to top
View user's profile Send private message Visit poster's website Yahoo Messenger
ChrisM
Just Arrived
Just Arrived


Joined: 13 Apr 2004
Posts: 0


Offline

PostPosted: Tue May 11, 2004 7:16 am    Post subject: Reply with quote

That doesnt answer my question.
Back to top
View user's profile Send private message Send e-mail
storage_racer
Just Arrived
Just Arrived


Joined: 11 May 2004
Posts: 0


Offline

PostPosted: Tue May 11, 2004 4:02 pm    Post subject: Reply with quote

Sorry Chris - I cannot give you any mathematics to answer your original question - but would like to comment on some of the posts in this thread.

Despite the fact that it has been "theoretically" shown how overwritten data can be recovered - and - there are actual examples of successfully detecting overwritten flux changes on a hard drive platter - there is still not a single instance in the world (at least not commercially or any publicly released academic cases) where even a single sector of of usable data has been recovered after being overwritten even once.

As for "three-letter-orgs", despite all the myths and innuendos, I have never seen any indication that would lead me to believe that they have such capabilites - yet, but indeed they probably have a number of teams working on such projects.
Back to top
View user's profile Send private message
AnonViper
Just Arrived
Just Arrived


Joined: 13 Mar 2004
Posts: 0


Offline

PostPosted: Tue May 11, 2004 5:14 pm    Post subject: Reply with quote

*deleted*

Last edited by AnonViper on Sat Dec 04, 2004 2:19 am; edited 1 time in total
Back to top
View user's profile Send private message Visit poster's website
storage_racer
Just Arrived
Just Arrived


Joined: 11 May 2004
Posts: 0


Offline

PostPosted: Tue May 11, 2004 6:38 pm    Post subject: Reply with quote

AnonViper wrote:

<snip>. . . even after 20 times overwriting it may still be possible to recover useful information. <snip>


The key to this statement is "may still be possible".

My point was that with Magnetic Force Microscopy and various spin-stand techniques - overwritten data has been detected and shown - but that's just the first (though very necessary) step in the process. Magnetic fluxes are not user data. I still claim that not one sector of usable data has been recovered.

A technical paper on the subject was just released on April 15 at the 2004 NASA/IEEE Conference on Mass Storage Systems and Technologies in Maryland.

Recovering Unrecoverable Data by Charles H. Sobey, Chief Scientist of ChannelScience.
(note of bias - the paper was commissioned by the company I work for)

Or better yet - see this article (no personal connection)-
Can Intelligence Agencies Read Overwritten Data? A response to Gutmann
Back to top
View user's profile Send private message
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Cryptographic Theory and Cryptanalysis - Internal and Transmission Security All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register