Research On Flash Data Encryption Storage Mechanism For Safe Deletion

Having advantages of fast reading and writing speed, and high storage density. Flash devices have been widely applied in industry control system, intelligent mobile computing, cloud computing and other emerging areas. Security deletion technology is one of the basic technology to protecting the confidentiality and privacy of data. But the characteristies of uneven wipe/write granularity and not supporting in-place update of Flash devices make data security deletion mechanisms for the traditional magnetic media storage device are difficult to be applied directly. It has become a realistic and urgent problem to design and implement the data security deletion mechanism being suitable for Flash devices and ensure that the deleted data won’t be recovered.Based on deep analysis of the characteristics of the NAND Flash devices and Flash data management, the basic thought of encryption storage and key deletion is presented to solve the problem of Flash data security deletion in this paper. The main work includes:1. Appointing to the main threat of Flash data deletion, the performance requirements of the Flash data deletion security scheme are summarized, and a Flash data security deletion framework based on layered is built. The framework is mainly composed of data encryption storage scheme and file key deletion scheme. Among them. the former mainly completes some functions, such as the key management, encryption and decryption of the file data nodes:the latter mainly completes the storage physical block tag of key. the key security deletion, and other functions. The coordinated cooperation between them ensures data security deletion of Flash devices.2. In view of insufficiencies of the existing data encryption storage scheme, such as system implementing complexity, low efficiency for modify files and so on, a Mash encryption storage scheme based on extended file attribute-ESEFA is proposed. Using the extended file attribute in Flash file system, the scheme defines the logical address attribute of key in the metadata reserved area of files, achieves quick search for encryption key of file data nodes, and effectively improves the efficiency of encryption storage. Different from the processing order of the existing scheme-first encrypte the file and then divide data nodes, the scheme fist divides data nodes of the file, and then encrypts each data node in the file, this processing order is more in line with the feature of log structures of the most Flash file system, and just needs to encrypt the data node of the changed content once again, which can implement encryption storage of the modified file through less time overhead and space overhead. The prototype system experimental results show that ESEFA scheme can effectively improve the efficiency of encryption processing, and it is more suitable for the application scenarios which the content changes frequently of files for users, such as the amount of the company bank accounts, the statistics of military combat power and so on.3. For the special demand of execution immediately in ESEFA scheme to key deletion, a key security deletion scheme based on storage path-KDSP is put forword. The scheme adds the sensitive block tag function and the key security deletion function in the Flash storage management level. Among them, the sensitive block tag function can make special markers for key storage physical block, and the data security mechanism can be fast to distinguish between ordinary data blocks and key blocks. According to beforehand threshold, the key security deletion function can realize security deletion of file data node key by flexibly adopting zero-overwriting or block-deleting. The simulation experiment shows that KDSP scheme has the advantages of fast deletion speed and controllable particle size, more in line with the storage characteristicsot the Flash device, and it also can meet the special demand of key deletion in ESEFA scheme.