0

I need to provide secure wiping function in windows mobile with following details:

  1. All files on device should be encrypted with a strong key (done).
  2. User should not be able to view files in explorer.
  3. Device should not show used disk space for encrypted files.
  4. My application should be able to get (restore) the files back (by decrypting) at the same location using same key used for encryption.
Brian Tompsett - 汤莱恩
  • 5,753
  • 72
  • 57
  • 129
Let me Ask
  • 1,029
  • 1
  • 8
  • 33
  • 1
    So you want to call your tool *Secure Device Wiping* but instead of actually wiping the data securely from the disk, you'll actually store it hidden from the user so that he will believe that his device is securely wiped but it will still contain all the data (although encrypted)? Sounds a bit dodgy... – Hans Olsson Dec 09 '10 at 10:54
  • That sounds fairly OS-level stuff. What are you writing - a filesystem driver? In C#? – Rup Dec 09 '10 at 10:55
  • I am developing application where user can remotely wipe device if device is lost. But, if the device is actually not lost (may be he has put it somewhere and can't find) and found after some time, he should be able to restore it back using encryption key. If the device is actually lost, data should not be recoverable. – Let me Ask Dec 09 '10 at 11:01

1 Answers1

1

Taking the risk of paternalizing - It can't be done well.

C# doesn't have any access to the underlying flash structures, it is virtually impossible to wipe content from solid state memory from the filesystem interfaces - for the following reasons:

  • Wear Leveling - the solid state controller/filesystem would write the encrypted file in a different location than the original, thereby not deleting it.
  • Even if you get the filesystem to overwrite the data, there is very little guarantee it would actually do so - erase patterns of flash are such that the controller is likely to relocate the entire sector (all 128kbit of it, often enough), and mark the old one as empty in order to limit rewrites - flash is easily damaged by writes and controllers do everything they can to ensure that the data is written evenly. across the memory.

You'd need to write a kernel driver to accomplish this task.

Same goes for (3.) - it can't be done from the userland.

Don't sell security products like that - it wouldn't stop the adversary and would be obnoxious to deal with.

qdot
  • 6,195
  • 5
  • 44
  • 95
  • Thanks for reply. From your reply, I conclude that for point 2) I have to write File Filter drivers. 3) It's not possible using any API or any language. 4) Not answered yet, I guess. – Let me Ask Dec 09 '10 at 12:07
  • Actually - just decrypt the encrypted files, if you're using file filter drivers, then the next step should just be disabling the file filter. – qdot Dec 09 '10 at 19:42
  • Point 3? This one is probably impossible without kernel drivers - basically you need the system to "cheat" since the space reported as "empty" cannot be used for writing files. – qdot Dec 12 '10 at 08:17