Securely wipe all data?

de0u

Joe_Koba Government and corporate data is securely wiped from carriers before disposal, even if that data is encrypted, for a reason: we do not know future developments in cryptanalysis technology, so an adversary might hold on to currently irretrievable data until such technology becomes available, and the data might still be relevant at that point.

If that threat model applies to your Pixel 4a, I suspect the only options would be shredding it or melting it down. Presumably those will dramatically reduce the trade-in value, but addressing higher threat levels frequently involves spending more money.

Meanwhile, my quick skimming of the updated version of NIST 800-88 (link) seems to show an extended discussion of when cryptographic erasure is sufficient. I'm not sure what is meant by "the NIST 800-88 method", since it seems that there are multiple ones.

Joe_Koba

de0u As a matter of fact, physical destruction of the device is indeed a viable alternative (and has been applied on other devices device in my context) if I'm not sufficiently reassured on this subject. But I'd rather avoid it. I am aware such a high threat model seems to contradict the very idea of swapping the device with Google for a modest price reduction, regardless of data destruction reassurances, but I can't really be more specific as to why in my case those are not necessarily mutually exclusive.

MetropleX

Joe_Koba That's not enough.

The data on GrapheneOS as with most good standard SSDs is encrypted using AES-256-XTS which is quantum resistant. It is enough.

Joe_Koba

MetropleX I really don't mean to beg the question and you guys are undoubtedly more knowledgeable than me in this regard (I'm not a security nor a software expert, just someone that needs to be very careful about their data) but isn't it even quantum resistant encryption only "enough" if you are absolutely 100% certain that you have never made any human mistake, possibly allowing an adversary to get a hold of your encryption key, which might enable them to decrypt the data if they were be able to get it? Or would a factory reset "reliably wiping" the Weaver token make the data inaccessible even if the adversary would hold the encryption key - that would indeed reassure me (depending on what "reliably wipe" means)

MetropleX

Joe_Koba reliably wipe means:

wipes the secure element which holds tokens needed to derive the encryption keys, making all data/metadata unrecoverable.

Novalissoide

Joe_Koba 100% certain that you have never made any human mistake, possibly allowing an adversary to get a hold of your encryption key, which might enable them to decrypt the data if they were be able to get it?

After you factory reset your phone, that encryption key that an adversary previously gathered gets unusable.

Joe_Koba

raccoondad Yes I thought this is one of the reasons why DoD 5220.22-M ECE (fine for HDD) has mostly been ditched for the NIST 800-88 sanitization method (better for SDD). However since I'm planning to perform the wipe only once and the device will no longer be my problem from there on, I figured the potential stress on the SSD would be a minor issue.

Could you maybe elaborate on what "securely wipe" the key means, precisely? I mean, how reliable is the data destruction method used on the key?

Joe_Koba

Novalissoide So the data becomes irretrievable regardless of any previous encryption breaches, however sophisticated. If that is indeed the case, this adresses 90% of my concerns. Thanks.

As for the remaining 10% :
MetropleX It's probably me, but all I understand from that is that "reliably wiped means wiped". So the secure element is wiped, ok. How is it wiped, then? Is it at all like the DoD method for HDDs: overwriting the data on the secure element with 0s multiple times (3, or 7, depending on the method) - does the secure element even work that way? Or... ?

Novalissoide

Joe_Koba https://en.wikipedia.org/wiki/Forward_secrecy

Our devices, and most actions of their security chips relies on this.

Novalissoide

Joe_Koba further reading recommendation:
https://grapheneos.org/faq#security-and-privacy

MetropleX

Joe_Koba

Project response to similar questions related to our Duress feature:

Until the OS shuts down or reboots after wiping what's needed to derive any of the encryption keys again, it can still access all the data. It still has access to all the data it did before wiping other than the stuff directly related to deriving the encryption keys (which it doesn't need beyond trying to log in, change the password, etc.). Rebooting or shutting down after wiping is a crucial part of it because the reboot makes sure that leftover remnants despite having kernel page/slab zeroing, zero-on-free in userspace, etc. don't stay around. The Duress PIN process boots into recovery because the keys have also been purged and therefore it cannot boot into the OS at all. The recovery/factory reset then regenerates a new install of the operating system with new device encryption keys. Ensuring all device encrypted data is lost.

As for why we implemented auto reboot to help protect against forensic analysis BFU:

Ours (auto reboot) is implemented in a very robust way where crashing system_server, etc. can't stop it from triggering. We have zero-on-free for the kernel page/slab allocators so most memory is cleared on a clean reboot/shutdown and we also zero all of the memory on boot in the kernel too.

Joe_Koba

MetropleX This is exactly the information I was looking for. So the secure element is indeed wiped in the sense of zeroing the bits of data. I should've read that page more closely. Much obliged.

Novalissoide Thanks for those, I'll look into them to hopefully understand a bit more about encryption and security :-)

ryrona

secbind I think the simplest process for NIST 800-88 purge compliance would be overwriting data using ADB.

This is not an effective way to wipe data on flash based storage mediums, such as those in phones. This will not accomplish anything, and repeatedly overwriting data at the logical level will not guarantee data has actually been erased at the physical level, due to how wear leveling on flash based storage works. In fact, much of the data will remain, trivially readable by anyone physically connecting directly to the flash chip. Erasing data by overwriting disk storage at the logical level was only a reliable erasure method on magnetic harddrives. Doing it on flash based storage will just cause a lot of wear on the chip without actually deleting the data.

Joe_Koba So the secure element is indeed wiped in the sense of zeroing the bits of data.

That is not what that text says. It doesn't say anything how the Titan chip (Secure Element chip) deleted the Weaver tokens, because we don't know.

ryrona

Doing a factory reset will ensure data is cryptographically destroyed, such that it cannot be recovered even by an adversary knowing or learning about your passphrase. It is safe to tell your passphrase once you have done a factory reset, the passphrase is of no use anymore.

The wipe is done by deleting the Weaver tokens from the Titan chip. The actual data encryption keys are derived from those, and without the Weaver token, it is no longer possible to derive the data encryption keys, even knowing your passphrase. The Weaver tokens should be 256-bit random values, meaning not even quantum computer should be able to brute-force recover them or the encryption keys derived from them, within any foreseeable future.

The actual flash storage holding the data is not wiped in any sense, just marked as unused. This means the garbage collector in the flash chip will eventually delete the data too, but without any guarantees as to when this happens. It is the deletion of the Weaver tokens that makes data erasure considered secure, as the data is effectively cryptographically destroyed (ie no longer readable as the encryption keys to read the data can no longer be recovered).

You have to ask Google if the Weaver tokens are deleted from the Titan chips in a way that adheres to the standards you need. We don't know. GrapheneOS just tells the Titan chip to securely erase them.

You also have to make your own judgement how to relate to "within any foreseeable future".

I don't think you have to worry about derived encryption keys having leaked. If an adversary has compromised your device to that level, they will have read all encrypted data from your device too already.

Factory reset does not necessarily delete all data. There may be some data left, such as what SIM-cards (physical and eSIM) has been inserted into the device, and what cell towers the device has been connected to, and other modem related or hardware related data. However, all app data and information about what apps you have had installed, all file data and information about what files you have had on the device, and all data about activities in apps, will be cryptographically destroyed. You have to make your own judgement if SIM-related data is sensitive too.

Novalissoide

I always remove contacts and phone history from my physical SIM and use 'device only' for this, but I suspect that this practice isn't to be relied on if that sim gets analysed expensively, or, did i get something wrong about that?

Novalissoide

In other words, SIM content isn't covered by the Titan?