Is secure deletion possible in Java

  • Context: Java 
  • Thread starter Thread starter Paul Uszak
  • Start date Start date
  • Tags Tags
    Java
Click For Summary

Discussion Overview

The discussion revolves around the feasibility of secure deletion of files in Java, particularly focusing on whether overwriting a file guarantees that the original data is irretrievable. Participants explore the implications of different storage technologies, such as HDDs and SSDs, and the role of operating systems in file management.

Discussion Character

  • Debate/contested
  • Technical explanation
  • Conceptual clarification

Main Points Raised

  • Some participants question whether writing over a file in Java guarantees that the original data is overwritten on the physical disk, or if it merely marks the original block as unused.
  • There is a suggestion that the operating system handles file access and overwriting, but the specifics of how this is done (e.g., whether the same physical block is overwritten) remain unclear.
  • Some argue that secure deletion methods may differ between HDDs and SSDs, with SSDs potentially requiring low-level methods not accessible through standard Java APIs.
  • Concerns are raised about the effectiveness of overwriting files multiple times and whether the operating system might cache data, leading to incomplete overwriting.
  • Participants discuss the possibility of using random gibberish to overwrite files before deletion, but question whether this truly ensures that the original data cannot be recovered.
  • There is a mention of historical system calls that might allow direct access to the file system, but uncertainty exists about their current applicability in modern operating systems.
  • Some participants express skepticism about the guarantees provided by secure deletion applications, noting that the effectiveness of such methods is debated.
  • A scenario is presented where a program needs to securely delete part of itself, raising questions about the feasibility of achieving this securely across varied machines.

Areas of Agreement / Disagreement

Participants do not reach a consensus on the effectiveness of secure deletion methods in Java. Multiple competing views exist regarding the implications of overwriting files, the behavior of operating systems, and the differences between HDDs and SSDs.

Contextual Notes

Limitations include the uncertainty surrounding how operating systems manage file overwriting, the potential for data caching, and the lack of access to low-level disk operations through Java. Additionally, the discussion highlights the complexity of ensuring secure deletion across different storage technologies.

Who May Find This Useful

This discussion may be of interest to software developers, data security professionals, and anyone concerned with data privacy and secure file management in programming environments.

  • #31
rootone said:
Sure, an OS can (and so it should!), prevent somebody from attempting to meddle with storage which it has deemed protected. I think though that the OP really meant secure deletion of just regular files using Java. I was suggesting that one way to do it could be to provide Java with an external library designed for that purpose.

You still need to talk to/patch the OS. You would have to secure erase the swap file / page file just in case the OS decided to swap your file or decryption key to disk (which is one of the reasons why I would recommend full disk encryption for this). I've not looked at the source code for PGP but I am fairly sure it must have some kind of OS-level memory lock to prevent paging. If you did that without collaboration with the OS, you'd be asking for a system crash. Obviously you can do this in an external library, but the point is that it would probably be on the same level as the OS itself.
 
Technology news on Phys.org
  • #32
Yes, very easily
step 1. open file stream with pointer to location.
step 2. spam write random values for that file.
step 3. delete file
step 4. repeat steps 2 and 3,
I have done this in C# before, found this on codeproject it seems legit. Should be easy enough to translate into java.
Code: 
public void WipeFile(string filename, int timesToWrite)
{
    try
    {
        if (File.Exists(filename))
        {
            // Set the files attributes to normal in case it's read-only.

            File.SetAttributes(filename, FileAttributes.Normal);

            // Calculate the total number of sectors in the file.
            double sectors = Math.Ceiling(new FileInfo(filename).Length/512.0);

            // Create a dummy-buffer the size of a sector.

            byte[] dummyBuffer = new byte[512];

            // Create a cryptographic Random Number Generator.
            // This is what I use to create the garbage data.

            RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();

            // Open a FileStream to the file.
            FileStream inputStream = new FileStream(filename, FileMode.Open);
            for (int currentPass = 0; currentPass < timesToWrite; currentPass++)
            {
                UpdatePassInfo(currentPass + 1, timesToWrite);

                // Go to the beginning of the stream

                inputStream.Position = 0;

                // Loop all sectors
                for (int sectorsWritten = 0; sectorsWritten < sectors; sectorsWritten++)
                {
                    UpdateSectorInfo(sectorsWritten + 1, (int) sectors);

                    // Fill the dummy-buffer with random data

                    rng.GetBytes(dummyBuffer);

                    // Write it to the stream
                    inputStream.Write(dummyBuffer, 0, dummyBuffer.Length);
                }
            }

            // Truncate the file to 0 bytes.
            // This will hide the original file-length if you try to recover the file.

            inputStream.SetLength(0);

            // Close the stream.
            inputStream.Close();

            // As an extra precaution I change the dates of the file so the
            // original dates are hidden if you try to recover the file.

            DateTime dt = new DateTime(2037, 1, 1, 0, 0, 0);
            File.SetCreationTime(filename, dt);
            File.SetLastAccessTime(filename, dt);
            File.SetLastWriteTime(filename, dt);

            // Finally, delete the file

            File.Delete(filename);

            WipeDone();
        }
    }
    catch(Exception e)
    {
        WipeError(e);
    }
}
 
  • #33
Superposed_Cat said:
Yes, very easily
step 1. open file stream with pointer to location.
step 2. spam write random values for that file.
step 3. delete file
step 4. repeat steps 2 and 3,
I have done this in C# before, found this on codeproject it seems legit. Should be easy enough to translate into java.

If you had read the thread, you would realize why this is NOT secure.

TL;DR: On an SSD you have no guarantee that you are over-writing the disk block that you think you are. By design, the controller in an SSD does not always map the same disk address to the same memory circuit. There are some other minor issues like inodes on ext filesystems.

The rest of it is stuff related to the OP's specfic problem; in his case he also has to make sure the OS does not swap/page the data to disk as that would create a copy of it in the swap/page file.
 
Last edited:
  • #34
Carno Raar said:
If you had read the thread, you would realize why this is NOT secure.

TL;DR: On an SSD
Sorry my post was for HDD's
 

Similar threads

Java Java Text Analysis Script: Count Word Frequency & Sentences | Get Help Now"
  • · Replies 4 ·
Replies
4
Views
2K
Comp Sci Weird File Output behavior in java
  • · Replies 1 ·
Replies
1
Views
2K
How Do You Implement Pipelines and I/O Redirections in a Unix Shell Using C?
  • · Replies 1 ·
Replies
1
Views
4K
All about Unicode /programming with Unicode [tutorial]
  • · Replies 4 ·
Replies
4
Views
16K
Fortran Compilation problem with gfortran
  • · Replies 9 ·
Replies
9
Views
9K
Math possibly in need of all-open-source software for testin
  • · Replies 12 ·
Replies
12
Views
3K
Why is my DVD-R Drive Failing to Burn Discs?
  • · Replies 4 ·
Replies
4
Views
3K
Model Pulley: Understanding System Physics
  • · Replies 27 ·
Replies
27
Views
11K
Countdown to Doom Release: Revisit the Original and Celebrate with Easter Eggs
  • · Replies 14 ·
Replies
14
Views
5K
Graduate BRS: PKI Cryptosystems for SA/Ms: A Tutorial
  • · Replies 13 ·
Replies
13
Views
4K