NEW!
Advanced Secure Deletion Algorithm (ASDA)
The Next Generation of Secure Data Erasure
This approach ensures highly secure and fully traceable data erasure, while being significantly faster and more resource-efficient than conventional methods.
By leveraging four precisely coordinated steps, this algorithm delivers a deletion method that exceeds the highest security standards and optimizes efficiency with minimal resource usage. Verification and logging functions guarantee full transparency, while the use of 256-bit AES encryption and high-quality random numbers provides long-term protection against forensic recovery attempts. Its user-friendly implementation allows seamless integration into existing processes.
The Four Rounds of Erasure at a Glance
In the first round, all data is overwritten with the constant value 0xFF. This immediately obscures the original data content and provides a basic level of protection.
Next, any remaining original data in memory is fully encrypted using 256-bit AES (Advanced Encryption Standard). AES is considered one of the most reliable and modern encryption standards, making forensic recovery attempts significantly more difficult.
In the third round, a specific bit pattern (e.g., 10010010, 01001001, 00100100) is written. Afterward, the process verifies the written data by reading it back and checking for accuracy. This ensures that every sector/block has been correctly overwritten. Any missing or incorrectly read sectors/blocks are documented in a deletion report.
Finally, all data is overwritten using high-quality random numbers generated according to FIPS (Federal Information Processing Standards). By utilizing a strong random source, any attempt to read or reconstruct the original data is rendered virtually impossible.
Documentation about the source code:
The ASDAErase function in the DataShredder class is used to securely delete data from a file. This process involves four steps, which are carried out in sequential order.
The first step is to overwrite all data in the file with a specific pattern. This is done using the memset function, which sets a block of memory to a specific value.
The second step is to encrypt the original data in the file using the 256-bit AES (Advanced Encryption Algorithm). This is done using the AES class, which has a StartEncryption method that takes an array of unsigned char as input. The data to be encrypted is passed to this method as an argument.
The third step involves verifying the data that was written to the file in the second step. This is done by reading the data back from the file and comparing it to the original data using the memcmp function. If the data read from the file does not match the original data, a status value of 0xC0000719L (STATUS_CONTEXT_MISMATCH) is returned.
Finally, the last step is to overwrite the data in the file with a random pattern. This is done using the DoRandomErase function, which takes three arguments: the size of the data to be erased, a buffer to hold the data, and a byte value representing the iteration number.
If all four steps are completed successfully, the ASDAErase function returns a status value of 0. If any of the steps fails, an appropriate error code is returned.
Source code:
long DataShredder::ASDAErase(DWORD size, byte *buf, byte iteration)
{
long status=0;
LARGE_INTEGER nCurrentFilePointer = {0};
this->m_pLowLevelIO->GetFilePointer(&nCurrentFilePointer);
// working buffer
byte *buf1 = (byte*)malloc(size);
// read file content
if(iteration == 0) {
status=this->m_pLowLevelIO->Read(buf1, size, NULL);
this->m_pLowLevelIO->SetFilePointer(&nCurrentFilePointer);
}
// wipe with 0xFF
if(status == 0)
{
memset(buf, 0xFF, size);
status=this->m_pLowLevelIO->Write(buf, size, NULL);
if(!m_noBuffering)
this->m_pLowLevelIO->Flush();
this->m_pLowLevelIO->SetFilePointer(&nCurrentFilePointer);
}
// encrypt original file content
if(status == 0)
{
ULONG K[8];
ULONG seed;
seed=GetTickCount();
K[0]=LowLevel::IO::Random(&seed);
K[1]=LowLevel::IO::Random(&seed);
K[2]=LowLevel::IO::Random(&seed);
K[3]=LowLevel::IO::Random(&seed);
K[4]=LowLevel::IO::Random(&seed);
K[5]=LowLevel::IO::Random(&seed);
K[6]=LowLevel::IO::Random(&seed);
K[7]=LowLevel::IO::Random(&seed);
AES aes;
aes.SetParameters(256);
aes.StartEncryption((const unsigned char *)K);
for(ULONG i=0; (i*4)m_pLowLevelIO->Write(buf, size, NULL);
if(!m_noBuffering)
this->m_pLowLevelIO->Flush();
this->m_pLowLevelIO->SetFilePointer(&nCurrentFilePointer);
}
if(status == 0)
{
byte bData[] = {
0x92,//10010010,
0x49,//01001001,
0x24 //00100100
};
for(DWORD i = 0; i < size; i++)
{
buf[i] = bData[i%3];
}
status=this->m_pLowLevelIO->Write(buf, size, NULL);
if(!m_noBuffering)
this->m_pLowLevelIO->Flush();
this->m_pLowLevelIO->SetFilePointer(&nCurrentFilePointer);
// verify
if(0==this->m_pLowLevelIO->Read(buf1, size, NULL))
{
this->m_pLowLevelIO->SetFilePointer(&nCurrentFilePointer);
if(memcmp(buf1, buf, size))
{
status=0xC0000719L;//STATUS_CONTEXT_MISMATCH;
}
}
else
{
status=0xC0000719L;//STATUS_CONTEXT_MISMATCH;
}
}
if(status == 0)
{
status = this->DoRandomErase(size, buf, 0);
}
free(buf1);
return status;
}
Explanation of the source code:
This source code defines a function called ASDAErase, which takes in three parameters: an integer size, a pointer buf to a byte array, and an integer iteration. The function returns an integer value status.
The function starts by declaring and initializing some variables. It then reads the current file pointer using the GetFilePointer function of an object of the LowLevelIO class. It then allocates memory for a working buffer buf1 and reads the file content into this buffer using the Read function of the same LowLevelIO object.
The function then wipes the data in the file with the value 0xFF by writing this value to the file using the Write function of the LowLevelIO object, and then encrypts the original file content using the AES (Advanced Encryption Standard) algorithm. It does this by generating a random key and setting up the AES encryption parameters, and then encrypting the file content in blocks of 4 bytes using the StartEncryption function.
The function then writes the encrypted data back to the file, and then overwrites the file with a pattern of 0x92, 0x49, and 0x24 repeating in that order. It then verifies that the data was written correctly using the Read function and the memcmp function to compare the data in the working buffer buf1 with the pattern data in buf.
If all of these operations are successful, the function then calls another function called DoRandomErase to overwrite the file with random data. Finally, the function frees the memory allocated for buf1 and returns the status value.