Data Erasure Software Uses Standards That Are Called Wiping Schemes: What They Are & How to Use Them

The Ultimate Guide to Data Erasure Standards 

Data erasure software uses standards that are called wiping schemes, but some organizations may also refer to them as data sanitization methods, guidelines or algorithms. Whatever you call them, these standards have been put together by government agencies and private organizations to protect the digital information of enterprises by establishing secure, rigorous procedures for data removal.  
 
You may have heard of the Department of Defense’s DoD 5220.22-M, which is one of the most recognizable and widely used wiping schemes. But what are wiping schemes, exactly, how do they differ from each other, and how should you determine which one to use? In this blog, we will answer all those questions and more.

What Is a Wiping Scheme? 

Data wiping is the process of overwriting and permanently removing the contents of a file or disk space, which in turn empowers organizations and individuals to uphold data privacy and prevent data breaches. In order to overwrite data, we have to talk about wiping schemes. Wiping schemes consist of a set of rules that differentiate them from one another: overwriting passes, erasure patterns and verification. So, without further ado, let’s pry open a wiping scheme and see what’s inside.  

Overwriting Passes 

When looking at different wiping schemes, the first distinguishing feature that will jump out at you is likely to be the number of overwriting passes that each scheme contains. If a wiping scheme has 1 overwriting pass, such as the British Baseline, that means the data in question will be overwritten once. Wiping schemes with more passes provide added security by overwriting data multiple times, such as the DoD 5220.22-M with 3 passes or the Peter Gutmann method with 35 passes.  

Erasure Patterns 

Not only do the number of overwriting passes differ between wiping schemes, but also the type of data that is written to the drive during each pass. There are 3 main ways to proceed:

• Fixed pattern: A defined binary pattern for overwriting data, such as 1010.

• Complementary: Following on from fixed patterns, complementary patterns reverse the binary data of the previous overwrite. For example, the complementary to 1010 would be 0101. Complementary erasure patterns are important to use with HDDs, as writing the same character again and again leads to the threat of data being recoverable due to residual magnetism.  

• Random: Randomly generated data.  

Most standards use a combination of the 3 types of erasure patterns outlined above. For example, Jetico’s HDD wiping scheme. The first pass of this 7-pass wiping scheme overwrites existing drive data with a binary ‘00’ pattern. Passes 2-6 are labelled as complementary, meaning that each subsequent pass will reverse the pattern of the preceding one. The final pass overwrites data with a random pattern.

Verification  

A final verification step that checks all data has been removed from the drive is sometimes included with software. This step makes the wiping process take slightly longer, but it’s important to use software that provides this option as some standards require verification. 

How Many Wiping Schemes Are There? 

While the most well-known standards are the DoD 5220.22-M and the extended DoD 5220.22-M ECE, there are a number of wiping schemes that are widely used internationally or within certain industries. Let’s take a look at them in alphabetical order:

• British HMG IS5 (Baseline) 
  Issued by the Communications Electronics Security Group as part of the National Cyber Security Center, this standard is used by the British government.
  - Passes: 1 
  - Pattern: Fixed 
  - Verification: Yes
   
• British HMG IS5 (Enhanced)
  A more secure, 3-pass version of the British HMG IS5 standard.  
  - Passes: 3 
  - Patterns: Fixed and random 
  - Verification: Yes
   
• Bruce Schneier method
  A data sanitization algorithm created by Bruce Schneier that first appeared in his 1994 book Applied Cryptography. 
  - Passes: 7
  - Patterns: Fixed, complementary and random
  - Verification: Yes 
   
• Canadian RCMP TSSIT OPS-II 
  This 7-pass standard was published by the Royal Canadian Mounted Police (RCMP). Note: The RCMP TSSIT OPS-II is no longer the Canadian government’s software-based data sanitization standard. It was replaced by the CSEC ITSG-06 in 2017, which is identical to the NAVSO P-5329-26 standard.  
  - Passes: 7 
  - Patterns: Fixed, complementary and random 
  - Verification: Yes
   
• German Standard VSITR
  A 7-pass wiping scheme released by the German Federal Office for Information Security (BSI).  
  - Passes: 7 
  - Patterns: Fixed and complementary 
  - Verification: Yes
   
• Jetico HDD 
  Jetico’s proprietary wiping scheme that is our recommendation for securely erasing data from hard disk drives (HDDs).  
  - Passes: 7 
  - Patterns: Fixed, complementary and random 
  - Verification: Yes
   
• Jetico SSD 
  Jetico’s proprietary wiping scheme that is our recommendation for securely erasing data from solid-state drives (SSDs).  
  - Passes: 2 
  - Patterns: Random 
  - Verification: No
   
• NAVSO P-5329-26 MFM 
  The MFM (modified frequency modulation) version of the 3-pass wiping standard issued by the U.S. Navy in 1993.  
  - Passes: 3 
  - Patterns: Fixed, complementary and random 
  - Verification: Yes
   
• NAVSO P-5329-26 RLL
  The RLL (run-length limited) version of the U.S. Navy’s data sanitization method.  
  - Passes: 3 
  - Patterns: Fixed, complementary and random 
  - Verification: Yes
   
• NIST 800-88-1 
  This 1-pass data sanitization method involves using a fixed ‘00’ overwriting pattern. 
  - Passes: 1
  - Pattern: Fixed
  - Verification: Yes
   
• NIST 800-88-2 
  This 1-pass data sanitization method issued by the National Institute for Standards and Technology involves using a random overwriting pattern.  
  - Passes: 1 
  - Pattern: Random 
  - Verification: Yes
   
• NIST 800-88-3 
  A 3-pass version of the wiping scheme issued by the National Institute for Standards and Technology. 
  - Passes: 3 
  - Patterns: Fixed, complementary and random 
  - Verification: Yes
   
• Peter Gutmann method 
  Peter Gutmann’s 35-pass data sanitization method was developed in 1996. Using a mixture of random and complex patterns, it is a very time consuming wiping scheme that is regarded as one of the most effective and secure.  
  - Passes: 35 
  - Patterns: Random and fixed 
  - Verification: No
   
• Russian GOST R 50739-95 
  A 2-pass wiping scheme issued by the Russian State Technical Commission to protect data against unauthorized access.  
  - Passes: 2 
  - Patterns: Fixed and random 
  - Verification: No
   
• U.S. Army AR380-19 
  This 3-pass data sanitization method was published by the U.S. Army in the Army Regulation 380-19 of 1998.  
  - Passes: 3 
  - Patterns: Random, fixed and complementary 
  - Verification: Yes
   
• U.S. DoD 5220.22-M 
  Widely adopted standard published by the U.S. Department of Defence in 1995. This wiping scheme requires overwriting drives with 3 passes. Pass 1 involves overwriting with a fixed or random pattern; Pass 2 is complementary; Pass 3 is random and is followed by verification.  
  - Passes: 3 
  - Patterns: Random and complementary 
  - Verification: Yes 
   
• U.S. DoD 5220.22-M (ECE) 
  This method is an extended, 7-pass version of the original DoD standard. It comprises 2 complete passes of the DoD 5220.22-M with an additional, fixed-pattern pass in the middle.   
  Passes: 7  
  Patterns: Fixed and random  
  Verification: Yes
   
• U.S. DoE M-205.1-2 
  Issued by the U.S. Department of Energy, this 3-pass standard is required for clearing, sanitizing and destroying “DoE information system storage media, memory devices, and related hardware”.  
  - Passes: 3 
  - Patterns: Random and fixed 
  - Verification: Yes 
   

How to Select the Right Wiping Scheme

With so many options available, how should you decide which wiping scheme to use for a particular job? Here’s a 3-point checklist to help you make the right choice:   

1. Check Your Compliance Requirements

Before securely erasing data, the single most important thing to check is if you are required to comply with a particular standard. Keep in mind that your industry may have already set clear guidelines on which standard has to be used.  

2. Consider the Type of Drive

HDDs and solid-state drives (SSDs) require different wiping schemes to securely erase data. Generally speaking, a combined total of 7 fixed and complementary overwriting passes are enough to avoid problems related to residual magnetism for HDDs. For SSDs, it’s the generating of random data rather than the number of passes that’s important. BCWipe’s proprietary HDD and SDD wiping schemes are Jetico’s recommended choice for wiping both types of drive.  

3. Consider Your Timetable

The Peter Gumann method with its 35 passes is arguably the most secure wiping scheme, but it obviously takes a great deal of time to run. In addition to compliance and drive considerations, it's important to factor in the sensitivity of the data you’re erasing and the amount of time you can realistically set aside for the operation.

Standards Supported by BCWipe

Trusted for over 15 years by the U.S. Department of Defense, Jetico’s data wiping solutions remove digital information beyond forensic recovery and support all the standards listed in the How Many Wiping Schemes Are There? section of the blog, including the DoD 5220.22-M, DoD 5220.22-M (ECE) and NIST SP 800-88, Rev. 1. 
 
BCWipe Total WipeOut is the choice to wipe entire hard drives, while BCWipe is used to wipe individual files and folders. By simply ticking a checkbox, users can also add a verification step to the end of data erasure operations with both BCWipe Total WipeOut and BCWipe.  
 
To get started with Jetico’s data wiping solutions, contact our Data Protection Specialists and request a free trial. To learn more about how to wipe hard drives clean, read our ultimate guide.