Jump to content

IronKey: Difference between revisions

From Wikipedia, the free encyclopedia
Content deleted Content added
Nuwewsco (talk | contribs)
Move to right section, remove claims. Please move to Talk:IronKey page before changing
Endareth (talk | contribs)
Line 47: Line 47:
*[[Verbatim]]: Store 'n' Go Corporate Secure USB Drive
*[[Verbatim]]: Store 'n' Go Corporate Secure USB Drive


Alternativly, [[Comparison of disk encryption software|software based disk encryption systems]] can be used with ''any'' [[USB flash drive]], and provide practically equivilent functionality at a significantly lower cost.
Alternatively, [[Comparison of disk encryption software|software based disk encryption systems]] can be used with any [[USB flash drive]] and provide equivalent functionality to the Basic model at a significantly lower cost.


==See also==
==See also==

Revision as of 04:22, 22 January 2010

IronKey
Company typePrivate
IndustryInternet security
Founded2005
FounderDavid Jevans
HeadquartersLos Altos, California
Key people
David Jevans (CEO), Gil Spencer (CTO), Bill Harris (Chairman)
ProductsIronKey S200, IronKey D200
WebsiteIronKey

IronKey is an Internet security and privacy company located in Los Altos, California that was formed in 2005 by David Jevans, with the stated aim of providing security and privacy solutions to both consumers and enterprises. IronKey's startup was partially federally funded, with a grant of US$1.4 million through the Homeland Security Research Projects Agency,[1][2][3] and their products are used extensively by the US government in various areas.[4][5]

Overview

IronKey manufacture a range of secure USB flash drives including the IronKey S200 and IronKey D200, which come in three varieties: Basic, Personal, and Enterprise, and sizes from 1 GB to 16 GB. The three versions are differentiated primarily by included software; however there are also some hardware differences which currently prevent the end user from converting one version to another. All three contain the same level of hardware encryption, and are structured with two partitions: An unlocker partition with software that handles locking/unlocking, and a secure area. The Basic model has no extra software and is targeted at government and military users, while the Personal includes a portable version of Mozilla Firefox, Identity Manager (account/password management software), and Secure Sessions. The Enterprise model is intended for corporate and government environments, and is completely configurable by an administrator. As such, it can contain any or all of the software on the Personal, along with anti-malware software, RSA OTP software, and more (see the Enterprise heading for more).

Bundled software

SecureSessions is an IronKey-customized fork of the open source TOR anonymizer network, and offers similar features to end users of secure and private web browsing by routing network traffic through a random selection of nodes. Unlike TOR, it uses private servers (currently 22 of them), all owned by IronKey in a several different countries including USA, Canada, Denmark, the Netherlands and England. Users are unable to configure themselves as nodes—this gives a single point of failure in the event of IronKey ceasing operations. It also means that (in theory), a legal injunction against IronKey could force the entire SecureSessions network to become vulnerable. However by controlling all the nodes, IronKey does protect against "malicious" nodes. The result is a slightly less anonymous network than TOR, but one that is at less risk of Man-in-the-middle attack.

Identity Manager is a password management tool bundled on the Personal and Enterprise devices. The Identity Manager stores all of the users passwords in an encrypted format in a non-user accessible area of the device, and hooks into Mozilla Firefox and Internet Explorer to allow automatic logins. This prevents malware from simply copying an account database off the device for later attack. Passwords are only visible in memory for a matter of seconds while being populated onto the web form. At that time they are as vulnerable as any other system.

The IronKey S100 has passed FIPS 140-2 Level 2 validation,[6] and the S200 and D200 have passed FIPS 140-2 Level 3 validation,[7] the first, and currently one of only two[8] USB drives to do so (the Kingston DataTraveler 5000 currently being the only other).

Hardware

All models of IronKey share the same case design. There are now two versions of the IronKey (S200 and D200) that come in three different Models. The S200 contains RAM that is the more expensive SLC, rather than the slower and shorter lifespan MLC, which is one of the reasons for the higher price of the S200 IronKey compared to the D200 which contains MLC flash. There is strong outer metal casing to protect against physical damage, and the internal components are sealed with an epoxy-based potting compound to both protect against tampering and increase waterproofing, along with increasing strength of the device. Additionally, there is a coating over the chipsets that senses any tampering by a change in the electrical impedance. If the IronKey senses a change, the next time power is applied, the cryptochip self-destructs and an NSA wear level erase of the flash is enacted. It tends to be a bit larger and heavier than most current flash drives, at 75mm x 19mm x 9mm, and weight of 25 grams.

Encryption

The original version of the IronKey (which was released in 2005) uses AES 128-bit CBC hardware encryption. It was renamed in July 2009 to the S100, to match the release[9][10] of the newer S200, which uses AES 256-bit CBC hardware encryption.

OS Support

While most of the supporting software (specifically Identity Manager and Secure Sessions) is only available to Windows (specifically Windows 2000 SP4, Windows XP SP2, Windows Vista, Windows 7) users, the IronKey includes an Unlocker for Mac OS X 10.4+, along with a large range of Linux variants. The latest build of the IronKey Unlocker does not require any administrator/root permissions, and installs no extra drivers.

Enterprise

The Enterprise version of the IronKey is intended to allow larger companies and government departments to centrally configure, deploy, and manage their employees' IronKeys. There is a $24 per year/per device fee for this service. Some key features of this service is the ability to create specific profiles for groups of employees which allows different users access to different features, remotely kill or disable an IronKey after it has been deployed, control whether an IronKey is allowed to be unlocked at remote locations, add an RSA SecurID app or CryptoCard app to the IronKeys, ability to see where the IronKeys are being used on a global map.

Partnerships

Lockheed Martin have recently partnered with IronKey[11] to produce a bootable version of an IronKey drive, branded the IronClad. The IronClad appears to be almost hardware identical to current IronKeys, with the addition of a customised firmware and installation of MokaFive virtualisation software to enable booting.

Similar and Competing Products

Over recent years, secure flash drives have become more common, as news reports of people losing (or having stolen) drives or laptops with confidential data become more prevalent.[12][13][14][15] Most of the larger flash drive manufacturers have released similar products with varying feature sets, although the recent serious security flaws[16][17] in many of these devices are of concern:

  • SanDisk: Cruzer Enterprise, which is comparable to the IronKey Enterprise edition in providing software for managing and controlling large numbers of secure devices.
  • Lexar: JumpDrive SecureII Plus, which seems intended for personal users, containing no extra software for managing passwords or multiple devices.
  • Kingston Technology: DataTraveler Vault and DataTraveler BlackBox (with FIPS 140-2 Level 2 certification), and DataTraveler 5000 (with FIPS 140-2 Level 3 certification).
  • Verbatim: Store 'n' Go Corporate Secure USB Drive

Alternatively, software based disk encryption systems can be used with any USB flash drive and provide equivalent functionality to the Basic model at a significantly lower cost.

See also

References

  1. ^ "SOMETHING VENTURED: Uncle Sam Is Staking Start-Ups" (PDF). VentureWire. March 12, 2008. Retrieved August 5, 2009.
  2. ^ "10 Hot Security Startups". DarkReading. April 12, 2007. Retrieved August 5, 2009.
  3. ^ "Command, Control and Interoperability Programs and Projects". Department of Homeland Security. April 2, 2009. Retrieved August 5, 2009.
  4. ^ "U.S. Department of Homeland Security - 2010 Budget in Brief" (PDF). Department of Homeland Security. 2009. Retrieved August 5, 2009.
  5. ^ "Department Responsibilities: Maximize Use of Science, Technology and Innovation". Department of Homeland Security. July 22, 2009. Retrieved August 5, 2009.
  6. ^ "FIPS 140-2 Validation Certificate" (PDF). NIST. April 11, 2008. Retrieved August 11, 2009.
  7. ^ "FIPS 140-2 Validation Certificate" (PDF). NIST. June 22, 2009. Retrieved July 23, 2009.
  8. ^ "Validated FIPS 140-1 and FIPS 140-2 Cryptographic Modules". NIST. July 21, 2009. Retrieved July 27, 2009.
  9. ^ Dunn, John (July 16 2009). "IronKey USB drive gets uncrackable shell". PC World. Retrieved August 11, 2009. {{cite web}}: Check date values in: |date= (help)
  10. ^ "IronKey Introduces S200 with FIPS Level 3 140-2". IronKey. July 2009. Retrieved July 23, 2009.
  11. ^ Melanson, Donald (January 19 2010). "Lockheed Martin introduces 'PC on a stick' flash drive -- yes, Lockheed Martin". Engadget. Retrieved January 21 2010. {{cite web}}: Check date values in: |accessdate= and |date= (help)
  12. ^ Dayani, Alison (August 29, 2009). "Laptops containing medical details of Birmingham patients stolen". Birmingham Mail. Retrieved September 4, 2009.
  13. ^ "Possible Loss of Personal Identifiable Information" (pdf). Department of Navy. August 2009. Retrieved September 4, 2009.
  14. ^ "Army Guard to inform members of data loss". Army National Guard. August 4, 2009. Retrieved September 4, 2009.
  15. ^ Wells, David (July 13, 2009). "Canyons School District Loses USB Drive with Sensitive Employee Info". FOX13NOW. Retrieved September 4, 2009.
  16. ^ Cluley, Graham (January 5, 2010). "Flash drive manufacturers warn: Hackers can decrypt 'secure' USB sticks". Sophos. Retrieved January 21, 2010. {{cite web}}: Cite has empty unknown parameter: |1= (help)
  17. ^ Schmidt, Juergen (January 4, 2010). "NIST-certified USB Flash drives with hardware encryption cracked". The H Security. Retrieved January 21, 2010. {{cite web}}: Cite has empty unknown parameter: |1= (help)