IronKey
File:IronKey Logo Small.png | |
Company type | Private |
---|---|
Industry | Internet security |
Founded | 2005 |
Founder | David Jevans |
Headquarters | Los Altos, California |
Key people | David Jevans (CEO), Gil Spencer (CTO), Bill Harris (Chairman) |
Products | IronKey S200, IronKey D200 |
Website | IronKey |
IronKey is an Internet security and privacy company located in Los Altos, California that was formed in 2005 by David Jevans, with the stated aim of providing security and privacy solutions to both consumers and enterprises. IronKey's startup was partially federally funded, with a grant of US$1.4 million through the Homeland Security Research Projects Agency,[1][2][3] and their products are used extensively by the US government in various areas.[4][5]
Overview
IronKey manufacture a range of secure USB flash drives including the IronKey S200 and IronKey D200, which come in three varieties: Basic, Personal, and Enterprise, and sizes from 1 GB to 16 GB (32 GB for the D200). The three versions are differentiated primarily by included software; however there are also some hardware differences which currently prevent the end user from converting one version to another. All three contain the same level of hardware encryption, and are structured with two partitions: An unlocker partition with software that handles locking/unlocking, and a secure area. The Basic model has no extra software and is targeted at government and military users, while the Personal includes a portable version of Mozilla Firefox, Identity Manager (account/password management software), and Secure Sessions. The Enterprise model is intended for corporate and government environments, and is completely configurable by an administrator. As such, it can contain any or all of the software on the Personal, along with anti-malware software, RSA OTP software, and more (see the Enterprise heading for more).
One of the key design features of the IronKey is a self-destruct mechanism which activates after the user enters his password incorrectly a certain number of consecutive times. On the Personal model ten times is the limit, and on the Enterprise model the count is configurable by the administrator, while the Basic model can be configured to disable this feature entirely. As a safety measure, the device is required to be unplugged and replugged after every three password attempts. After reaching the password limit, the device will delete its encryption keys and instigates a wear level pass on the drive, effectively making the device completely unusable.
Bundled software
SecureSessions is an IronKey-customized fork of the open source Tor anonymizer network, and offers similar features to end users of secure and private web browsing by routing network traffic through a random selection of nodes. Unlike Tor, it only uses private servers (currently 22 of them) owned by IronKey in several different countries including USA, Canada, Denmark, the Netherlands and England. Users are unable to configure themselves as nodes—this gives a single point of failure in the event of IronKey ceasing operations. It also means that a legal injunction against IronKey could force the entire SecureSessions network to become vulnerable.
SecureSessions frequently generates new private keys on each server (used to encrypt all traffic), thereby making it very difficult to obtain the keys to decrypt any traffic that may have been captured by a law enforcement or other agency[citation needed]. Some performance enhancements[citation needed] have been added to SecureSessions and, as with Tor, some traffic restrictions are in place for blocking P2P and other overlay networks that can cause bandwidth saturation.
Identity Manager is a password management tool bundled on the Personal and Enterprise devices. The Identity Manager stores all of the users passwords in an encrypted format in a non-user accessible area of the device, and hooks into Mozilla Firefox and Internet Explorer to allow automatic logins. This prevents malware from simply copying an account database off the device for later attack. Passwords are only visible in memory for a matter of seconds while being populated onto the web form. At that time they are as vulnerable as any other system.
The IronKey S100 has passed FIPS 140-2 Level 2 validation,[6] and the S200 and D200 have passed FIPS 140-2 Level 3 validation,[7] currently the only[8] USB drive to obtain an Overall Level 3 (although Kingston Technology's recent press release states that Level 3 certification is pending [9] for their new DataTraveller 5000).
Hardware
All models of IronKey share the same case design. There are now two versions of the IronKey (S200 and D200) that come in three different Models. The S200 contains RAM that is the more expensive SLC, rather than the slower and shorter lifespan MLC, which is one of the reasons for the higher price of the S200 IronKey compared to the D200 which contains MLC flash. There is strong outer metal casing to protect against physical damage, and the internal components are sealed with an epoxy-based potting compound to both protect against tampering and increase waterproofing, along with increasing strength of the device. Additionally, there is a coating over the chipsets that senses any tampering by a change in the electrical impedance. If the IronKey senses a change, the next time power is applied, the cryptochip self-destructs and an NSA wear level erase of the flash is enacted. It tends to be a bit larger and heavier than most current flash drives, at 75mm x 19mm x 9mm, and weight of 25 grams.
Encryption
The original version of the IronKey (which was released in 2005) uses AES 128-bit CBC hardware encryption. It was renamed in July 2009 to the S100, to match the release[10][11] of the newer S200, which uses AES 256-bit CBC hardware encryption.
OS Support
While most of the supporting software (specifically Identity Manager and Secure Sessions) is only available to Windows (specifically Windows 2000 SP4, Windows XP SP2, Windows Vista, Windows 7) users, the IronKey includes an Unlocker for Mac OS X 10.4+, along with a large range of Linux variants. The latest build of the IronKey Unlocker does not require any administrator/root permissions, and installs no extra drivers.
Enterprise
The Enterprise version of the IronKey is intended to allow larger companies and government departments to centrally configure, deploy, and manage their employees' IronKeys. There is a $24 per year/per device fee for this service. Some key features of this service is the ability to create specific profiles for groups of employees which allows different users access to different features, remotely kill or disable an IronKey after it has been deployed, control whether an IronKey is allowed to be unlocked at remote locations, add an RSA SecurID app or CryptoCard app to the IronKeys, ability to see where the IronKeys are being used on a global map.
Partnerships
Lockheed Martin has recently partnered with IronKey[12] to produce a bootable version of an IronKey drive, branded the IronClad. The IronClad appears to be almost hardware identical to current IronKeys, with the addition of a customised firmware and installation of MokaFive virtualisation software to enable booting.
Similar and Competing Products
Over recent years secure flash drives have become more common, as news reports of people losing (or having stolen) drives or laptops with confidential data become more prevalent.[13][14][15][16] Most of the larger flash drive manufacturers have released similar products with varying feature sets; some of the more well known examples of which are:
- Lexar: JumpDrive SecureII Plus
- BlockMaster: SafeStick
- Kingston Technology: DataTraveler Vault and DataTraveler BlackBox (with FIPS 140-2 Level 2 certification), and DataTraveler 5000 (with FIPS 140-2 Level 2 certification, and Level 3 pending[17]).
- SanDisk: Cruzer Enterprise
- Verbatim: Store 'n' Go Corporate Secure USB Drive
A security flaw disclosed in January 2010 revealed that some Kingston, Sandisk and Verbatim drives could be decrypted[18][19]. Sandisk and Verbatim both issued a software update to resolve the issue[20] [21], while Kingston offered to replace all affected devices [22][23].
Alternatively, software based disk encryption systems can be used with any USB flash drive and provide practically equivalent functionality at a significantly lower cost.
See also
References
- ^ "SOMETHING VENTURED: Uncle Sam Is Staking Start-Ups" (PDF). VentureWire. March 12, 2008. Retrieved August 5, 2009.
- ^ "10 Hot Security Startups". DarkReading. April 12, 2007. Retrieved August 5, 2009.
- ^ "Command, Control and Interoperability Programs and Projects". Department of Homeland Security. April 2, 2009. Retrieved August 5, 2009.
- ^ "U.S. Department of Homeland Security - 2010 Budget in Brief" (PDF). Department of Homeland Security. 2009. Retrieved August 5, 2009.
- ^ "Department Responsibilities: Maximize Use of Science, Technology and Innovation". Department of Homeland Security. July 22, 2009. Retrieved August 5, 2009.
- ^ "FIPS 140-2 Validation Certificate" (PDF). NIST. April 11, 2008. Retrieved August 11, 2009.
- ^ "FIPS 140-2 Validation Certificate" (PDF). NIST. June 22, 2009. Retrieved July 23, 2009.
- ^ "Validated FIPS 140-1 and FIPS 140-2 Cryptographic Modules". NIST. July 21, 2009. Retrieved July 27, 2009.
- ^ "Kingston Digital Launches New Ultra-Secure USB Flash Drive". PR Newswire. January 27, 2010. Retrieved January 27, 2010.
{{cite web}}
: Unknown parameter|source=
ignored (help) - ^ Dunn, John (July 16, 2009). "IronKey USB drive gets uncrackable shell". PC World. Retrieved August 11, 2009.
- ^ "IronKey Introduces S200 with FIPS Level 3 140-2". IronKey. July 2009. Retrieved July 23, 2009.
- ^ Melanson, Donald (January 19, 2010). "Lockheed Martin introduces 'PC on a stick' flash drive -- yes, Lockheed Martin". Engadget. Retrieved January 21, 2010.
- ^ Dayani, Alison (August 29, 2009). "Laptops containing medical details of Birmingham patients stolen". Birmingham Mail. Retrieved September 4, 2009.
- ^ "Possible Loss of Personal Identifiable Information" (pdf). Department of Navy. August 2009. Retrieved September 4, 2009.
- ^ "Army Guard to inform members of data loss". Army National Guard. August 4, 2009. Retrieved September 4, 2009.
- ^ Wells, David (July 13, 2009). "Canyons School District Loses USB Drive with Sensitive Employee Info". FOX13NOW. Retrieved September 4, 2009.
- ^ http://www.coolcomputing.com/article.php?sid=3622
- ^ Cluley, Graham (January 5, 2010). "Flash drive manufacturers warn: Hackers can decrypt 'secure' USB sticks". Sophos. Retrieved January 21, 2010.
- ^ Schmidt, Juergen (January 4, 2010). "NIST-certified USB Flash drives with hardware encryption cracked". The H Security. Retrieved January 21, 2010.
- ^ http://www.verbatim.com/security/security-update.cfm
- ^ http://www.sandisk.com/business-solutions/enterprise/technical-support/security-bulletin-december-2009
- ^ . Kingston http://www.kingston.com/driveupdate/. Retrieved January 27, 2010.
{{cite web}}
: Cite has empty unknown parameter:|1=
(help); Missing or empty|title=
(help) - ^ "Kingston Digital to Replace Affected Secure USB Flash Drives with Upgraded Security Architecture, New Drives". Kingston. January 13, 2010. Retrieved January 26, 2010.