Jump to content

IronKey: Difference between revisions

From Wikipedia, the free encyclopedia
Content deleted Content added
No edit summary
No edit summary
Line 47: Line 47:


*[[Lexar]]: JumpDrive SecureII Plus
*[[Lexar]]: JumpDrive SecureII Plus
*[[BlockMaster]]: SafeStick
*[[BlockMaster]]: [[SafeStick]]
*[[Kingston Technology]]: DataTraveler Vault and DataTraveler BlackBox (with [[FIPS 140-2]] Level 2 certification), and DataTraveler 5000 (with [[FIPS 140-2]] Level 2 certification, and Level 3 pending<ref>{{cite web|author=CoolComputing |url=http://www.coolcomputing.com/article.php?sid=3622 |title=Kingston DataTraveler 5000 Secure USB Flash Drives Unveiled |publisher=CoolComputing |date=2010-01-27 |accessdate=2010-05-08}}</ref>).
*[[Kingston Technology]]: DataTraveler Vault and DataTraveler BlackBox (with [[FIPS 140-2]] Level 2 certification), and DataTraveler 5000 (with [[FIPS 140-2]] Level 2 certification, and Level 3 pending<ref>{{cite web|author=CoolComputing |url=http://www.coolcomputing.com/article.php?sid=3622 |title=Kingston DataTraveler 5000 Secure USB Flash Drives Unveiled |publisher=CoolComputing |date=2010-01-27 |accessdate=2010-05-08}}</ref>).
*[[SanDisk]]: [[Cruzer Enterprise]]
*[[SanDisk]]: [[Cruzer Enterprise]]

Revision as of 13:23, 18 June 2010

IronKey
Company typePrivate
IndustryInternet security
Founded2005
FounderDavid Jevans
HeadquartersLos Altos, California
Key people
David Jevans (CEO), Gil Spencer (CTO), Bill Harris (Chairman)
ProductsIronKey S100, IronKey S200, IronKey D200
WebsiteIronKey

IronKey is an Internet security and privacy company located in Los Altos, California that was formed in 2005 by David Jevans, with the stated aim of providing security and privacy solutions to both consumers and enterprises. IronKey's founding was partially funded by the U.S. federal government, with a grant of US$1.4 million through the Homeland Security Research Projects Agency,[1][2][3] and their products have been used extensively by the U.S. government in various areas.[4][5]

Overview

IronKey manufactures a range of secure USB flash drives, including the IronKey S200 and IronKey D200, which come in three varieties (Basic, Personal, and Enterprise) in sizes ranging from one GB to sixteen GB (up to 32 GB for the D200). The three versions differ primarily in the software included with them; there are also some hardware differences that prevent the end user from converting one version to another. All three contain the same level of hardware encryption and are structured with two partitions: an unlocker partition with software handling locking and unlocking, and a secure area. The Basic model has no extra software and is targeted at government and military users, while the Personal includes a portable version of Mozilla Firefox, Identity Manager (an account/password management software), and Secure Sessions. The Enterprise model is intended for corporate and government environments, and is completely configurable by an administrator. As such, it can contain any or all of the software on the Personal edition, along with anti-malware software, RSA, and OTP software.

One of the key design features of the IronKey is a self-destruct mechanism which activates after the user enters his password incorrectly a certain number of consecutive times. On the Personal model ten times is the limit, and on the Enterprise model the count is configurable by the administrator, while the Basic model can be configured to disable this feature entirely. As a safety measure, the device is required to be unplugged and replugged after every three password attempts. After reaching the password limit, the device will delete its encryption keys and instigates a wear level pass on the drive, effectively making the device completely unusable.

The IronKey S100 has passed FIPS 140-2 Level 2 validation,[6] and the S200 and D200 have passed FIPS 140-2 Level 3 validation.[7] As of July 2009, the latter two were the only[8] USB drives to obtain an Overall Level 3 (although Kingston Technology has stated that Level 3 certification is pending[9] for their DataTraveler 5000 device).

Bundled software

Secure Sessions is an IronKey-customized fork of the open source Tor anonymizer network, offering similar features to end users of secure and private web browsing by routing network traffic through a random selection of nodes. Unlike Tor, it only uses private servers (around 22 of them) owned by IronKey in several different countries, including the USA, Canada, Denmark, the Netherlands, and the UK. Users are unable to configure themselves as nodes, which means that the entire system would stop working if IronKey ever ceased operations. While use of all private nodes secures users from potential third-party rogue nodes, it requires the user to trust IronKey alone with their traffic. With a single company (IronKey) controlling all the nodes, a court order against IronKey could result in the entire Secure Sessions network being compromised.

Secure Sessions frequently generates new private keys on each server (used to encrypt all traffic), thereby making it very difficult to obtain the keys to decrypt any traffic that may have been captured by a law enforcement or other agency[citation needed]. Some performance enhancements[citation needed] have been added to Secure Sessions and, as with Tor, some traffic restrictions are in place for blocking P2P and other overlay networks that can cause bandwidth saturation.

Identity Manager is a password management tool bundled on the Personal and Enterprise devices. The Identity Manager stores the passwords of a user in an encrypted format within a non-user-accessible area of the device, and connects to Mozilla Firefox and Internet Explorer, allowing automatic logins. This prevents malware from simply copying an account database off the device for a later attack. Passwords are only visible in memory for a matter of seconds while being populated onto the web form. During that time, they are as vulnerable as any other system.

Hardware

All models of IronKey share the same case design. There are two versions of the IronKey (S200 and D200) that come in three different models. The S200 contains RAM using the more expensive and faster SLC, rather than the slower and shorter-lived MLC, which is one of the reasons for the higher price of the S200 compared to the D200, which uses MLC flash. The S200's outer case is silver-metallic in color, while the D200 is gray. IronKey utilizes a strong, metallic outer casing to protect against physical damage, and the internal components are sealed with an epoxy-based potting compound to protect against tampering as well as increase waterproofing, along with increasing the device's strength. Additionally, there is a coating over the chipsets that senses any tampering by a change in the electrical impedance. If the IronKey senses a change, the cryptochip self-destructs the next time power is applied, and an NSA wear level erase of the flash is enacted. It tends to be a bit larger and heavier than most current flash drives, at 75 millimetres (3.0 in) x 19 millimetres (0.75 in) x 9 millimetres (0.35 in), and a weight of 25 grams (0.88 oz).

Encryption

The original version of the IronKey (released in 2005) used AES 128-bit CBC hardware encryption. It was renamed in July 2009 to the S100 to match the release[10][11] of the newer S200, which uses AES 256-bit CBC hardware encryption.

Operating system support

While most of the supporting software (mainly Identity Manager and Secure Sessions) are only available to Windows (specifically Windows 2000 SP4, Windows XP SP2, Windows Vista, and Windows 7) users, the IronKey includes an unlocker for Mac OS X 10.4+, along with a large range of Linux variants. The latest build of the IronKey Unlocker does not require any administrator or root permissions, and installs no extra drivers.

Enterprise

The Enterprise version of the IronKey is intended to allow larger companies and government departments to centrally configure, deploy, and manage their employees' IronKeys through a paid service. Some key features of this service are the abilities to create specific profiles for groups of employees (which allows different users access to different features), to remotely kill or disable an IronKey after it has been deployed, to control whether an IronKey is allowed to be unlocked at remote locations, to add an RSA SecurID app or CryptoCard app to the IronKeys, and to see where the IronKeys are being used on a global map.

Partnerships

Lockheed Martin has partnered with IronKey[12] to produce a bootable version of an IronKey drive, branded the IronClad. The IronClad appears to be almost hardware identical to current IronKeys, with the addition of customized firmware and the installation of MokaFive virtualisation software to enable booting.

Competing products

Secure flash drives have become more common in recent years, following increases in reports of drives and laptops with confidential data being lost or stolen.[13][14][15][16] Most of the larger flash drive manufacturers have released similar products with varying feature sets; some of the more well known examples of which are:

A security flaw disclosed in January 2010 revealed that some Kingston, Sandisk, and Verbatim drives could be decrypted.[18][19] Sandisk and Verbatim both issued a software update to resolve the issue,[20][21] while Kingston offered to replace all affected devices.[22][23]

Alternatively, software based disk encryption systems can be used with any USB flash drive and provide practically equivalent functionality at a significantly lower cost.

See also

References

  1. ^ "SOMETHING VENTURED: Uncle Sam Is Staking Start-Ups" (PDF). VentureWire. March 12, 2008. Retrieved August 5, 2009.
  2. ^ "10 Hot Security Startups". DarkReading. April 12, 2007. Retrieved August 5, 2009.
  3. ^ "Command, Control and Interoperability Programs and Projects". Department of Homeland Security. April 2, 2009. Retrieved August 5, 2009.
  4. ^ "U.S. Department of Homeland Security - 2010 Budget in Brief" (PDF). Department of Homeland Security. 2009. Retrieved August 5, 2009.
  5. ^ "Department Responsibilities: Maximize Use of Science, Technology and Innovation". Department of Homeland Security. July 22, 2009. Retrieved August 5, 2009.
  6. ^ "FIPS 140-2 Validation Certificate" (PDF). NIST. April 11, 2008. Retrieved August 11, 2009.
  7. ^ "FIPS 140-2 Validation Certificate" (PDF). NIST. June 22, 2009. Retrieved July 23, 2009.
  8. ^ "Validated FIPS 140-1 and FIPS 140-2 Cryptographic Modules". NIST. July 21, 2009. Retrieved July 27, 2009.
  9. ^ "Kingston Digital Launches New Ultra-Secure USB Flash Drive". PR Newswire. January 27, 2010. Retrieved January 27, 2010. {{cite web}}: Unknown parameter |source= ignored (help)
  10. ^ Dunn, John (July 16, 2009). "IronKey USB drive gets uncrackable shell". PC World. Retrieved August 11, 2009.
  11. ^ "IronKey Introduces S200 with FIPS Level 3 140-2". IronKey. July 2009. Retrieved July 23, 2009.
  12. ^ Melanson, Donald (January 19, 2010). "Lockheed Martin introduces 'PC on a stick' flash drive -- yes, Lockheed Martin". Engadget. Retrieved January 21, 2010.
  13. ^ Dayani, Alison (August 29, 2009). "Laptops containing medical details of Birmingham patients stolen". Birmingham Mail. Retrieved September 4, 2009.
  14. ^ "Possible Loss of Personal Identifiable Information" (PDF). Department of Navy. August 2009. Retrieved September 4, 2009.
  15. ^ "Army Guard to inform members of data loss". Army National Guard. August 4, 2009. Retrieved September 4, 2009.
  16. ^ Wells, David (July 13, 2009). "Canyons School District Loses USB Drive with Sensitive Employee Info". FOX13NOW. Retrieved September 4, 2009.
  17. ^ CoolComputing (2010-01-27). "Kingston DataTraveler 5000 Secure USB Flash Drives Unveiled". CoolComputing. Retrieved 2010-05-08.
  18. ^ Cluley, Graham (January 5, 2010). "Flash drive manufacturers warn: Hackers can decrypt 'secure' USB sticks". Sophos. Retrieved January 21, 2010.
  19. ^ Schmidt, Juergen (January 4, 2010). "NIST-certified USB Flash drives with hardware encryption cracked". The H Security. Retrieved January 21, 2010.
  20. ^ "Corporate Secure and Coporate Secure FIPS Edition USB Drives". Verbatim. Retrieved 2010-05-08.
  21. ^ "Security Bulletin December 2009". Sandisk.com. 2010-04-30. Retrieved 2010-05-08.
  22. ^ "Kingston's Secure USB Drive Information Page". Kingston. Retrieved January 27, 2010.
  23. ^ "Kingston Digital to Replace Affected Secure USB Flash Drives with Upgraded Security Architecture, New Drives". Kingston. January 13, 2010. Retrieved January 26, 2010.