Overview
Company: IronKey
Website: IronKey
Product: IronKey Personal, 2GB
Memory: 2 GB
Encryption:
Data: AES Cipher-Block Chained mode
Encryption Keys: 128 Hardware DRNG
PKI: 2048-bit RSA
Hashing: 256-bit SHA
FIPS Validations: 140-2 Level 2, 186-2, 197
Price: 99 $, ~71 €
The IronKey USB flash drive is known to be one of the most secure USB flash drives which are currently available on the market. It offers a hardware based encryption, a mechanism for self-destruction, anonymous browsing, water resistance and some more. This review should proof if it can keep its promises and which else functionality it offers.
Packaging, first impression and size comparison
The packaging comes in a nice black and contains besides the IronKey USB flash drive a short user guide, which gives an overview of the main features, as well as a lanyard keychain.
The IronKey USB flash drive seems to be robust and somewhat heavier than usual USB flash drives. Also the size is a little larger than of the usuals.
At the bottom of the drive is a LED for showing the current status as well as a small hole for the supplied lanyard keychain.
Functionality
The IronKey was developed to be the most secure USB flash drive available in mind. This begins already at the case which consists of stainless steel. In combination with epoxy, which was used to seal the whole drive, the IronKey not only offers water- and tamper resistance but also protection against pressure- and temperature differences. Because of the epoxy it is relatively hard to extract the components of the flash drive without damaging them.
Inside the case is a cryptochip, which is responsible for the hardware based encryption, as well as two fast Dual-Channel SLC NAND memories.
One of the advantages of a hardware based encryption over a software based one lies in the fulfillment itself, as software based encryptions can often be easier exploited. If the password for retrieving the data on the flash drive is entered repeatedly wrong, the IronKey will make the data unreadable and lock out the user. The encryption is from the military certified for the protection of sensitive data and approved.
The user password, which is chosen at the installation, is used to "unlock" the 128-bit key which was generated randomly. This key is then used to encrypt and decrypt the data and is itself 128-bit AES encrypted.
One of the first attempts to circumvent this system could be a bruteforce attack on the user's password. This attempt is prevented with an internal counter which destroys the data and the flash drive itself after ten continously incorrect passwords.
Another possibility would be to manipulate the hardware directly. So it may be possible to bypass the hardware counter when physical access is given which would result in a higher chance of a successfull bruteforce attempt (if a weak password was chosen). Otherwise the used encryption is at this time known as secure. Additionaly would the integrated counter destroy the data also when it recognizes some "unwanted tampering".
In addition to the above mentioned hardware solution a nice software is supplied too. This suite will install a "secure" version of Firefox which offers Secure Sessions. With this it is possible to route the traffic through the TOR-network. At this only resources from IronKey are used, whereas according to IronKey no personal data is logged (e.g. for marketing or various analysis).
While testing the delivered version of Firefox and enabled TOR surfing was very fast. The use of IronKey's TOR-network is free for one year when an IronKey is activated.
An additional feature of the IronKey is that it not only runs on Microsoft Windows systems but also on Linux and Mac without problems (not tested though).
Installation
Installation is very easy. After the USB flash drive was plugged in, a password must be chosen with the supplied software. There the optional possibility is given to use a virtual keyboard which can for example circumvent hardware keyloggers. Another optional and recommended option is to backup the chosen password online at IronKey's website. This is if you have forgotten you password, as otherwise there will be no possibility to retrieve the encrypted data on the flash drive as there are no known "backdoors".
After a random AES key was generated, a "secure" version of Firefox gets installed among others. Finally the option is given to register the IronKey. Registration is required to get access to certain functions, such as password backup, software-updates and access to IronKey's encrypted web-service.
At registration username and password must be chosen as well as some security questions. At the end a secure picture and a secure phrase must be chosen which should protect against phishing-attacks. Ultimately an activation code is send via e-mail to finalize the process.
All this measures are necessary to add as much security as possible. For instance all e-mails sent from IronKey to the user contains the previous defined phrase. The pircture which was chosen will always be displayed after the username was entered but before the password was.
The whole install-process must be completed only once – to retrieve data later only the password must be entered.
Implementation
The implementation after the installation is also very easy. After the IronKey is plugged in, it takes two drives – one CD-drive (IronKey Unlocker), where user guides, drivers and the software are stored, as well as a removable flash drive, which denies access at this point. The software on the CD-drive is used to unlock the data-partition, assumed the correct password was entered.
The removable flash drive can then be accessed as common ones.
The software itself offers after connection various options as seen on the following screenshot:
Secure Files: Displays the data on the data partition of the IronKey through Explorer.
Secure Backup: By clicking on this entry backups from IronKey can be created or already available ones integrated, if the flash drive was lost for example.
my.ironkey.com: Establishes a connection to the login-website from IronKey. Depending if the IronKey is plugged in or not, either the normal overview is given or a so-called safe-mode, which offers only limited actions (display password, delete password-backup, …).
Settings: At this option several submenus are available, such as for changing the password or the search for new updates.
The main windows dislpays various applications which are installed on the flash drive where it is easy possible to add, remove or rename those.
More options are available through the trayicon of IronKey. For example it is possible to display the current network traffic, change the TOR identity and get access to a password-manager for websites.
Read- and write tests
As often security diseases from usability several read- and writing tests were done. Each test was repeated for four times in order to get accurate results. For testing mainly the program H2testw was used which can be downloaded from heise (www.heise.de/ct/ftp/ctsi.shtml).
Testmachine 1:
Microsoft Windows Vista Home Premium 64, SP2
AMD Athlon 64 X2 Dual Core 4200+ (2,2 Ghz)
3 GB RAM
Testmachine 2:
Microsoft Windows XP Pro. 32, SP3
Mobile DualCore Intel Core 2 Duo T7400, 2166 MHz
2048 MB (DDR2-667 DDR2 SDRAM)
For testing 300 MB of data were read and written.
All results where similar to the above ones. While copying a lot of small files it took a lot of more time but this is nothing uncommon.
Résumé
The many integrated features and well-thought concepts speak for itself. While testing none serious weakness could be found to not recommend the IronKey USB flash drive. Even a run in the washing machine caused no problems. Likewise positive is the fact that the IronKey does not only work with Windows systems but also with Linux (2.6+) and Mac OS X (10.4+). Above all for persons and especially for companies, which have often to transport sensitive data, this product offers an extensive solution which can be recommended without limitations. At the moment of writing this review the IronKey is available with 1 GB, 2 GB, 4 GB and 8 GB of memory capacity.
Only disadvantage is the price if only a simple, mobile flash drive for data carriage is needed. But as the intentions behind the IronKey are others, this fact is secondarily.
Desireable would be eventually a secure version of Opera as well as an integrated function for encryption, decryption and signing of e-mails.