I wonder if Ironman uses an Ironkey… 3


Because of the consulting work I do for the Department of Defense and the CIA, the security of my personal data is a big deal. So when my benevolent benefactors in Virginia sent me an 8GB Ironkey a little over a year ago as part of their new civilian contractor security protocols, I felt like a kid opening a present on Christmas morning. And while talking about the types of data I store and transport on my Ironkey would likely cost me my security clearance (you know the drill: I could tell you, but then I’d have to kill you), I am allowed to talk about the specs of this publicly-available product. In a word, Ironkey rocks.

At first glance, it looks very different from your standard USB key. It’s smooth, seemless, and wrapped in brushed aluminum. Plus it has a cool little embedded LED light! But as cool as it looks on the outside, the really cool stuff is on the inside. All data placed on the device is AES hardware encrypted to Federal Information Processing Standardization (FIPS) 140–2 Level 3 requirements. In civilian talk, that means it’s locked down tight.

Ironkey internals

A True Random Number Generator (TRNG) on the IronKey Cryptochip generates the encryption keys used to protect data in the IronKey hardware when the drive is first activated. This ensures maximum protection via the encryption ciphers. Unlike with software-based encryption, which stores keys on the host PC hard disk and loads them into RAM memory, IronKey encryption keys are never stored or loaded onto the PC, so they can never be compromised through methods such as Cold Boot attacks or other exploits. Unlike software-based encryption, IronKey’s “always-on” hardware encryption cannot be disabled either accidentally or on purpose.

Since the onboard Cryptochip manages the keys and performs the encryption routines, it won’t slow the host PC processor and will run more securely than any software-based encryption system. IronKey also uses high-grade, high-speed flash memory.

IronKey follows industry best practices and uses only well–established and thoroughly tested cryptographic algorithms. All of your data on the IronKey drive is encrypted in hardware using up to 256-bit AES encryption implemented in Cypher Block Chaining (CBC) mode. CBC is a more secure implementation than the alternative Electronic Codebook (ECB) mode that some encryption products use.

All IronKey devices work with Windows 2000, Windows XP SP2+, Vista, and Windows 7 without administrator privileges or installing any software or drivers. IronKey drives will also work on Mac OS 10.4+, or Linux 2.6+. There’s is no software to install. Just plug it in and watch it work.

Ironkey is waterproof to military waterproof standards MIL-STD-810F. Its metal casing protects internal components against physical damage, shock, the elements, and tampering. The casing is filled with an epoxy-based potting compound to seal all components against moisture and tampering. This combination also prevents the drive from being crushed, even under extremely high pressure. The result is a virtually unbreakable digital strongbox for storing your most private information, passwords, and files.

Self-defending IronKey devices are designed to protect themselves from physical attacks—even by a determined and sophisticated hacker (like myself). A tough epoxy compound surrounds and completely encases the chips and circuitry. This makes it impossible for anyone to remove the memory in an attempt to access the data by removing the chips and placing them on another device. Any such attempt would cause permanent damage to the chips, rendering the stored data unreadable.

IronKey devices also employ tamper-reaction technology in their firmware. The Cryptochip defends itself against power analysis, temperature, and probing attacks. It will self-destruct by erasing the data and keys when it detects any of these types of attacks. I only wished it announced “This message will self destruct in 5 seconds.” How cool would THAT be? 🙂

In addition to the epoxy potting compound, IronKey devices are protected by thin-film metal shielding around the onboard memory. This electromagnetic shielding provides another layer of defense against tampering by protecting against invasive attacks such as electronic scanning of the memory contents.

The Ironkey boasts a full set of software components that add to its usability. An on-board identity manager allows you to encrypt website passwords directly on the Ironkey, and recalls them if you visit a site while the key is plugged in. It also comes pre-installed with a secure version of the Firefox web browser, which can be executed directly from the Ironkey’s drive letter.

With IronKey’s Secure Sessions Service, your Web communications travel through an encrypted tunnel on the Internet to our network routing servers and eventually out to your destination website. This approach works just like an instant VPN (virtual private network), but is portable, so you can use it on other computers without having to install and configure complicated software.

Since IronKey controls the server your traffic will exit from, you get the benefit of additional online protection. IronKey performs a check to ensure that your traffic goes to the actual destination site using known DNS databases. It will also check to make sure that it is not a known phishing site. These anti-pharming and anti-phishing methods give you the latest in online protection. This gives you simple but effective protection against phishing attacks and spyware that tracks your keystrokes.

Not only does IronKey’s Secure Sessions service encrypt your online communications, but it provides a layer of anonymity to protect your identity and confidentiality. Websites will no longer be able to see your IP address or know where in the world you are coming from because it will appear as though you are coming from one of IronKey’s Tor servers instead of from your computer. And you can easily change which country your Web traffic is coming from at any time.

Compared to a standard USB flash drive of similar capacity, the Ironkey isn’t cheap (but can you name me a government-issued device that is?). However, if the safety of your portable documents is a requirement to keep your security-clearance level intact, the Ironkey is a bargain.

So your mission, should you choose to accept it, is to run out and get yourself your very own Ironkey. If you’re a CIA field operative, analyst, or even a lowly civilian consultant, then you’ve probably already got one. But even if the data you carry around in your pocket isn’t “Eyes Only,” it’s perfect for transporting files and documents that you want to keep private.

This blog post will self-destruct in 5 seconds.