Terry White's Tech Blog » Security http://terrywhite.com/techblog Welcome to my technology blog! Fri, 10 Feb 2012 05:11:26 +0000 en hourly 1 http://wordpress.org/?v=3.3.1 Carry Sensitive Data on an IronKey http://terrywhite.com/techblog/archives/4211 http://terrywhite.com/techblog/archives/4211#comments Thu, 17 Dec 2009 08:01:39 +0000 Terry White http://terrywhite.com/techblog/?p=4211

ironkey

Although I have what seems like a mountain of thumb/flash drives lying around, I've never had one as cool as the one my friend Mary just gave me. It's called the IronKey. While it looks like an ordinary thumb drive in a cool aluminum casing, it's actually a lot more.

 

For the Security Conscious

As computer users we're taught not to leave a list of our passwords next to our computer right? Some will take it a step further and put that list on their computers in a text filed called something less obvious like "Johnson Rod Repair Manual". However, sensitive data should really be encrypted! While there is no shortage of encryption apps for Mac and PC's, I don't run across hardware solutions as often. Sure, most portable drives will offer something, but in that case it's usually very platform specific and requires the software to actually be "installed" to use it. The IronKey takes a simpler more straight forward approach.

 

Set it up

ironkeysetup

When you first plug in the USB thumb drive, you can launch the app for your platform right off the device itself. They have the documentation there as well. Give it a name and your secure password (please remember it!). You can also enable the Device Reset feature at this point so that if your device is lost/stolen and someone keys in the wrong password too many times it will automatically and securely erase or destroy the device. 

ironkeyinit

 

At this point your IronKey is ready to use

ironkeyunlock

Just key in your password and it will unlock and mount the drive

IronKeymounted

If you enter the wrong password twice, you'll be warned

warning

You can either configure the device to erase all content after the password has been incorrectly entered so many times and it will still be usable minus your data or you can have it not only erase your data but also destroy the drive so that it can't ever be used again. Wow!

 

What would I use this for?

I asked this question and at first couldn't really think of too much that I carry around that needs this level of security and then it dawned upon me that this would be great for a backup of my 1Password file in Encrypted HTML format. This way I could have all my passwords and logins with with If I need them on a different computer AND add one more level of security. I'll probably also use it to story backup copies of client presentations. 

 

A word about Security from IronKey – only read this part if you're a security geek :) Otherwise you can skip down to The Bottom Line

We are endeavoring to be very open about the security architecture and technology that we use in designing and building the IronKey devices and online services. There is no hocus-pocus or handwaving here. We use established cryptographic algorithms, we develop threat models, and we perform security analyses (internal and third party) of our systems all the way through design, development and deployment.

IronKey Device Security
Data Encryption Keys
» AES keys generated by onboard Random Number Generator
» AES keys generated by user at initialization time and encrypted
» AES keys never leave the hardware and are not stored in NAND flash

Self-Destruct Data Protection
» Secure volume does not mount until password is verified in hardware
» Password try-counter implemented in tamper-resistant hardware
» Once password try-count is exceeded, all data is erased by hardware

Additional Security Features
» USB command channel encryption to protect device communications
» Firmware and software securely updateable over the Internet
» Updates verified by digital signatures in hardware

Physically Secure
» Solid, rugged case
» Encryption keys stored in the tamper-resistant IronKey Cryptochip
» All chips are protected by epoxy-based potting compound
» Exceeds military waterproof standards (MIL-STD-810F)

Device Password Protection
The device password is hashed using salted SHA-256 before being transmitted to the IronKey Secure Flash Drive over a secure and unique
USB channel. It is stored in an extremely inaccessible location in the protected hardware. The hashed password is validated in hardware (there is no “getPassword” function that can retrieve the hashed password), and only after the password is validated is the AES encryption key unlocked. The password try-counter is also implemented in hardware to prevent memory rewind attacks. Typing your password incorrectly too many times initiates a patent-pending “flash-trash” self-destruct sequence, which is run in hardware rather than using software, ensuring the ultimate protection for your data.

 

The Bottom Line

If you need or want to carry around files that are secured and accessible on just about any computer with a USB port, this is a great portable option. By it being Mac and PC compatible, it's also a no brainer. The fact that it has a "Self Destruct" feature is icing on the cake. 

It comes in the follow configurations:

1GB

2GB

4GB

8GB

]]> http://terrywhite.com/techblog/archives/4211/feed 4