Recently, The Complex Litigator discussed the topic of data encryption to protect confidential client data. Now, as part of the ongoing COMPLEX TECH series, The Complex Litigator will cover various data encryption solutions. In this post, I will profile what appears to be nothing more that a slightly-larger-than-normal USB key, the Ironkey.
"Ironkey" is appropriate for a number of reasons. First, the IronKey is designed so that it cannot be physically tampered with or disassembled by a determined hacker. The IronKey is encased in a rugged metal housing, not plastic. It is one of the strongest USB devices you can buy. The interior of the IronKey is filled solid with an epoxy-based potting compound. This seals in all the components and prevents the IronKey from being crushed, even under extremely high pressure. The process of trying to remove encrypted data from the flash chips would be extremely difficult, time-consuming and almost certainly destroy the chips and connections inside. Such an attempt would cause permanent, noticeable damage.
The IronKey has tested, passed, and exceeded military waterproof standards (MIL-STD-810F). The Ironkey can survive a swim in the pool or a trip through the washing machine.
The IronKey is numerically stamped with a unique serial number. It can also be personalized by writing a company name or some other secret code identifier on the back. If someone were to replace an IronKey with a fake one, you could tell by examining the backside for forgery.
Besides potting the insides of the device, IronKey uses tamper-reaction technology in the Crypochip itself. Key storage areas are protected with thin-film metal shielding. The chip itself defends against power attacks and other invasive attacks such as using an electron microscope to scan the onboard memory. It will self-destruct when it detects such an attack.
Second, the encryption used by Ironkey is believed to be essentially uncrackable at this time. All data on the IronKey drive is encrypted in hardware using AES CBC-mode encryption. The encryption keys used to protect data are generated in hardware by a FIPS 140-2 compliant True Random Number Generator on the IronKey Cryptochip. This ensures maximum protection via the encryption ciphers. The keys are generated in the Cryptochip then the IronKey is initialized, and they never leave the secure hardware to be placed in flash memory or on the computer to which the Ironkey is attached.
[FIPS 140-2 validation is the benchmark for security within government departments and agencies. Government purchasing agents must purchase products validated for FIPS 140-2 in preference to non-validated products. To achieve validation, the IronKey underwent testing by an accredited independent lab, earning the Federal Information Processing Standards (FIPS) 140-2 Level 2 certificate number 938 from the National Institute of Standards and Technology (NIST) and the Canadian Communication Security Establishment (CSE). In addition, IronKey received FIPS 186-2 certification (certificate numbers 305 and 380) - demonstrating that IronKey's algorithms and random number generator have correctly implemented RSA, AES, SHA-1 and SHA-256 standards for digital signature generation and verification.]
Because the IronKey implements data encryption in the hardware Cryptochip, all data written to the USB drive is always encrypted. There is no way to accidentally turn it off or for malware or criminals to disable it. Because the encryption is handled by hardware, it runs many times faster than software encryption, especially when storing large files or using the on-board portable Firefox browser.
When you first initialize your IronKey, you create a password for that device. This password must be entered after you plug your IronKey into a computer's USB port. The encrypted drive will only mount and be accessible if the password is correct.
To prevent unauthorized people or malware (malicious software such as viruses and Trojans) from gaining access to your encrypted drive, the IronKey prevents password guessing attacks (e.g. brute-force or dictionary attacks). After 10 incorrect password attempts (and ample warnings), the IronKey locks out all further password attempts. It initiates a self-destruct sequence that securely and permanently erases the encryption keys and data. IronKey's Secure Backup software can be used to restore backed-up data to a new IronKey.
Hardware-based encryption systems can be vulnerable to brute-force attacks if they store a counter in the flash memory. The attacker simply rewinds the counter (i.e., resets the counter back to 1) after every attempt. Rewind attacks allow a limitless number of password guesses and permit brute force decryption attacks. To mitigate such a threat, the IronKey uses a separate cryptographic processor (the IronKey Cryptochip) with its own internal password guessing counter. This counter is not stored in the flash memory, so is not vulnerable to memory rewind attacks. The IronKey Cryptochip is hardened against physical attacks such as power attacks and bus sniffing. It is physically impossible to tamper with its protected data or reset the password counter. If the Cryptochip detects a physical attack from a hacker, it will destroy the encryption keys, making the stored encrypted files inaccessible.
Third, for those concerned about online security threats like "man-in-the-middle" attacks, there is a whole new way to surf the Web: using IronKey's Secure Sessions service and the Firefox browser already installed on the IronKey. This allows a safe connection to websites, even on public computers, creating a tunnel through unprotected wireless networks and snooping ISPs. With IronKey's Secure Sessions Service, Web communications travel through an encrypted tunnel on the Internet to Ironkey's network routing servers and eventually out to the destination website. The approach works just like an instant VPN (virtual private network), but is portable, so it can be used on other computers without having to install and configure complicated software. IronKey performs a check to ensure that user traffic goes to the actual destination site using known DNS databases. It will also check to make sure that it is not a known phishing site. These anti-pharming and anti-phishing methods give additional online protection.
Not only does IronKey's Secure Sessions service encrypt online communications, but it provides a layer of anonymity to protect both identity and confidentiality. To websites, it appears as though users are coming from one of IronKey's Tor servers instead of their own computers. Users can even change which country their Web traffic is coming from at any time. To provide this privacy protection, IronKey has extended Tor technology originally sponsored by the US Naval Research Laboratory. IronKey's Secure Sessions Service sends Web traffic through multiple network routing servers before decrypting it on an IronKey server and sending it to the destination site. This makes it virtually impossible to track who is going where or correlate surfing to a computer.
Imagine taking depositions in some city across the country. Imagine taking the case file with you on a USB key for handy reference. Imagine leaving that USB key in an airport terminal, or on the table at a restaurant. If these thoughts induce cardiac instability in you, they (1) should, and (2) ought to have you seriously considering an IronKey for yourself. IronKey does other things for users, like provides a secure method for storing all online passwords, but the data encryption and physical design should appeal most to attorney and law firms, hence the decision to skip the password storage features in this post.
If you are interested in picking up one of these data tanks for yourself, visit the IronKey store.
NOTE: I have not received any compensation to provide information about IronKey. After I have received my IronKey (purchased with my own money), I will provide a further, hands-on review. On a disappointing note, I asked IronKey to provide me with information that would be of particular relevance to law firms evaluating IronKey as a solution for securing data in the field, buy my inquiries did not receive a response. I am hopeful that the customer service for owners is more responsive.