Review: IronKey Secure USB drive

IKThere used to be a time when our society was built and maintained by blood, sweat, and hard work. Today, however, our world runs on information and communication. With the ever growing amount of digital information that we create, modify, and share on a daily basis the need for ensuring the security of that information also increases.

One of the most common methods in today’s world for transferring our important data from one place to another is the ubiquitous USB memory key (or Thumb drive, or Memory stick, or little magic contraption of wonderfulness). With the current availability of high capacity, small form-factor USB flash memory comes a universal availability of inexpensive storage devices. Don’t believe me? Go to your local computer store (heck even Wal-Mart) and look for the USB drive section, if there is not an entire aisle in the store dedicated solely to these little titans of data migration then there is definitely a large section of one.

This universal availability comes at a cost though, more of us every day are loading Gigabytes worth of personal, corporate, or even government related information onto these, for the most part, COMPLETELY unsecured devices. There is also a growing trend, in all forms of consumer electronic devices, towards making everything as small as the laws of physics will allow. How many Über-micro cell phones have you lost? When’s the last time you set that Ipod mini down and couldn’t remember where? Now compare the size of most modern electronic devices to your USB drive, it’s virtually invisible isn’t it? So what happens when you misplace your memory key (which, incidentally, I did this morning. No idea where that thing is.) that contains all of your personal photos, hours of music, or top secret plans to take power from your boss and rule with an iron fist? Your only option, in most cases, is to hope that some Good Samaritan finds it, realizes that you’re the only geek in the place, and returns it to you. That’s a pretty scary “disaster recovery plan” if you ask me.

Out of this need for data security has risen the “secure flash drive”. The availability of not only high capacity, but high security USB devices is on the rise. The prices still aren’t as low as the unsecured ones (you can find a few biometric ones for $60 or so) but the benefits outweigh the added costs if you regularly transport sensitive data. Most secure flash drives employ one or multiple encryption algorithms to protect your data and rely on password authentication, and a few even have built in biometrics (read: fingerprint reader). These methods tend to work very well, but what if someone REALLY wants your data? Through the use of sophisticated software tools MOST encryption algorithms can be broken in a matter of time, and there are methods of bypassing biometrics if the desire is there. Once the security gate is breeched, all of your information is laid out waiting to be taken. What happens if you drop the contraption in a puddle of water? Sometimes we forget about the physical aspect of security. There are VERY few USB devices that are truly water proof.

This is where the IronKey comes in. The IronKey is a relatively new face in the world of secure USB drives (founded in 2005), but their contribution is not to be overlooked. The device is visually stunning and is literally packed with features. The device boasts a waterproof rating higher than that required by the U.S. military (MIL-STD-810f), multiple levels of the cutting edge AES encryption technology, a secured and hardened version of Mozilla Firefox, the ability to surf on an encrypted anonymous connection (using an extension of the Tor anonymity network) directly from the device, a password manager, encrypted backups, and a plethora of online utilities. This thing is beefy in every sense of the term.

Let’s go over the physical aspects first. At first glance, the IronKey looks like any other USB drive in size and shape (75mm X 19mm X 9mm), except for its stylish brushed steel exterior and slightly hefty weight (at 0.8oz it does weigh a bit more than a standard USB drive). It’s visually impressive and honestly looks secure just from the outside. To achieve their impressive waterproof rating they’ve encased every portion of the internal components in an epoxy based substance so water can never be an issue, the end cap is even lined with a rubber gasket to further ensure the internal safety of the contraption. This epoxy potting compound also makes it virtually impossible to open the device and tamper with the internal components without causing irreparable damage. Now I’ve lost one or two USB keys because either the “pocket clip”, designed to hold the device snugly to your pocket, or the place where you hook a lanyard to the key has broken completely. The IronKey, however, has a hole drilled directly through the solid steel casing so that you can put the drive on your keychain or use the included lanyard. There’s even a space on the back where you can engrave your name (or an inventory number) with a ball point pen.

How does it keep your data safe? Well, unlike most secure drives, the IronKey uses hardware encryption. Hardware encryption is much faster than software encryption because the device itself handles everything, removing the load from the host PC. The use of hardware encryption also increases security because there are no “backdoors” that can be exploited. Hardware encryption also means that there are absolutely no drivers required to operate the device, which means that you don’t have to have administrative privileges to use the device. The onboard IronKey Cryptochip employs AES encryption technology which is what the US government uses for documents up to the TOP SECRET level. That’s pretty impressive. The AES keys are also never stored on the flash memory in the device; they are always stored on the Cryptochip itself, which is inaccessible through the device. Because other secure drives use driver-based or software-based encryption, they must allow the storage media to be “mounted” or connected to the OS before requiring full authentication, which means that someone could find a back door to your data before even being asked for authentication. The IronKey will not mount the storage volume until you have authenticated to the Cryptochip, which drastically reduces the possibility of someone sneaking in the back door and stealing your data. The password try-counter (how the device keeps track of failed attempts) is also implemented through hardware which protects against “memory rewind attacks” which basically reset the counter. As a last step of defense against “brute force” attacks, after 10 failed password attempts the device will “self destruct”, completely erasing all of the AES encryption keys as well as the data stored on the drive, rendering the IronKey completely useless.

Internal Design

So what else does this device come with? It has a “Self-Learning” Password manager which allows you to store your commonly used login information in an encrypted fashion on the device. This means that you can use the password manager anywhere that you can plug the device in. Also, since the device will automatically (after prompting for permission) fill in the security fields on your stored websites, your chance of being compromised due to key loggers is drastically reduced. It also has the ability to store “portable bookmarks”. Ever been at a computer other than your own and wished you could remember the address of that great site you wanted to show your friends? Just throw the IronKey into an available USB port, authenticate, and open up your bookmarks. It also has a “form filler” feature, similar to any other automatic form filler-outer, except that this one is encrypted on the IronKey so you don’t have to worry about keeping your credit card number in there. One of the best software features of this device is the “hardened and secured” version of Firefox. From the device you can launch an instance of Firefox that is preconfigured to be extremely secure. The connection is also shielded by an extension of the TOR anonymity network which passes all of your traffic through an encrypted tunnel similar to a VPN tunnel as well as masking your true IP address similar to a proxy. IronKey also controls the “exit point” which is the server through which your traffic will exit the Tor anonymity network to the Internet. The advantage of having a controlled exit point is that they constantly monitor their DNS settings to protect against fishing websites as well as adding another layer of malware protection. The final addition to this already robust package is the website. This website can be used to backup your IronKey passwords and list the IronKey as stolen which will prevent anyone from accessing your online account if they somehow crack the encryption on the device.

So, how well does the IronKey sales pitch stack up to reality? Pretty well actually. Setup is a breeze, you simply plug in the device and follow the on screen prompts to set up your account, AES encryption keys, and connect to your site. Once at the website, you will be asked to activate your IronKey. For me the activation email was instantaneous (within 30 seconds from pressing ok on the activation page to my inbox telling me I had a new message). Every time you insert the device an authentication window will pop up asking for your password, you can customize this page with contact info so that anyone who finds your drive can send it back to you. From the initial authentication page you can also choose to launch directly to your secured file storage, launch the IronKey control panel, or go directly to your webpage. The control panel is very well laid out (and quite aesthetically pleasing as well) and simple to navigate. From this panel you can control everything about the device. When you launch Internet explorer with the IronKey plugged in, you’ll find a handy new toolbar, with keys to access your account, manage your portable bookmarks, and access the form filler options. Now I’m not a big fan of Firefox, mainly because of its slow loading times, however, the secured Firefox from the IronKey seems to load a bit faster than normal. The password manager is easy to configure, just like Internet Explorer, it will ask you if you want to save the username and password after you enter it but it will also add that page to your bookmarks list. I’ve had one issue with the password manager, but I believe it’s more of an issue with my bank’s website than the IronKey’s implementation. Transfer speeds are what I would expect for a USB 2.0 drive. The IronKey documentation claims that the devices Dual Channel SLC NAND RAM should perform 4-8 times faster than the standard MLC flash but personally I didn’t notice a huge difference in transfer speed.

So, how much is that doggie in the window? No not the one with the waggley tail, the one with the encrypted government secrets! IronKey has 3 capacity drives out right now 1GB ($79.00), 2GB ($109.00), and 4GB ($149.00). These prices are in-line with standard pricing for secure flash drives. However, due to the expenses incurred by IronKey for operating their secured TOR network, these prices only include a 1 year subscription to their Secure Sessions Service. According to posts by IronKey staff on the IronKey support forum the price for renewal is not set as of this posting (though it’s suggested that the price may be within the $20 to $50 range which is nominal compared the security advantages gained through the Secure Sessions Service). IronKey has implied (on the same support forum) that the other online services (such as password backup and password manager backup) would still be available free of charge.

Overall I’ve been extremely pleased with this device so far. It’s easy to use, looks great, and has some very robust security features. IronKey has packaged military grade security with enterprise designed functionality into a device that your grandma could use.


Activate Your Iron Key

Setup Progress

Control Panel My.Ironkey.Com

Appearance = Rating: ★★★★★
Quality = Rating: ★★★★★
Ease-of-use = Rating: ★★★★½
Features = Rating: ★★★★★
Performance = Rating: ★★★★½
Value = Rating: ★★★★☆
Rating: ★★★★½