For those who have not read the preview of the IronKey, in summary it is a USB flash drive with a dedicated hardware encryption chip and a self-destruct ability, bundled with secure means of accessing internet and storing your passwords.
Is the tamperproof and waterproof IronKey the toughest and most secure USB flash drive in the world?
We tested the 4GB version for you below.
Whilst your run-of-the-mill thumb drives would be packaged in one of those impossible-to-open-without-inflicting-grievous-bodily-harm blister packages, the IronKey came in a box. The presentation is simple and effective – a picture of the IronKey and a handful of words summarising the main features. It heralds the arrival of something different, something unique in the crowded USB thumb drive scene.
Inside the box, the IronKey and its lanyard is nestled snugly in block of foam. Again the presentation is excellent, the IronKey stands out against the black background. The company logo is cut into the foam above the drive with the lanyard and ring set inside the logo. The drive feels heavy and is substantially heavier than the average thumb drive. The potted metal casing and epoxy filled innards ensures that there is no flex or give in the unit. The front face of the unit is badged "IronKey" accompanied by the company logo; the back of the unit is stamped with a serial number and space to inscribe your name.
The cap is constructed of the same material as the body of the flash drive with the inside being lined with rubber making for a very tight fit. The alignment of the cap to the body is not perfect but the tight inner-fit no doubt serves its purpose to the keep the connector dry. The lanyard attaches to the body of the flash drive itself, not the cap, presumably to avoid the cap being accidentally pulled off and losing the drive. I was mildly disappointed that the simple action of pushing the lanyard through the opening peeled back the black outer membrane of the cord and exposed the clear nylon core. Personally I think having a nice metallic chain makes a bigger statement: “Don’t mess with me, punk!”
The overall size of the drive measures 75 x 19 x 9 mm. As I found out the hard way, the thickness can be an issue when trying to slot into vertically stacked USB ports.
Enclosed within the packaging is a brochure titled "Meet the IronKey". It has a page summarising the key features of the IronKey and a page guiding you through initialising and activating your IronKey. Basic support information is also included along with an invitation to find more information online.
Getting acquainted with the IronKey
First up it is important to note that the IronKey currently only supports Windows XP and Vista. There is OS X and Linux support in the pipeline.
Secondly it relies on the "Autoplay" feature to launch the IronKey interface each time the device is plugged in. If you are like me and despise the "Autoplay" feature, then all you need to do is execute IronKey.exe in Windows Explorer from the drive which has the IronKey logo appearing beside it. The "IronKey Launcher" area of the drive
is the only area that is readable without the password It contains the IronKey "authentication client" and the executables for Firefox, Privoxy and the Password Manager files.
The very first time the device is plugged in it automatically takes you through the initialisation process. When you are prompted to enter a password a “traffic light indicator” appears on screen showing the strength of the password you enter. The indicator appears to be based on the length rather than complexity of the password.
Once your password is confirmed, the drive takes a few minutes to initialise and generate AES encryption keys. This is the point of no return, you must have your password to access data from the secure area of the drive. There is an option to backup your password online in case you forget it.
At the completion of this phase you are given an option to activate the IronKey now or later. Activation is required to access features such as password backup, device/software updates and access to IronKey’s encrypted web surfing service.
The activation process takes a few steps to complete. You need to create an account with your chosen username and password. Next you are required to provide answers to three or more (if desired) pre-ordained “secret questions”. Then you get to choose a “secret picture” and finally a “secret phrase”. After all that you are emailed an activation code to complete the process.
Why so many steps? The answer is security. The concept is that when you connect to the IronKey portal you type in your username, your secret picture will then be displayed prior to you entering the password. This is designed to prevent you from being hijacked to a fake IronKey portal page and having your password stolen. The secret phrase is used in the subject of all emails from IronKey to prevent phishing attempts.
The two-factor authentication means your IronKey must be connected to your machine and the website accessed from the secure copy of Firefox on the drive itself before you can access the options on the website. Without the IronKey connected, you can access the website in "Safe Mode" which requires knowing your username, secret picture, password and answering one or more secret question(s) accurately. After all that effort, you will be able to recover the device password (assuming it is backed up online) or mark the IronKey as lost.
Using the IronKey
The IronKey requires two drive letters on the system. One for the IronKey Launcher area and one for the encrypted file system. The IronKey Launcher area is unsecured but read-only. The secure area shows up as a "removable drive" when the device is locked. When unlocked, it is labelled "IronKey Secure Files".
The autoplay interface to unlock the IronKey provides the following action options:
“View files stored on IronKey drive”
“Launch IronKey Control Panel”
“Log into my.ironkey.com”.
The “View files stored on IronKey drive” action launches the Windows Explorer.
The “Launch IronKey Control Panel” action is more interesting. It brings up a
menu on the left with buttons to launch various actions such as:
“Secure Files” — launches Windows Explorer;
“Secure Backup” — launches a program to create an encrypted backup on your local computer. You can select files and folders, which are then backed up to a destination of your choice on your local machine. The folder structure is faithfully recreated and the files retain their extensions. However, all files are encrypted and cannot be opened.
“Password Mgr” — a built-in password manager that stores your credentials in a secure area of the IronKey. It can be backed up online at the IronKey website, and has a password generator that can create passwords up to 99 characters in length at either “normal strength” (alphanumeric) or “stronger strength” (all characters).
“my.ironkey.com” — launches the secure copy of Firefox from the IronKey and authenticates you into the IronKey portal. The current build of the IronKey launcher, does not support third-party applications to be added to the Control Panel. This feature is in their future roadmap. That is not to say that you can’t execute your own software from the IronKey as it supports any application that does not need to write into the Windows Registry.
IronKey for Advanced Users
The Control Panel page has a number of features for the Advanced users. These include changing preferences, passwords and proxy settings. More interestingly, it provides for features such as:
“Software updates” – ability to easily upgrade the software on the IronKey when new versions are released.
“Lost and Found” – a customisable message which is displayed each time the IronKey is inserted into the system and waiting to be unlocked.
Secure Web Surfing
The IronKey Secure Sessions service and the Firefox browser provides an encrypted tunnel to the internet via IronKey’s own networking servers. It offers a high level of security whilst being on the internet. Your traffic exits from a known point on the internet – a server controlled by IronKey, which performs checks against known
domain name databases to ensure you have not been hijacked to a known phishing site.
The copy of Firefox is fully functional and allows you to customise it like a normal installation. You can install add-Ons, themes or updates as new versions are released by Mozilla. There are already IronKey add-ons pre-installed on this copy of Firefox.
For those who must use Internet Explorer, the IronKey password manager integrates seamlessly into Internet Explorer.
The IronKey claims speed performance figures of up to 30 Mb per second for read, and up to 20 Mb per second for write as tested in a laboratory conditions. I ran some quick tests (not under laboratory conditions and my methodology was far from scientific although repeatable). I used an Acer Travelmate 8204 with Microsoft Robocopy to run two sets of read and write tests.
The first test was to copy 543 Mb of files of varying sizes to and from the IronKey (I used a subset of the PortableApps suite as the guinea pig). The second test was with two 1 Gb VOB files from a DVD.
The results are as follows:
As expected, reading and writing large contiguous files performs far better than numerous small files which are closer to real life usage. There are plenty of other factors involved such as local disk defragmentation, actual throughput over the USB port, and operating system overhead that would affect the overall performance.
IronKey recommends that you perform an anti-virus and spyware scan prior to the first use of the device. It assumes you have some technical proficiency with computers, or at least in the case of a corporate, someone with technical knowledge to issue them as IronKey (understandably) makes no recommendation on how to perform the scans.
I also ran into problems in using the IronKey with a non-administrator account. This was a feature that I was particularly interested in from a system administrator point of view. Whilst the IronKey support website didn’t resolve my issue, it provided an option to email IronKey Support and nominate for a callback within a specified time slot. Since I am on the other side of the world from them and love my beauty sleep, I opted for an email response which duly arrived overnight. The response was fairly standard given that I gave a reasonable amount of details on the issues.
Whilst I was initially disappointed that IronKey Support could not shed any light on the issue except with a fairly generic response, I understood why when I tested the unit again and the feature worked perfectly. The difference being that initially I tested the device in a virtual environment, the second test was on a physical machine. This information has been passed onto the QA team.
IronKey has recently announced their IronKey Enterprise Special Edition for military and enterprise environments. It is designed for use on sensitive networks and automatically performs dynamic drive mapping to function seamlessly in enterprise environments with network-mapped drives. It does not include Firefox, Secure Sessions, Secure Updates or the IronKey Password Manager that ships with the consumer version of the device and therefore would suit environments where the use of browsers and networking connections are strictly mandated.
The product has been submitted for FIPS2 Level 3 Certification in the US. In layman’s terms FIPS is a security certification given by the US National Institutes of Standards and NSA. Security at this level is usually reserved for specialised military applications. Word from the IronKey folks is that their product "will be the first flash drive on the planet to achieve FIPS-2 Level 3".
The IronKey is a little device packed with a lot of features and all the features work as advertised. It survived a dunk into my glass of water as shown in the photo. I opted not to go down the path of testing the self-destruction feature, I feel I can safely assume that this core feature is fully functional.
With the IronKey in my toolkit I am assured that if it is ever lost or stolen there is little chance my precious data could fall into the wrong hands. One feature I would like to see added is a timeout feature that automatically locks the IronKey after a user nominated idle period.
Finally, if you are the owner of a destroyed IronKey, you can ship it at your own cost to IronKey who will dispose of it in an “environmentally responsible way”.
Price: 1Gb – USD$79, 2Gb – USD$109 and 4Gb – USD$149 including first
year of Internet Protection. No details on future subscription costs
available at the time of writing.
Many thanks to the folks at IronKey for providing the device for review.