New Readers

 Home News and World Report Buyers Guide Global Excellence Technology Case Studies Editorial Awards About Info Security
2008 Best Deployment Scenario

Preventing every major attack type on USB drives



According to the FBI, SANS and others, preventing data leakage is the number one security priority in 2008.  This encompasses a range of security vulnerabilities, especially related to USB flash drives.  As the world’s most secure flash drive, the Ironkey was designed to prevent every major attack type on USB drives currently known. Those attacks include:

  • Brute force attacks against data encryption keys
  • Brute force attacks upon passwords used on a USB drive
  • Offline attacks where data can be discovered prior to device mounting
  • Keyboard login attacks
  • Electrical power attacks on USB channels

The IronKey is the worlds most secure flash drive. Its military-grade encryption, password management and centralized administration provide unprecedented security for portable data. The IronKey Cryptochip’s always-on hardware encryption is based on the US government Advanced Encryption Standard. The Cryptochip generates the encryption keys, which never leave the hardware and are known to no one. Should a hacker get past the epoxy body, the Cryptochip’s patented tamper-proof circuitry causes it to self destruct. Users can make an encrypted backup of their data, allowing data recovery should their IronKey be stolen or damaged.  No drivers are needed to use the IronKey.

Info Security Products Guide
this article
COMPARE and print reports
RATE products

Tomorrow's Technology Today - Security Management Device


The IronKey delivers its best-in-class security for USB flash drives through leading-edge cryptographic and security technologies. Its military-grade encryption, password management and centralized administration provide unprecedented security for portable data.

  • All data on an IronKey is encrypted. The IronKey uses 128-bit Advanced Encryption Standard (AES) Cipher Block Chaining (CBC) mode hardware-based encryption. AES is the strongest encryption standard available, and CBC mode is by far the strongest implementation available due to the use of initialization vectors.  Other products use AES in Electronic Code Book (ECB), which has a higher data leakage rate and is not as secure as the CBC mode. IronKey’s always-on hardware encryption meets all government standards for data protection including HSPD 7 and FIPS 140-2 – the IronKey is in the final stages of the National Institute of Standards and Technology (NIST) certification.
  • The IronKey encryption keys are generated at the time of initialization by the end-user, and stored in tamperproof hardware so they will never leave the device.  Competitive products are not as secure because they either use software encryption or hardware encryption where the keys are generated at the factory.  As of February 21, 2008, software-based encryption has now been proven to be highly vulnerable new form of vulnerability referred to as a “cold boot” attack, making it of questionable viability in its current form.  For those competitors that do use hardware encryption, the fact that their encryption keys are provisioned on the device at the factory makes them vulnerable to backdoor attacks.
  • The IronKey is protected against physical attacks Should a hacker get past the epoxy body, the Cryptochip’s patented tamper-proof circuitry causes it to self destruct. Users can make an encrypted backup of their IronKey data, allowing data recovery should the device be stolen or damaged.  No drivers are needed to use the IronKey. The IronKey meets MIL-STD-810F requirements for rugged devices and exceeds it for water tolerance. The interior of the IronKey is filled solid with an epoxy-based potting compound. This seals in all the components and prevents the IronKey from being crushed, even under extremely high pressure. The process of trying to physically remove encrypted data from the flash drive is next to impossible.
  • The IronKey is protected against brute-force attacks on the user password.  Any intruder that logs ten failed password attempts initiates the IronKey’s self-destruct sequence based on our patent-pending “flash/trash” technology.  This technology destroys the memory at a low level leaving no trace of data behind.
  • The IronKey is architected for high performance, reliability and endurance and is optimized for long life. It is rated for reads of up to 30 MB per second, and writes of up to 20 MB per second. The IronKey’s SLC flash memory is good for 100,000 write cycles, versus 5,000 cycles for competing devices, which use MLC flash memory.
  • The IronKey comes in both individual and managed versions, each of which provides unique benefits to its target customers.  IronKey Personal combines IronKey’s always-on encryption with security software and services.  IronKey Standard comes with portable Firefox, the IronKey Password Manager, IronKey’s Secure Sessions Service, as well as secure backup.
    • Password Manager simplifies password management and provides protection against keyboard logging attacks. 
    • Secure Sessions is a TOR-based network that provides anonymity and privacy when browsing online from any computer.
    • Secure backup creates an encrypted backup of data on an IronKey and allows the device to be restored in the event it is lost or stolen. 

  • IronKey’s managed version is called IronKey Enterprise.  In addition to the the robust features of IronKey Standard, IronKey Enterprise adds centralized administration and policy enforcement capabilities. IronKey Enterprise allows a single administrator to manage and rapidly deploy thousands of devices with an enforceable set of policies for all devices. Devices lost in the field can be shut down remotely. Additionally, IronKey´s patent-pending Secure Device Recovery technology permits recovery of a device’s contents without exposing the data on the device.
  • Each IronKey includes a client-side digital certificate, which can be used for strong authentication that meets the requirements of HSPD-12. IronKey Enterprise also includes seamless support for leading One Time Password (OTP) technology from RSA and VeriSign.
  • IronKey hosts its online services at state-of-the-art, third-party data centers. Physical access to the IronKey systems requires multiple levels of authentication, including but not limited to hand geometry biometric readers, "man trap" entry, government-issued photo ID verifications and individual access credentials. Each data center facility is equipped with numerous surveillance systems and is monitored on a 24x7 basis.
  • Logical access to the IronKey environments is controlled by multiple layers of network technologies such as firewalls, routers, intrusion prevention systems and application security appliances. For additional protection, IronKey partitions its online services and backend applications into different network segments with independent security rules and policies.
  • When users access IronKey Web sites and services, all information is exchanged over an encrypted channel. This is accomplished through Secure Socket Layer (SSL) and by utilizing Verisign Secure Site and Verisign Secure Site Pro certificates.

Conclusion: The IronKey provides the convenience of a USB drive, with the highest level of protection available. If the IronKey drive is lost or damaged, it can quickly and securely recover data from an encrypted backup. It uses state-of-the-art password management, encryption and authentication to secure your passwords and online accounts.

IronKey, Inc.
5150 El Camino Real, C31
Los Altos, CA 94022-1542 USA
Tel: +1 650 492 4055