IronKey: Secure USB Flash DrivesIronKey - Device Security


IronKey Device SecurityProtecting your data and privacy requires more than just encryption—adequate security policies and threat mitigation are essential.

The IronKey has been designed from the ground up with security in mind. A combination of advanced security technologies are used to ensure that only you can access your data. You can rest assured that your data is protected when you carry an IronKey.

Locking Your Device with a Password:

When you first initialize your IronKey, you create a password for that device. This password must be entered after you plug your IronKey into a computer's USB port. The encrypted drive will only mount and be accessible if the password is correct.

To prevent unauthorized people or crimeware (malicious software such as viruses and Trojans) from gaining access to your encrypted drive, the IronKey prevents password guessing attacks (e.g. brute-force or dictionary attacks). After 10 incorrect password attempts (and ample warnings), the IronKey locks out all further password attempts. It initiates a patent-pending self-destruct sequence that securely and permanently erases your encryption keys and data. You can use IronKey's Secure Backup software to restore your backed-up data to a new IronKey.

Hardware-Level Security:

Hardware-based encryption systems can be vulnerable to brute-force attacks if they store a counter in the flash memory. The attacker simply rewinds the counter after every attempt. It is then only a matter of time before the system is cracked. To mitigate such a threat, the IronKey uses a separate cryptographic processor (the IronKey Cryptochip) with its own internal password guessing counter. This counter is not stored in the flash memory, so is not vulnerable to memory rewind attacks.

Preventing Physical Attacks:

This IronKey Cryptochip is hardened against physical attacks such as power attacks and bus sniffing. It is physically impossible to tamper with its protected data or reset the password counter. If the Cryptochip detects a physical attack from a hacker, it will destroy the encryption keys, making the stored encrypted files inaccessible.