IronKey Enterprise manual Technical & Security Notes

Page 7

Technical & Security Notes

We are endeavoring to be very open about the security architecture and technology that we use in designing and building the IronKey devices and online services.There is no hocus-pocus or handwaving here.We use established cryptographic algorithms, we develop threat models, and we perform security analyses (internal and third party) of our systems all the way through design, development and deployment. Your IronKey is FIPS 140-2 Level 2 validated (Certificate #938).

IRONKEY DEVICE SECURITY

Data Encryption Keys

»AES keys generated by onboard Random Number Generator (FIPS 186-2)

»AES keys generated by user at initialization time and encrypted

»AES keys never leave the hardware and are not stored in NAND flash

Self-Destruct Data Protection

»Secure volume does not mount until password is verified in hardware

»Password try-counter implemented in tamper-resistent hardware

»Once password try-count is exceeded, all data is erased by hardware

Additional Security Features

»USB command channel encryption to protect device communications

»Firmware and software securely updateable over the Internet

»Updates verified by digital signatures in hardware

Physically Secure

»Solid, rugged metal case

»Encryption keys stored in the tamper-resistent IronKey Cryptochip

»All chips are protected by epoxy-based potting compound

»Exceeds military waterproof standards (MIL-STD-810F)

Device Password Protection

The device password is hashed using salted SHA-256 before being trans- mitted to the IronKey Secure Flash Drive over a secure and unique USB channel. It is stored in an extremely inaccessible location in the protected hardware.The hashed password is validated in hardware (there is no “get- Password” function that can retrieve the hashed password), and only after the password is validated is the AES encryption key unlocked.The pass- word try-counter is also implemented in hardware to prevent memory rewind attacks.Typing your password incorrectly too many times initi- ates a patent-pending “flash-trash” self-destruct sequence, which is run in hardware rather than using software, ensuring the ultimate protection for your data.

IRONKEY ENTERPRISE USER GUIDE

PAGE

Page 6 Page 8
Image 7
Page 6 Page 8
Contents User Guide Feedback@ironkey.com Contents Self-Destruct Sequence Core FeaturesMeet the IronKey Hardware-Encrypted Flash DriveSimple Device Management Portable & Cross-Platform Data AccessSecure Local Backup & Data Recovery Self-Learning Password ManagementWorld’s Most Secure Flash DriveTM Device DiagramsTechnical & Security Notes Making Tor Faster and More Secure Password Manager ProtectionStandard Usage Requires Product WalkthroughActivation and Initialization Windows only My.ironkey.com’ button Using the IronKey Unlocker on a Mac 10.4+ Using the IronKey Unlocker on WindowsUsing the IronKey Unlocker on Linux Kernel Version must be 2.6 or higher Using the IronKey Control Panel Windows Only Vault at my.ironkey.com Using The Ironkey Virtual Keyboard Windows Only Ctrl + ALT + Using The Onboard Firefox & Secure Sessions Service windowsIronkey Enterprise User Guide Adding Portable Bookmarks Adding online accounts Using The IronKey Password Manager Windows XP & Vista OnlyIronkey Enterprise User Guide Software Windows only Using The Secure BackupUsing RSA SecurID onyour Ironkey WINdows Only Step Description Choose IronKey PKCS#11 Step Description Go to https//my.ironkey.com On Windows and Mac OS X Computers Usingyour IronKey in Read-Only Mode Windows, Mac, LinuxOn Linux Computers Keeping your IronKey Malware Scanner Up to Date Using the IronKey Malware Scanner Windows OnlyIronkey Enterprise User Guide Dimensions 75mm X 19mm X 9mm Product SpecificationsOperating Shock 16G rms Who is the IronKey Team? Where can I go for more info?IronKey Online Support Contact Information
Top Page Image Contents