How secure is it?
10
ABOUT MY DEVICE
IronKey Enterprise S1000 User Guide
HOW SECURE IS IT?
The IronKey Enterprise S1000 has been designed from the ground up with security in mind. A combination of
advanced security technologies are used to ensure that only you can access your data. Additionally, it has
been designed to be physically secure, to prevent hardware-level attacks and tampering, as well as to make
the device rugged and long-lasting.
The IronKey Cryptochip is hardened against physical attacks such as power attacks and bus sniffing. It is
physically impossible to tamper with its protected data or reset the password counter. If the Cryptochip
detects a physical attack, it destroys the Cryptochip, making the stored encrypted files inaccessible.
We strive to be very open about the security architecture and technology that we use in designing and
building this product. We use established cryptographic algorithms, we develop threat models, and we
perform security analyses (internal and third party) of our systems all the way through design, development
and deployment.
Device Security
Data Encryption Keys
• AES key generated by on-board Random Number Generator
• AES key generated at initialization time and encrypted with hash of user password
• No backdoors: AES key cannot be decrypted without the user password
• AES key never leaves the hardware and is not stored in NAND flash
Data Protection
• Secure volume does not mount until the password is verified in hardware
• Password try-counter implemented in tamper-resistant hardware
• Once the password try-count is exceeded, the device will initiate a permanent self-destruct
sequence.
• Sensitive data and settings are stored in hardware
Application Security
Device Password Protection
• USB command channel encryption to protect device communications
• Password-in-memory protection to protect against cold-boot and other attacks
• Virtual Keyboard to protect against keyloggers and screenloggers
The device password is hashed using salted SHA-256 before being transmitted to the device firmware over a
secure USB channel. It is stored in an extremely inaccessible location in the protected Cryptochip hardware.
The hashed password is validated in hardware (there is no “getPassword” function that can retrieve the hashed
password). Only after the password is validated, is the AES key available for encryption. The password try-
counter is also implemented in hardware to prevent memory rewind attacks.