PAGE 6
IRONKEY ENTERPRISE USER GUIDE
Technical & Security Notes
We are endeavoring to be very open about the security architecture and
technology that we use in designing and building the IronKey devices and
online services. There is no hocus-pocus or handwaving here. We use
established cryptographic algorithms, we develop threat models, and we
perform security analyses (internal and third party) of our systems all the
way through design, development and deployment.
Your IronKey is FIPS
140-2 Level 2 validated (Certificate #938).
IRONKEY DEVICE SECURITY
Data Encryption Keys
»
AES keys generated by onboard Random Number Generator
(FIPS 186-2)
»
AES keys generated by user at initialization time and encrypted
»
AES keys never leave the hardware and are not stored in NAND flash
Self-Destruct Data Protection
»
Secure volume does not mount until password is verified in hardware
»
Password try-counter implemented in tamper-resistent hardware
»
Once password try-count is exceeded, all data is erased by hardware
Additional Security Features
»
USB command channel encryption to protect device communications
»
Firmware and software securely updateable over the Internet
»
Updates verified by digital signatures in hardware
Physically Secure
»
Solid, rugged metal case
»
Encryption keys stored in the tamper-resistent IronKey Cryptochip
»
All chips are protected by epoxy-based potting compound
»
Exceeds military waterproof standards (MIL-STD-810F)
Device Password Protection
The device password is hashed using salted SHA-56 before being trans-
mitted to the IronKey Secure Flash Drive over a secure and unique USB
channel. It is stored in an extremely inaccessible location in the protected
hardware. The hashed password is validated in hardware (there is no “get-
Password” function that can retrieve the hashed password), and only after
the password is validated is the AES encryption key unlocked. The pass-
word try-counter is also implemented in hardware to prevent memory
rewind attacks. Typing your password incorrectly too many times initi-
ates a patent-pending “flash-trash” self-destruct sequence, which is run in
hardware rather than using software, ensuring the ultimate protection for
your data.