Itâ€™s not very often that Iâ€™m truly impressed by a gadget. But when I find something that fills a serious need in a clever and intuitive way that Iâ€™ve never seen anyone do correctly before, Iâ€™m impressed.
Iâ€™ve finally found my cross-platform secure file storage and transportation solution: The IronKey.
As a computer security analyst, I frequently have to store and transport files that are sensitive to say the least. I primarily use a Macintosh, so my solution in the past has been to create an encrypted disk file on the Mac and store it on a standard USB drive. You can mount my USB drive and read it anywhere, but you cannot get the data out of the encrypted file unless you know my decryption key. Itâ€™s secure, but itâ€™s not cross platformâ€”I canâ€™t read those files on a Windows or Linux machine. This is a major problem for me because I work on a lot of Windows computers.
In Windows, encryption is not easy because the operating system does not come with useful file encryption software. Yes, technically there is a service called the Encrypting File System, but to make a long story full of technical minutiae short, it doesnâ€™t really work in the real world, especially not for moving files securely from machine to machine.
So in Windows, you have to rely on 3rd party software. Which means you have to install 3rd party software. Which means you can only use your secure thumb drive on computers where your 3rd party software has been installed. Which means itâ€™s basically useless for transporting your files unless you want to buy a copy of your encryption software for every computer youâ€™re going to use it on ever. Not really a solution.
Furthermore, there is no encryption application that works with encrypted files the same way on Windows and Macintosh except some very primitive command line utilities that basically nobody is ever going to use because theyâ€™re horrifically inconvenient.
The IronKey looks like a typical USB flash drive in a shiny metal case. Itâ€™s a little heavier (because itâ€™s waterproof and filled with a non-conductive rosin to make it impossible to open) but otherwise pretty much what youâ€™d expect. Whatâ€™s different about IronKey is that your data is written to the flash memory in encrypted form by a microprocessor onboard the device itself. Thereâ€™s no software installed in your computer to make it work, and it works the same way on all platforms. Furthermore, the IronKey uses AES, a very strong form of encryption that will keep everybody including the NSA out of your data.
When you mount it, two new devices show up: What appears to be a CD-ROM drive and an empty removable media drive.
The virtual CD-ROM drive is what makes the IronKey so clever. It is used to mount a read-only software partition that contains the software you need to use to unlock the driveâ€™s secure partitionâ€”so you donâ€™t need to install software on your computer and the software is always available.
Using the drive is as simple as opening the CD-ROM partition, running the IronKey application, and providing your password. The encrypted partition will then mount as if it were a regular USB flash drive.
When you first use the IronKey, you have to provide a password and initialize the key during which time the encryption keys are generated. IronKey uses AES encryption. Initializing takes about 30 seconds and can only be performed in Windows at the time of this writing.
When the IronKey is locked, the drive appears as if it were ejectedâ€”the drive letter appears but the computer will tell you to insert a disk.
Also included is a secure backup utility that makes a copy of your data in encrypted form on your PCâ€™s hard disk. The data cannot be accessed unless you restore it to an IronKey, so the backup is safe from prying eyes. The backup utility provides peace of mind that losing the key doesnâ€™t mean losing your files.
Portable Firefox is also included, which is a version of Firefox that stores all its data on the USB flash drive, leaving no trace of your browsing on the computer that you use. Itâ€™s actually a free product from portableapps.com, but itâ€™s a great program to include. You may want to check out www.portableapps.com for other great free software that you can use securely with this device.
Best of all, the IronKey works the same way on the Macintoshâ€”just double click the IronKey CD-ROM drive, and run the IKControlPanel app. It takes your password and the new IK_SECURED drive shows up. Viola, cross platform. On the down side, the Mac utility cannot yet initialize the drive, change passwords, or backup the IronKey data the way the Windows software can, so if you donâ€™t have access to a Windows computer, you will need to wait until theyâ€™ve finished porting those functions to the Mac. The device does work fine in Parallels, vmware, and Bootcamp, so if you have a windows installation on your Mac you can use it to set the device up.
IronKey does not yet support Linux or other Unix operating systems. Unix is a bit harder to support since each operating system is somewhat different, but IronKey could provide a Java applet for unlocking the key. That would be a way to support all Linux and Unix users since Java is pretty ubiquitous.
IronKey encrypts data with an onboard processor implementing AES encryption with an xxx bit keylength. The crypto keys are stored on the device in a special portion of memory that cannot be read via USBâ€”it can only be unlocked and read by the onboard processor. Unlocking the key storage is performed through a challenge/response mechanism to prevent the secret password from being transmitted via USB.
The only theoretical security flaw in the process is the possibility that a computer with a mounted IronKey could also be running a keylogger. The keylogger could potentially capture the password as the user typed in the password. A better method of sending the password to the device would be to randomly place characters on the screen and have the end-user click on the letters. This would defeat mouse and keyboard logging or playback attacks against the challenge/response algorithm. It could be provided as an alternative mechanism for times when you donâ€™t necessarily trust the computer youâ€™re accessing your key from.
I strongly recommend the IronKey for anyone who has a requirement to carry private, classified, sensitive, or secret information. While a keylogging vulnerability exists, this flaw also exists in most other security software available at the moment, and it is a flaw that could be closed in a future release. IronKey is the first cross-platform solution to secure file storage that Iâ€™ve found that is convenient enough to actually use.