User guide

PAGE 6IRONKEY BASIC USER GUIDE
Technical and Security Notes
We are endeavoring to be very open about the security architecture and
technology that we use in designing and building the IronKey. There is
no hocus-pocus or handwaving here. We use established cryptographic
algorithms, we develop threat models, and we perform security analyses
(internal and third party) of our systems all the way through design,
development and deployment.
IRONKEY DEVICE SECURITY
Data Encryption Keys
» AES key generated by onboard Random Number Generator
» AES key generated by customer at initialization time and encrypted
» AES key never leaves the hardware and is not stored in NAND ash
Self-Destruct Data Protection
» Secure volume does not mount until password is veried in hardware
» Password try-counter implemented in tamper-resistant hardware
» Once password try-count is exceeded, all data is erased by hardware
Additional Security Features
» USB command channel encryption to protect device communications
Physically Secure
» Solid, rugged case
» Encryption keys stored in the tamper-resistant IronKey Cryptochip
» All chips are protected by epoxy-based potting compound
» Exceeds military waterproof standards (MIL-STD-810F)
Device Password Protection
The device password is hashed using salted SHA-256 before being
transmitted to the IronKey Secure Flash Drive over a secure and unique
USB channel. It is stored in an extremely inaccessible location in the
protected hardware. The hashed password is validated in hardware (there
is no “getPassword” function that can retrieve the hashed password), and
only after the password is validated is the AES encryption key unlocked.
The password try-counter is also implemented in hardware to prevent
memory rewind attacks. Typing your password incorrectly too many times
initiates a patent-pending “ash-trash” self-destruct sequence, which is run
in hardware rather than using software, ensuring the ultimate protection
for your data.