User Guide
IronKey Personal
Secure Flash Drive
IRONKEY USER GUIDE |
PAGE |
|
|
Thank you for your interest in IronKey.
IronKey is committed to creating and developing the best security technologies and making them simple-to-use, affordable, and available to everyone. Years of research and millions of dollars of development have gone into bringing this technology to you in the IronKey.
For a quick product overview, you can also view our online demos at https://www.ironkey.com/demo.
We are very open to user feedback and would greatly appreciate hearing about your comments, suggestions, and experiences with the IronKey.
Standard Feedback: feedback@ironkey.com
Anonymous Feedback: https://www.ironkey.com/feedback
User Forum: https://forum.ironkey.com
IRONKEY USER GUIDE |
PAGE |
CONTENTS
What is it? |
3 |
Meet the IronKey |
3 |
Core Features |
3 |
Device Diagrams |
5 |
Technical & Security Notes |
6 |
IronKey Device Security |
6 |
IronKey Services Security |
7 |
How Does it Work? |
9 |
Product Walkthrough |
9 |
Initializing and ActivatingYour IronKey on Windows |
9 |
Using the IronKey Unlocker on Windows |
11 |
InitializingYour IronKey on a Mac |
12 |
Using the IronKey Unlocker on a Mac |
13 |
InitializingYour IronKey on Linux |
13 |
Using the IronKey Unlocker on Linux |
14 |
Using the IronKey Control Panel |
16 |
Using the IronKey Virtual Keyboard |
18 |
Using the Onboard Firefox & Secure Sessions Service |
19 |
Using the IronKey Password Manager |
21 |
Using the Secure Backup Software |
23 |
Importing a Digital Certificate into the IronKey |
24 |
Using my.ironkey.com |
26 |
UsingYour IronKey in Read-Only Mode |
28 |
Product Specifications |
29 |
What’s Next? |
30 |
Where can I go for more Information? |
30 |
Who is the IronKey Team? |
30 |
Contact Information |
31 |
IRONKEY USER GUIDE |
PAGE |
What is it?
Meet the IronKey
The IronKey Personal Secure Flash Drive, designed to be the world’s most secure USB flash drive,protects your data,passwords,and Internet privacy with some of today’s most advanced security technologies. Even if your IronKey is lost or stolen, your data remains protected and can even be restored to a new IronKey from an encrypted backup. While the
underlying security technologies are complex, the IronKey is simple to use and you only need to remember a password to unlock it.
Core Features
Hardware-Encrypted Flash Drive
Your IronKey can safely store 1, 2, 4 or 8 gigabytes of documents, applications,files and other data. The IronKey Cryptochip inside the IronKey protects your data to the same level as highly classified government information, and it cannot be disabled or accidently turned off.
Self-Destruct Sequence
If the IronKey Cryptochip detects any physical tampering by a thief or a hacker, it will self-destruct. Similarly, after 10 consecutive invalid password attempts your IronKey will self-destruct using flash-trash technology.
Anti-Malware Autorun Protection
Your IronKey helps protect you from many of the latest malware threats targeting USB flash drives. It will detect and prevent autorun execution of unapproved programs, and it can be unlocked in a Read-Only Mode.
IRONKEY USER GUIDE |
PAGE |
Portable Cross-Platform Data Access
The IronKey Unlocker allows you to access your encrypted files onWindows 2000, XP, Vista, Mac OS X and numerous distributions of Linux.
Simple Device Management
Your IronKey includes the IronKey Control Panel, a central launchpad for launching your applications, editing your preferences, and safely locking your IronKey.
Secure Data Recovery
Securely back up the data on your IronKey using IronKey’s Secure Backup software. It allows you to recover your data to a new IronKey in case your IronKey is ever lost, and even synchronize data between IronKeys.
Stealth BrowsingTechnology
Surf the Web safely and privately through almost any network, even across unsecured wireless hotspots, with IronKey’s Secure Sessions Service. It can be easily toggled through the onboard Mozilla Firefox web browser.
Self-Learning Password Management
Securely store and back up all your online passwords as you go with the IronKey Password Manager. It allows you to automatically log into your online accounts to avoid keylogging spyware and phishing attacks.
Online my.ironkey.com Account
You can manage all of your IronKeys online at https://my.ironkey.com, a secure website that requires two-factor authentication to access it. Here you can recover forgotten passwords, disable device services, and more.
Online SecurityVault
If your IronKey is ever lost or stolen, you can easily restore your online passwords from an encrypted online backup.
Waterproof &Tamper-Resistent
The IronKey was designed to survive the extremes. The IronKey’s rugged metal casing is injected with an epoxy compound that makes it not only tamper-resistent, but waterproof to military specifications (MIL-STD-810F).
|
|
|
|
|
|
|
|
|
IRONKEY USER GUIDE |
PAGE |
|
|
Device Diagrams
The IronKey has been designed from the ground up with security in mind. A combination of advanced security technologies are used to ensure maximum protection of your data. Additionally, the IronKey has been designed to be physically secure, to prevent hardware-level attacks and tampering, as well as to make the device rugged and long-lasting. You can rest assured that your data is secured when you carry an IronKey.
Rugged metal case filled solid with epoxy
Metal Cap
Multi-color LED
Drilled hole for keyring/lanyard
Area to engrave |
USB 2.0 |
|
Connector |
||
your name/code |
||
|
Stamped unique serial number
This IronKey Cryptochip is hardened against physical attacks such as power attacks and bus sniffing.It is physically impossible to tamper with its protected data or reset the password counter. If the Cryptochip detects a physical attack from a hacker, it will destroy the encryption keys, making the stored encrypted files inaccessible.
The World’s Most Secure Flash DriveTM
FAST |
SAFE |
RUGGED |
|
Transfers data up to 8 times |
IronKey Cryptochip with |
Waterproof |
& tamper- |
faster than ordinary flash drives |
military-grade cryptography |
proof metal |
casing |
RELIABLE |
SMART |
INCLUDES |
||
Stores data up to 10 times |
“Flash-Trash” technology |
Up |
to 8 |
gigabytes |
longer than ordinary flash drives |
for complete data erasure |
of |
secure |
storage |
IRONKEY USER GUIDE |
PAGE |
Technical & Security Notes
We are endeavoring to be very open about the security architecture and technology that we use in designing and building the IronKey devices and online services.There is no hocus-pocus or handwaving here.We use established cryptographic algorithms, we develop threat models, and we perform security analyses (internal and third party) of our systems all the way through design, development and deployment. Your IronKey is FIPS
140-2 Level 2 validated (Certificate #938).
IRONKEY DEVICE SECURITY
Data Encryption Keys
»AES keys generated by onboard Random Number Generator (FIPS 186-2)
»AES keys generated by user at initialization time and encrypted
»AES keys never leave the hardware and are not stored in NAND flash
Self-Destruct Data Protection
»Secure volume does not mount until password is verified in hardware
»Password try-counter implemented in tamper-resistent hardware
»Once password try-count is exceeded, all data is erased by hardware
Additional Security Features
»USB command channel encryption to protect device communications
»Firmware and software securely updateable over the Internet
»Updates verified by digital signatures in hardware
Physically Secure
»Solid, rugged metal case
»Encryption keys stored in the tamper-resistent IronKey Cryptochip
»All chips are protected by epoxy-based potting compound
»Exceeds military waterproof standards (MIL-STD-810F)
Device Password Protection
The device password is hashed using salted SHA-256 before being transmitted to the IronKey Secure Flash Drive over a secure and unique USB channel. It is stored in an extremely inaccessible location in the protected hardware.The hashed password is validated in hardware (there is no“getPassword” function that can retrieve the hashed password), and only after the password is validated is the AES encryption key unlocked.The password try-counter is also implemented in hardware to prevent memory rewind attacks.Typing your password incorrectly too many times initiates a patent-pending“flash-trash” self-destruct sequence,which is run in hardware rather than using software, ensuring the ultimate protection for your data.
IRONKEY USER GUIDE |
PAGE |
Password Manager Protection
The IronKey Password Manager and my.ironkey.com work together, giving you the ability to back up your online passwords to your Online Security Vault at my.ironkey.com. First, you must unlock your IronKey device, which requires two-factor authentication. Your passwords are securely stored in a hidden hardware-encrypted area inside the device (not in the file system),being first locally encrypted with 256-bitAES,using randomly generated keys encrypted with a SHA-256 hash of your device password. All of this data is then doubly encrypted with 128-bit AES hardware encryption.This is the strongest password protection we have ever seen in the industry.
When you back up your passwords online, IronKey performs a complicated public key cryptography handshake with IronKey’s services using RSA 2048-bit keys. After successful authentication, your encrypted block of password data is securely transmitted over SSL to your encrypted Online Security Vault within one of our highly-secure data facilities.
IRONKEY SERVICES SECURITY
Secure Facilities
IronKey hosts its online services at state-of-the-art third-party data center facilities. Physical access to the IronKey systems requires multiple levels of authentication, including but not limited to hand geometry biometric readers,“man trap” entry,government-issued photo ID verifications and individual access credentials. Each data center facility is equipped with numerous surveillance cameras, motion detectors, and a sophisticated alarm system.The IronKey infrastructure resides in a secured cage.The entire facility is monitored by dedicated on-site security personnel on a 24x7 basis.
Secure Environments & Policies
Logical access to the IronKey environments is controlled by multiple layers of network technologies such as firewalls,routers,intrusion prevention systems and application security appliances. For additional protection, IronKey partitions its online services and backend applications into different network segments with independent security rules and policies.
Secure Communications & Data at Rest
When users access IronKey web sites and services, all information is exchanged over an encrypted channel.This is accomplished through Secure
Socket Layer (SSL) and by utilizingVeriSign Secure Site andVeriSign Secure Site Pro certificates.To ensure additional security for its services,IronKey qualified for and is using ExtendedValidation SSL.The IronKey applications encrypt all sensitive data prior to transmitting it within the IronKey network and storing in databases.
IRONKEY USER GUIDE |
PAGE |
Secure Sessions: MakingTor Faster and More Secure
IronKey maintains a secure, private Tor network with its own, high-perfor- mance servers (separate from the publicTor network).This improves the overall security in at least two ways:
Since IronKey controls the“exit-node” in your encryptedTor circuit, we can ensure that no one is injecting unwanted or malicious content into your online communications, such as advertisements or spyware.You are not assured this level of security with other publicly-run exit-nodes.
IronKey can also make sure that no exit-node is redirecting your web traffic by providing addition DNS protections.This anti-pharming measure can also help mitigate phishing attacks and other online threats.
Find lots more technical information at https://learn.ironkey.com.
IRONKEY USER GUIDE |
PAGE |
How does it work?
Product Walkthrough
Your IronKey Personal Secure Flash Drive consists of the following components:
»IronKey Unlocker (Windows, Mac and Linux)
»IronKey Control Panel (Windows only)
»IronKeyVirtual Keyboard (Windows only)
»Mozilla Firefox & IronKey’s Secure Sessions Service (Windows only)
»IronKey Password Manager (Windows XP & Vista only)
»IronKey Secure Backup (Windows only)
»my.ironkey.com (Windows only)
Standard Usage Requires:
»Windows 2000 (SP4),XP (SP2), Vista,Mac OS X (10.4+) or Linux (2.6+) computer
»A USB 2.0 port for high-speed data transfer
»An email address and Internet connection for the online services
Initializing & Activatingyour Ironkey On Windows
When you open the package,you will find one IronKey Secure Flash Drive,one lanyard,and a
Quick Start Guide. Below is a brief description of the standard way of setting up an IronKey:
|
Step |
Description |
1 Plug the IronKey into your |
Your IronKey can be initialized on a Windows 2000, XP |
|
|
Windows computer’s USB port. orVista computer (see Mac and Linux instructions be- |
|
|
|
low). To use the full speed of the IronKey, plug it into a |
|
|
USB 2.0 port. |
2The“InitializeYour IronKey” The IronKey autoruns as a virtual CD-ROM. screen will appear.
This screen may not appear if your computer does not allow devices to auto-run. You can start it manually by double-clicking on the IronKey icon in“My Computer” and running“IronKey.exe”.
IRONKEY USER GUIDE |
PAGE |