IronKey Personal Secure Flash Drive Personal User Manual

User Guide

IronKey Personal

Secure Flash Drive

PAGE 1IRONKEY USER GUIDE

Thank you for your interest in IronKey.

IronKey is committed to creating and developing
the best security technologies and making them
simple-to-use, affordable, and available to every­one. Years of research and millions of dollars of
development have gone into bringing this tech­nology to you in the IronKey.

For a quick product overview, you can also view
our online demos at https://www.ironkey.com/demo.

We are very open to user feedback and would
greatly appreciate hearing about your comments,
suggestions, and experiences with the IronKey.

Standard Feedback:

feedback@ironkey.com

Anonymous Feedback:

https://www.ironkey.com/feedback

User Forum:

https://forum.ironkey.com

PAGE 1IRONKEY USER GUIDE

CONTENTS

What is it?

Meet the IronKey
Core Features
Device Diagrams
Technical & Security Notes
IronKey Device Security

IronKey Services Security

How Does it Work?

Product Walkthrough

Initializing and Activating Your IronKey on Windows
Using the IronKey Unlocker on Windows
Initializing Your IronKey on a Mac
Using the IronKey Unlocker on a Mac
Initializing Your IronKey on Linux
Using the IronKey Unlocker on Linux
Using the IronKey Control Panel
Using the IronKey Virtual Keyboard
Using the Onboard Firefox & Secure Sessions Service
Using the IronKey Password Manager
Using the Secure Backup Software

 ImportingaDigitalCerticateintotheIronKey

Using my.ironkey.com
Using Your IronKey in Read-Only Mode

Product Specications

3

3
3

5

6

6
7

9

9
9

11
12

13
13

14
16
18

19

21

23

24

26

28

29

What’s Next?

Where can I go for more Information?
Who is the IronKey Team?
Contact Information

30

30

30

31

PAGE 2IRONKEY USER GUIDE

What is it?

Meet the IronKey

The IronKey Personal Secure Flash Drive, designed to be the world’s

most secure USB ash drive, protects your data, passwords, and Internet

privacy with some of today’s most advanced security technologies. Even
if your IronKey is lost or stolen, your data remains protected and can
even be restored to a new IronKey from an encrypted backup. While the
underlying security technologies are complex, the IronKey is simple to use
and you only need to remember a password to unlock it.

Core Features

Hardware-Encrypted Flash Drive

Your IronKey can safely store 1, 2, 4 or 8 gigabytes of documents, applica-

tions, les and other data. The IronKey Cryptochip inside the IronKey
protects your data to the same level as highly classied government infor-

mation, and it cannot be disabled or accidently turned off.

Self-Destruct Sequence

If the IronKey Cryptochip detects any physical tampering by a thief or a
hacker, it will self-destruct. Similarly, after 10 consecutive invalid password
attempts

Anti-Malware Autorun Protection

Your IronKey helps protect you from many of the latest malware threats

targeting USB ash drives. It will detect and prevent autorun execution of

unapproved programs, and it can be unlocked in a Read-Only Mode.

your IronKey will self-destruct using ash-trash technology.

PAGE 3IRONKEY USER GUIDE

Portable Cross-Platform Data Access

The IronKey Unlocker allows you to access your encrypted les on Win­dows 2000, XP, Vista, Mac OS X and numerous distributions of Linux.

Simple Device Management

Your IronKey includes the IronKey Control Panel, a central launchpad for
launching your applications, editing your preferences, and safely locking
your IronKey.

Secure Data Recovery

Securely back up the data on your IronKey using IronKey’s Secure Backup
software. It allows you to recover your data to a new IronKey in case
your IronKey is ever lost, and even synchronize data between IronKeys.

Stealth Browsing Technology

Surf the Web safely and privately through almost any network, even across
unsecured wireless hotspots, with IronKey’s Secure Sessions Service. It
can be easily toggled through the onboard Mozilla Firefox web browser.

Self-Learning Password Management

Securely store and back up all your online passwords as you go with the
IronKey Password Manager. It allows you to automatically log into your
online accounts to avoid keylogging spyware and phishing attacks.

Online my.ironkey.com Account

You can manage all of your IronKeys online at https://my.ironkey.com, a
secure website that requires two-factor authentication to access it. Here
you can recover forgotten passwords, disable device services, and more.

Online Security Vault

If your IronKey is ever lost or stolen, you can easily restore your online
passwords from an encrypted online backup.

Waterproof & Tamper-Resistent

The IronKey was designed to survive the extremes. The
IronKey’s rugged metal casing is injected with an epoxy
compound that makes it not only tamper-resistent, but
waterproof to military specications (MIL-STD-810F).

PAGE 4IRONKEY USER GUIDE

Up to 8 gigabytes
of secure storage

INCLUDES

“Flash-Trash” technology
for complete data erasure

SMART

Stores data up to 10 times
longer than ordinary flash drives

RELIABLE

Waterproof & tamper­proof metal casing

RUGGED

IronKey Cryptochip with
military-grade cryptography

SAFE

Transfers data up to 8 times
faster than ordinary flash drives

FAST

The World’s Most Secure Flash Drive

TM

Rugged metal case

lled solid with epoxy

Multi-color LED

Drilled hole for

keyring/lanyard

Device Diagrams

The IronKey has been designed from the ground up with security in mind.
A combination of advanced security technologies are used to ensure
maximum protection of your data. Additionally, the IronKey has been
designed to be physically secure, to prevent hardware-level attacks and
tampering, as well as to make the device rugged and long-lasting. You can
rest assured that your data is secured when you carry an IronKey.

Metal Cap

Area to engrave
your name/code

Stamped unique

serial number

This IronKey Cryptochip is hardened against physical attacks such as pow-

er attacks and bus snifng. It is physically impossible to tamper with its

protected data or reset the password counter. If the Cryptochip detects
a physical attack from a hacker, it will destroy the encryption keys, making

the stored encrypted les inaccessible.

USB 2.0

Connector

PAGE 5IRONKEY USER GUIDE

Technical & Security Notes

We are endeavoring to be very open about the security architecture and
technology that we use in designing and building the IronKey devices and
online services. There is no hocus-pocus or handwaving here. We use
established cryptographic algorithms, we develop threat models, and we

perform security analyses (internal and third party) of our systems all the

way through design, development and deployment. Your IronKey is FIPS



IRONKEY DEVICE SECURITY

Data Encryption Keys

» AES keys generated by onboard Random Number Generator
» AES keys generated by user at initialization time and encrypted
» AES keys never leave the hardware and are not stored in NAND ash

Self-Destruct Data Protection

» Secure volume does not mount until password is veried in hardware
» Password try-counter implemented in tamper-resistent hardware
» Once password try-count is exceeded, all data is erased by hardware

(FIPS 186-2)

Additional Security Features

» USB command channel encryption to protect device communications
» Firmware and software securely updateable over the Internet
» Updates veried by digital signatures in hardware

Physically Secure

» Solid, rugged metal case
» Encryption keys stored in the tamper-resistent IronKey Cryptochip
» All chips are protected by epoxy-based potting compound
» Exceeds military waterproof standards (MIL-STD-810F)

Device Password Protection

The device password is hashed using salted SHA-256 before being trans­mitted to the IronKey Secure Flash Drive over a secure and unique USB
channel. It is stored in an extremely inaccessible location in the protected
hardware. The hashed password is validated in hardware (there is no “get­Password” function that can retrieve the hashed password), and only after
the password is validated is the AES encryption key unlocked. The pass­word try-counter is also implemented in hardware to prevent memory
rewind attacks. Typing your password incorrectly too many times initi-

ates a patent-pending “ash-trash” self-destruct sequence, which is run in

hardware rather than using software, ensuring the ultimate protection for
your data.

PAGE 6IRONKEY USER GUIDE

Password Manager Protection

The IronKey Password Manager and my.ironkey.com work together, giving
you the ability to back up your online passwords to your Online Security
Vault at my.ironkey.com. First, you must unlock your IronKey device, which
requires two-factor authentication. Your passwords are securely stored in

a hidden hardware-encrypted area inside the device (not in the le sys­tem), being rst locally encrypted with 256-bit AES, using randomly gener-

ated keys encrypted with a SHA-256 hash of your device password. All
of this data is then doubly encrypted with 128-bit AES hardware encryp­tion. This is the strongest password protection we have ever seen in the
industry.

When you back up your passwords online, IronKey performs a complicat­ed public key cryptography handshake with IronKey’s services using RSA
2048-bit keys. After successful authentication, your encrypted block of
password data is securely transmitted over SSL to your encrypted Online
Security Vault within one of our highly-secure data facilities.

IRONKEY SERVICES SECURITY

Secure Facilities

IronKey hosts its online services at state-of-the-art third-party data cen­ter facilities. Physical access to the IronKey systems requires multiple lev­els of authentication, including but not limited to hand geometry biomet-

ric readers, “man trap” entry, government-issued photo ID verications

and individual access credentials. Each data center facility is equipped with
numerous surveillance cameras, motion detectors, and a sophisticated
alarm system. The IronKey infrastructure resides in a secured cage. The
entire facility is monitored by dedicated on-site security personnel on a
24x7 basis.

Secure Environments & Policies

Logical access to the IronKey environments is controlled by multiple lay­ers of network technologies such as rewalls, routers, intrusion preven­tion systems and application security appliances. For additional protection,
IronKey partitions its online services and backend applications into differ­ent network segments with independent security rules and policies.

Secure Communications & Data at Rest

When users access IronKey web sites and services, all information is ex­changed over an encrypted channel. This is accomplished through Secure

Socket Layer (SSL) and by utilizing VeriSign Secure Site and VeriSign Secure
Site Pro certicates. To ensure additional security for its services, IronKey
qualied for and is using Extended Validation SSL. The IronKey applica-

tions encrypt all sensitive data prior to transmitting it within the IronKey
network and storing in databases.

PAGE 7IRONKEY USER GUIDE

Secure Sessions: Making Tor Faster and More Secure

IronKey maintains a secure, private Tor network with its own, high-perfor-

mance servers (separate from the public Tor network). This improves the

overall security in at least two ways:

Since IronKey controls the “exit-node” in your encrypted Tor

circuit, we can ensure that no one is injecting unwanted or
malicious content into your online communications, such as
advertisements or spyware. You are not assured this level of
security with other publicly-run exit-nodes.

IronKey can also make sure that no exit-node is redirecting

your web trafc by providing addition DNS protections. This

anti-pharming measure can also help mitigate phishing attacks
and other online threats.

Find lots more technical information at https://learn.ironkey.com.

PAGE 8IRONKEY USER GUIDE

How does it work?

Product Walkthrough

Your IronKey Personal Secure Flash Drive consists of the following components:

» IronKey Unlocker (Windows, Mac and Linux)
» IronKey Control Panel (Windows only)
» IronKey Virtual Keyboard (Windows only)
» Mozilla Firefox & IronKey’s Secure Sessions Service (Windows only)
» IronKey Password Manager (Windows XP & Vista only)
» IronKey Secure Backup (Windows only)
» my.ironkey.com (Windows only)

Standard Usage Requires:

» Windows 2000 (SP4), XP (SP2), Vista, Mac OS X (10.4+) or Linux (2.6+) computer
» A USB 2.0 port for high-speed data transfer
» An email address and Internet connection for the online services

INITIALIZING & ACTIVATING YOUR IRONKEY ON WINDOWS

When you open the package, you will nd one IronKey Secure Flash Drive, one lanyard, and a

Quick Start Guide. Below is a brief description of the standard way of setting up an IronKey:

Step Description

1 Plug the IronKey into your

Windows computer’s USB port.

2 The “Initialize Your IronKey”

screen will appear.

Your IronKey can be initialized on a Windows 2000, XP
or Vista computer (see Mac and Linux instructions be­low). To use the full speed of the IronKey, plug it into a
USB 2.0 port.

The IronKey autoruns as a virtual CD-ROM.

This screen may not appear if your computer does not
allow devices to auto-run. You can start it manually by

double-clicking on the IronKey icon in “My Computer”
and running “IronKey.exe”.

PAGE 9IRONKEY USER GUIDE