Encrypted USB Key With TOR, Firefox

An anonymous reader writes "Gizmodo has a writeup on the new IronKey — a self-destructing, hardware-encrypted and -authenticated USB flash drive with on-board secure Firefox, high-speed TOR network, password manager, and online encrypted backup. Here is the demo page. $79 for a 1GB, $149 for 4GB." Ironkey works on XP and Vista only. Let's hope its self-destruct feature works better than Secustick's.

If it works

If it works, spies will love it.

I bet it gets cracked within 30 days.

Mmmm?

Most of the spies you know?

Re:Mmmm?

Spies? Who said anything about Spies Comrade. Natasha bring some nice tea for Moose and Squirrel here. - Boris Badenov

/soto voice/ Remember to put truth serum in it this time /

Yes dollink -Natasha Fatale

How long until it is illegal to possess one?

In how many countries is it already illegal to possess one?

10 tries?

after ten consecutive failed password attempts, the IronKey self-destructs

For better security, type the wrong password nine times before you take it on the plane.

Demo page.

The demo page is mostly blank. Oh, well. Guess it saved on web design costs?

XP and VISTA only

Ironkey works on XP and Vista only.

Remember, it's only secure as long as you don't plug it in.

I know, I know. I kid.

Re:XP and VISTA only

When I read that it only works under XP and Vista, the first thought that I had was actually that, instead of Ironkey, they should have called it Irony ;P

Useless because of host security

If you don't trust the host machine, it can log the password, read/alter your data after the valid password is entered and even maliciously destroy your data by simulating 11 wrong authentication attempts. If you do trust the host, there is little point in hardware encryption/authentication. And if your flash drive is physically stolen, it's enough to have plain software file encryption. Sounds like a solution in search of users who misunderstand the problem.

Re:Useless because of host security

If you do trust the host, there is little point in hardware encryption/authentication.

It is still a good idea to have hardware that supports it. In particular, USB flash drives have a tendancy to store logical changes to data in new physical locations. They do this in order to minimise the number of writes to any one portion of the drive, and thus extend the lifetime of the flash memory. Normally this is a good thing, but for encryption purposes it is a pain since it makes it difficult to change / revoke a key without overwriting the entire drive. Of course, if you suspect a key has been compromised it is just good practise to do so anyway ( or better yet, destroy the drive).

Re:Useless because of host security

It isn't useless because of host security. They need to make a mod that fit my needs. I need it to have a timer on it that after I update the data, it expires after a set time in days. After it expires, it can erase everything. The problem with encrypted data is that it can be decrypted. Destroying the data on the USB drive prevents rubber-hose-attacks and law enforcement could not detain me beyond the auto destruct time I set in days. In other words, destroying data means beating or detaining me to get my passphrase now becomes a useless attack. I don't think it is fair to suggest no one has a use for self-destructing systems; they assure the data can never fall into the wrong hands.

I, however, am looking for a USB key with the encryption and password entry built into the key itself. I am looking to enter the password or fingerprint on the device. That way, I am not dependent on the host. The drive could allow mounting after the biometric or password are supplied to it, and present a FAT32 volume, which would mount on any OS. I am looking for a portable solution.

Re:Useless because of host security

I agree. The best security is to have your own trusted CPU/display/input (i.e. a laptop or pda). This is getting easier all the time -- a PDA or cellphone is close to sufficient for most non-data-entry tasks.

Failing that, I'd go with something which uses commodity, standard, and commonly available technology at the lowest level possible. It's PROBABLY the case that a DVI monitor is not bugged; much less likely that a random DVI monitor at a net cafe is itself secure than that the host OS is secure.

The host OS and applications installed are by far the weakest link. I carry a laptop everywhere, but the next step down from that is a bootable USB flash drive with your choice of secured OS installation on it. It's easy enough to implement disk encryption.

It is also fairly straightforward to use "write only" public key cryptography (i.e. each time you save your work, encrypt it with a public key, the private key for which is held on trusted hardware at home).

The only customization I'd do to the USB dongle would be for protecting the keying data -- some way to mount a / partition, but have a data partition which is encrypted with PKC held on the USB device, with only the passphrase being entered into the local PC, rather than an actual key entered via the host PC. This in practice only gives you marginally better security, as if you used a hardware-trojaned PC (or vmware installation...) to boot your USB device, that trojaned machine could just copy the relevant data out of your USB key.

There are a lot of "procedural" ways to improve security with this USB boot thing. Maybe have multiple partitions, each with different keys, per project or security level. If you're at a machine belonging to client A, and need access to client A files, you can stick your USB in a client A machine, boot, and then only unlock the client A partition on the USB. Or if you just need basic secure computing, but not access to your stored files, you could just unlock the OS partitions, leaving your own data partitions encrypted. Or, just buy multiple USB keys, and stick the least important key into the machine that is needed to accomplish your task.

Re:Useless because of host security

Z, Unfortunately you're not correct. The flash drive firmware would have to be able to parse the FAT file system in order for this to work. USB storage media does not receive data as files, but rather as blocks, at a much lower level than the windows file system. Also, your approach basically sends your password in the clear over USB. We AES encrypt our USB traffic, protecting your password from USB level sniffers. We have IronKey working on MacOS now, and are working on Linux. Please be aware that we are more than a secure flash drive. We've got hardware encrypted password storage, strong 2-factor authentication (the firefox has a PKCS11 driver that talks to our onboard crypto). Dave @ IronKey

High speed Tor

What caught my eye was the blurb about high speed Tor...

I thought, OMG! I want, NOW!!

Ha

"high-speed TOR network"

Don't make me laugh.... bitterly.

Bootable Debian on USB key with root encryption?

http://feraga.com/node/94 [feraga.com] - why not use this instead on any key...

pointless security

While you're decrypting your Sup3rs3kr3t w4r3z on the usb key, any malware* you haven't found yet is potentially logging every keystroke. You need to choose windows, or security; you really can't have both.

[*] - http://www.emsisoft.com/en/malware/?Adware.Win32.P owered+Keylogger [emsisoft.com]

Hmmm

But for $149 you could get a simple 16gb thumb drive and just use TrueCrypt...

Everyones the miracle device

I've write encryption software for use by normal users on USB devices (shameless plug: http://www.rtsz.com/products/pss/ [rtsz.com] ) and it never ceases to amaze the bullshit that people fall for.

I try my best to prevent false claims in our advertising, things like 'Your data is completely secure' falls into the false catagory as far as I'm concerned.

We've had two major companies asking us for secure USB devices to hold sensitive personal information, one of which was medical related, the other of which I dont recall right off the top of my head. Both of these places wanted software you could install on ANY flash drive, would encrypt all the data on it, would prevent the data from ever being copied off to another device, harddrive or whatever, and of course would automatically destroy itself if too many incorrect passwords were given.

Needless to say we were unable to help them, or even explain to them that what they were asking for is not currently possible. This is probably a failure to communicate on my part, but the real scary part is they went with other companies who claimed they could do it! Just to be clear, this was a software only solution running on any PC with the data on any flash drive.

Makes me wonder if we should start letting the BS flow in order to boost sales :(

This is old news..

I did a talk for my local LUG [eclug.net] back in September of 2006 describing exactly how to do this [eclug.net] using TrueCrypt [truecrypt.org] for Linux and Windows

I described in detail how to install, boot and use the USB key as a bootable Linux distribution, and also how to use the USB key in Windows (or Linux) with TrueCrypt, using some fancy tricks to auto-prompt for the password upon insertion of the key, how to use a slew of PortableApps on the key, and even a launchable menu to find and access them.

This was almost a full year ago. IronKey, whatever it is, is nothing new.

High-Speed TOR Network

``high-speed TOR network''

There is such a thing? I mean in terms of latency?

Typically self-destruct is bogus...

There is basically one option that works: A secure microcontoller, that keeps the key in internal RAM and does all the encryption and decryption itself. Everything else can be broken by interrupting or disabling the writes. AFAIK you cannot get any secure microcontroller for the price they claim. Certainly you cannot get one that does encryption and decryption with decent speeds.

According to the website, it does a "flash trash". This is insecure. Flash writing is relatively slow and draws a lot of energy. This allows stopping and preventing writes to flash. Also, unless they use special flash chips, the same hack as with the Secustick will work. Again, for the price I do not see them getting a specially bonded or manufactured Flash chip. Even if they do, desolder the chip and read it directly. You can then clone it for unlimited attack attempts.

I ecpect this will be relatively easy to break, just as the Secustick, i.e. at best a small step above a conventional stick encrypted, e.g., with TrueCrypt.

Irony

'IronKey' sounds a lot like 'irony'

Of course the irony would be that your most valuble data would become inaccesible because you forget your password.

Or law enforcement singles you out because you had this tool, known to be used by pedophiles and the likes...

It's ok.

Is it just me or do the majority of people that have need of something like this are not running Windows?

I use Fearless Browser

Instead of this, you can get Fearless Browser [moka5.com] for free and install it on any USB drive. It is far more secure than any Windows version because it runs in a Gentoo-based virtual machine. It comes preconfigured with Tor and OpenDNS anti-phishing, and is updated frequently. I carry it around everywhere I go and use it at friend's houses and public terminals that I don't trust.

I smelled bullshit

as soon as I read the part that said "high-speed TOR network"..

Right.. Anyone that's ever used TOR knows there ain't no such critter..

p.o.s.

Ironkey works on XP and Vista only.
Bbbzzzzzzt. You lose. Next solution, please.

Only works if someone doesn't know what it is

In all reality you wouldn't plug it in, you'd take the thing apart and dissolve the black goo. Then you would proceed with a hardware attack, reading the contents of the flash memory out and then attempt to crack the memory file.

Only if the attacker doesn't know what the memory stick is will it be able to erase itself.

hidden faq page https://learn.ironkey.com/faqs

https://learn.ironkey.com/faqs [ironkey.com] they should have put this on the home page but from what i read they've got their shit together....

Ok, but what if...

What if the computer has a keylogger and it logs the password that unlocks your data? Am I missing something?

Advertised Via SPAM

I wouldn't buy one of these to save my life. Jerks got my email address from our receptionist, added me to their marketing SPAM list, and guess what, their reply address and unsubscribe links are broken. I know where I'd like to stick their ironkey...

IronKey FAQ and Crypto White Paper

Thanks to everyone for your really interesting comments and questions. We will update our website to make it more clear that we have a FAQ section that answers many of the questions posed here on SlashDot. https://learn.ironkey.com/faqs [ironkey.com] We also have a whitepaper that describes how our hardware encryption works, the threat models, and how it is better than software encryption. https://learn.ironkey.com/docs/IronKey_Whitepaper- Benefits_of_Hardware_Encryption.pdf [ironkey.com] We released Windows versions first, as the majority of the market is using that OS. We are working on Linux and MacOS versions. Thanks, Dave Jevans @ IronKey

Self-destruct?

Hm...If it doesn't actually explode, then I don't want it.

-sigh- What happened to the good ol' days when something that was said to self-destruct would mean that it exploded?

Even cheaper, much better

I remember seeing this kind of application for U3 device on http://www.eisst.com/products/private_browser/usb- u3/ [eisst.com] and it was much cheaper than $79... which can work on any USB device, encrypting all your private information. And it doesn't expose saved data to OS.

-wz.

Re:Why The Fuck are such things MS-only?

The simple answer is that Linux already has far better security tools that a novelty like this can never match.

Re:Why The Fuck are such things MS-only?

Why is this kind of product not targetted directly at the kind of user who is aware of the issues at stake?

Because the kind of user who is aware of the issues at stake can recognise a pointless gadget when he sees one and knows he's far better off with something like TrueCrypt [truecrypt.org]?

Re:Why The Fuck are such things MS-only?

No, because the NSA needs a backdoor...

Re:Why The Fuck are such things MS-only?

``Why is this kind of product not targetted directly at the kind of user who is aware of the issues at stake?''

Because said users will also quickly identify this product as snake oil.

Re:Crap.

I doubt you can get real tamper-resistant Flash for anything close to "$79 for a megabyte".

For that price I would be willing to build you one, if you take at least 1GB size. Not too hard: A small, dedicated Linux computer, batteries, a strong steel box with light, shock and some other sensors, filled with epoxy and a keyboard on the outside. Tamper with it or enter your password wrongly several times and the power in the batteries is used to clear the encryption key in SRAM.

Still not very high security and might be a bit heavy...

Re:Mission Explodable.

So, will this explode, killing everyone in a 5 foot radius if an incorrect password is typed in?

That would be sweet as hell. I'd buy one if it did.

Re:Crap.

If the cryptochip automatically encrypted all I/O to and from the flash memory, storing the actual key in an area easily overwritten a ton of times the instant its tamper detection circuitry noticed something awry, I can see the data being secure, and resistant to someone reading it off device.

However, until there is a way to enter the password that is not on the physical host, I'm not sure what security this provides (other than being allowed to run as a non admin user) over TrueCrypt in Traveller mode.

Re:Why The Fuck are such things MS-only?

We started with M$ because it's the largest market. We have MacOS working in the lab and are also working on Linux support. We recognize that Linux users are the most security savvy, but that part of the market is miniscule compared to the Windows market (think about financial services, hospitals and government markets). We've spent over $7M in research and development on the product, and unfortunately we've got to target the larger markets first. - Dave Jevans. IronKey

Re:Crap.

The key storage IS tamper resistant. The chip will self-destruct if tampered with physically or electrically. This chip is separate from the flash memory where your data is stored AES encrypted. You are correct that the flash memory will not destroy itself if tampered with, but all data in there is AES encrypted. It is most important that the AES key be destroyed. Note that the devices are sealed with epoxy potting compound, which makes it extremely difficult to get the chips off the board without physically destroying them. To help you in your determination of shiny turdness, try reading our whitepaper on the security model and crypto employed. https://learn.ironkey.com/docs/IronKey_Whitepaper- Benefits_of_Hardware_Encryption.pdf [ironkey.com] Thanks, Dave Jevans. IronKey