Hardwear.io Interview: Teardown and feasibility study of IronKey – the most secure USB Flash drive
Portable storage devices are small and can be easily lost. Using security measures to protect the data on them is therefore a good idea. Vendors offer USB storage devices with built-in encryption capabilities. What happens if you analyse how they work? What are the attack modes on these devices? There will be a presentation at Hardwear.io regarding a specific brand of storage devices. We have asked the author Sergei Skorobogatov about the security properties of IronKey devices.
HDD and SSD vendors have provided their devices with secure deletion and encryption features. How do IronKey devices compare to normal storage media?
Some HDD and SSD devices do offer encryption and secure deletion, as well as vendors of other USB Flash drives. The fundamental difference is that IronKey devices are certified with FIPS140-2 Level 3. This allows them to be sold to government and military clients. However, not all IronKey devices have secure chips validated with Common Criteria standards. As a result someone could easily attack them to allow an unlimited number of password attempts.
What was/is the main reason for missing research on the topic of IronKey security?
I think it is a combination of strong claims that deter any research and relatively difficult access to devices because of a robust metal case and full epoxy encapsulation.
What attacks are workable against the devices?
For making password attempts to be unlimited on some IronKey devices, I used NAND mirroring attacks (see reference  in the paper). For more protected devices, someone would have to extract data from a secure chip. This would require several months of research and access to sophisticated and expensive equipment. The details on possible approaches will be described during my talk and in my paper, which I plan to publish around the conference time.
What is your recommendation for securing data on removable storage media?
It should be a combination of several protection mechanisms. Ideally, a battery-backed key storage should be used. This will prevent easy access to the storage memory because the data will disappear on disconnection of the battery. All devices I looked at could be analysed off-line with information gathered using reverse engineering methods assisted with advanced imaging techniques. Chip manufacturers should first become aware of such methods where the contents of on-chip memory can be extracted and then the chip operation simulated without need of the actual device. Once they understand how this could be performed, some mitigation techniques and countermeasures could be brought forward. Another threat to secure devices is backdoors. As I showed back in 2012 (see reference  in the paper) many devices have factory debug ports. The same is true for all secure chips used in IronKey devices. The backdoor could be used to extract all the information from the chip and then brute force password off-line. Alternatively, the backdoor could be used to reset the password attempt counter.