Over the last few years there have been a number of new entrants to the USB flash product space that position themselves as “security devices”, these devices typically build on top of their flash heritage by adding encryption software (ala PGP Disk) that is resident on the token, this software is typically invoked via the Windows AutoPlay mechanisms which then mounts a encrypted volume.
These solutions are “neat” and all, but they have a number of short-comings, two of the most significant being:
1. All of the units I have played with up until now do the encryption in software – The problem with this is that the encryption and decryption happens in user space, this means that one can attach a debugger and extract the associated key material; there are techniques that can be applied to make this more difficult but in the end there is no way to prevent such attacks (see Playing hide and seek with stored keys by Shamir and van Someren).
2. All of the units I have played with up until now require administrative privileges to “provision” a machine they hook into – This is problematic as well since I often want to use a flash drive on guest PCs as a means to share content (like we used to do with floppy disks) and people do not want you installing software, especially drivers to get a presentation.
The other thing about these tokens is they offer insufficient visible value to justify their increased cost, this is often the case with security solutions after all if it’s designed well and working you barley know it’s there.
Then there is the business proposition these tokens have, since the encryption is happening in memory the incremental value is pretty limited since an attacker with physical access (which should generally be presumed) can via a number of ways bypass the protections such devices have, for example a software device that offers a “lockout” capability can be modified (via a single hex editor) to never lock out then your down to brute forcing the password using their own software.
There is a new class of devices, best represented by the IronKey offering coming to market now that address these gaps as well as try to address the value-proposition problem-set by introducing subscriber functionality that helps make the token increasingly valuable.
Let’s look at the current generation of IronKey devices and explore how its different than the other tokens out there.
First off IronKey took a page out of the Apple playbook and have packaged this thing up first class, when you look at the package you can see thought was given it has a crisp look, a solid feel, when you open up the box you see the IronKey itself is well protected sitting safely in a foam bed cut to fit the key.
Then there is the token itself, its waterproof, made of aluminum with some sort of lacquer coating to keep it looking nice (and it meets MIL-STD-810F), the inside of the device is potted to help protect against physical attacks, to top things off they have made the device both tamper evident and tamper resistant (how well their mechanisms work here are outside the scope of this review).
But what about the first run experience? Well other than the fact you have to acknowledge to Windows AutoPlay request (that is a onetime problem if you acknowledge the risk and tell Windows to always run the IronKey application when the token is inserted) it goes pretty smoothly, you register with their web service (including Human Interface Proofs, and selection of images to aid in Phishing detection in later sessions). The core service offered by the web service is pin recovery and software updates, but the key thing about the first run experience is that once your registered with the service your encrypted volume shows up to Windows and your ready to go.
Once the token is setup you have a few features available to you:
· Onboard instance of FireFox that is configured to use IronKey’s TOR like Anonymizing network for browsing, this also allows you to keep favorites with you on your token.
· Onboard password manager that is integrated with both IE and Firefox via ad-ins, this unlike the browsers native password cache stores the passwords on the encrypted volume to keep them protected; this is a important problem for home users (who commonly do not have passwords) where systems have to use weak mechanisms to derive a secret to keep a secret.
· Onboard password generator that can be used to generate STRONG passwords that you can’t remember but the IronKey can for you (see: The Great Debates: Pass Phrases vs. Passwords. Part 1 of 3, The Great Debates: Pass Phrases vs. Passwords. Part 2 of 3, The Great Debates: Pass Phrases vs. Passwords. Part 3 of 3 and Microsoft Security Guru: Jot down your passwords).
· A smartcard, currently its only used within FireFox (via the supplied PKCS#11 library) to authenticate to the IronKey service; the key here is that each token has a IronKey issued device certificate that can be used to bootstrap stronger trust relationships with others.
Features are one thing, but what about “how” they executed on those features? Well I have not done a formal analysis of the token but from discussions with folks at IronKey and some basic observations I think they have done things right, for example:
· They used a TLS based mechanism to protect the exchange of the pin/password from user mode to the token; thus one can’t simply install a USB bus monitor and see the exchange of the password, in the past I have looked at products that in a similar situation chose to just obscure the exchange using something as basic as a XOR but these guys went the extra mile to use proven “real” security techniques to protect this exchange, this is particularly important when inserting a device like this into a guest PC.
· As mentioned earlier they have gone out of their way to implement tamper resistant and tamper evident mechanisms into the solution so it’s not simply a crypto-processor; They are even currently in the NIST Implementation Under Test (ITU) Phase for FIPS 140-2 Level 3 certification.
· It’s actually a high speed USB flash device (high speed 30MBS read, 20MBS write), that’s right you can use the drive for ReadyBoost.
· Designed with conformance with NIST cryptographic guidelines in mind (Recommendation for Key Management – Part 1: General, Cryptographic Algorithms and Key Sizes for Personal Identity Verification)
· They built lockout and “file shredder” capabilities into the hardware, unlike their software counterparts an attacker would have difficult time bypassing the lockout mechanisms on this token, if you lock the token out your data is done and the token is a brick and its all done in hardware you can’t just patch a file to get by this protection.
Well if after reading all I just said you must think this thing is perfect, well it’s not; that’s not to say the token doesn’t kick proverbial ass (it does IMO) but as a security device striving to in-part be a retail channel play (see: Can you sell strong authentication in the retail channel?) it has accepted the struggle of not becoming a ‘Jack of all trades and a master of none.’, some key concerns:
· Usability – One of my favorite quotes is “when given a choice most uses will choose consistency over efficiency”, this is particularly important when trying to enter the retail channel (see: More autistic than artistic...); I am not saying that the IronKey offering isn’t usable but if they want this to resonate with consumers (people more like my wife than me) they need to make the software less “geek” friendly and more “human-ready” (I highly consider the use of design shops like Thirtteen23 and frogDesign).
There are also some other usability oriented work they could do, for example random generated passwords are great, especially when they are managed by the token but I still want a chance to log into a application or website when I don’t have the token with me for that to be possible I either need to generate my own passwords I can remember or they need to provide a mechanism to generate pronounceable passwords (see FIPS 181).
· So close, yet so far away – The hybrid USB token market is a interesting place you have players like IronKey and GuardID with the smartcard, encrypted volume devices, then there are the traditional flash vendors like Kingston adding hardware encryption to their existing tokens, and then the smartcard vendors like Aladdin are adding flash support to their tokens.
I should say that right now I think IronKey is the best overall available offering but that’s some stiff competition, for them to stay on top they need to really innovate in the software they offer so that they can continue to standout as these other solutions are likely to continue to beet IronKey on cost simply because they don’t do as much and ship in larger volumes.
· Is it just too different? – Today consumer electronic devices are starting to use flash drives as a means to do firmware upgrades in the field, this is great as it means it’s now practical to get the latest software on our TVs and home entertainment devices, the downside with devices like the IronKey is that these devices cannot use the encrypted volume and since no clear volume is provided users may end up feeling “burned” that they spent their good money on this token but can’t use it like their lesser expensive cousins.
· Not functional enough? – Although the first version of the IronKey trounces the competition in breadth right now it’s a little short on depth in some areas, the most notable absence is that of CryptoAPI integration; for those not familiar CryptoAPI is the windows platform for Cryptography and Certificates, the token has all of the “right stuff” as it were but the goal of not requiring admin means extending Windows was not possible, they need to find a graceful way to bridge this gap.
I also would like to see more consumer oriented functionality maybe integration with WinLogon to enable local logon with the IronKey, maybe a local Windows Single Sign-On functionality that would be able to manage passwords for local applications as well as the current web password manager.
There are other possibilities too, like integration with Windows contact manager, maybe roaming user profiles onto the token, integration with the new smartcard root store functionality to carry trust anchors (like the IronKey Browser CA).
· Not secure enough? One of the most significant risks devices like this have is that of pin monitoring (especially on guest systems), the devices use of TLS to protect the passage of the pin from the host PC is great but there is the path between the keyboard and their application that is not protected. Examples include physical key loggers, as well as logical ones.
There are a number of techniques that can be applied to mitigate the risks of key loggers, but all of the ones I can think of right now either require a online service to be available at login (e.g., challenge response like systems), administrative privileges and work to get the pin prompt into session 0 (this does not help with physical key loggers or root kits) or hardware changes.
· Can you make these things cool? – Now I am a paranoid security guy, so I personally think these things are cool but sadly (or luckily for the rest of the world) most people are not like me, thus there needs to be something about these that make them “cool” for normal people; since I am as far from a expert on cool as there is I can’t tell you what that is but I strongly believe this will be needed for retail success. On a related note there is a Korean company marketing a graphical password scheme to the masses, the ads clearly are marketed at the young “hip” crowd maybe there is a lesson here.
It’s about time I shut up and summarize my experience with the token, I think the IronKey team has done a great job, they have a long road to hoe but they made some good decisions on what to include in their v1 offering as and from my perspective delivered the best available option on the market in for a secure flash device today and as long as they use that platform as the basis for future work and do not orphan the early adopters I think they have a strong chance of success.