Teardown and feasibility study of IronKey -- the most secure USB Flash drive

TL;DR

This paper conducts a detailed teardown and security evaluation of IronKey USB drives, the most secure devices with high-level certifications, revealing potential vulnerabilities and assessing their true security level.

Contribution

It provides the first public analysis of IronKey devices' hardware security, exposing potential flaws and comparing them with competitors to inform users and guide future research.

Findings

Potential hardware vulnerabilities identified

Comparison with competitor devices conducted

IronKey's security claims are critically evaluated

Abstract

There are many solutions for protecting user data on USB Flash drives. However, the family of IronKey devices was designed with the highest security expectations. They are definitely standing above others by being certified to FIPS 140-2 Level 3 and also claimed as certified by NATO for Top-Secret use. Many encrypted USB drives had been evaluated and found insecure, however, no public research on IronKey devices was made. This feasibility study fills the gap by looking inside the IronKey family of devices. As a result the users of the IronKey devices could be assured about the real level of the security protection they get. Several generations of devices from IronKey family and competitors are teared down, their hardware solutions discussed and evaluated for possible attacks. Some potential flaws are exposed and those findings are likely to stimulate further research into specific solutions aimed to protect user data.