There are many solutions for keeping user data secure on USB Flash drives. However, the family of IronKey devices was designed with the highest security expectations. They are definitely standing above others by being certified to FIPS 140-2 Level 3 and also certified by NATO for Top-Secret use. Despite of many devices being evaluated and found insecure, no public research on IronKey devices was made. The purpose of this talk is to present a feasibility study that fills the gap by looking inside the IronKey family of devices. As a result the users of the IronKey devices could be assured about the real level of the security protection they get.
Several generations of IronKey devices from early models to the latest ones will be teared down and their hardware solutions will be discussed and evaluated for hardware security. Some potential flaws will be exposed and those findings are likely to stimulate further research into specific solutions being used to protect the user data.
Dr Sergei Skorobogatov is a Senior Research Associate at the University of Cambridge Computer Laboratory and a member of the Security Group. He has background in chemistry, electronics, physics and computers. He received PhD degree in Computer Science from the University of Cambridge in 2005 and MSc degree in Physics in 1997. His research interests include hardware security analysis of smartcards, microcontrollers, FPGAs and ASICs.
Sergei pioneered optical fault injection attacks in 2001, which have influenced major rethink within semiconductor industry on the security protection of ICs and forced introduction of new evaluation procedures and countermeasures. Sergei's previous research has substantially improved side-channel attacks and optical fault injection attacks. His recent research set new standards on data extraction from embedded EEPROM and Flash memory, while latest achievements demonstrated superior imaging capabilities of embedded memory. Sergei is a member of Program Committees at several major worldwide conferences on hardware security of semiconductor chips.