Smart Storage The JumpDrive SAFE S3000 FIPS relies on a Gemalto .NET V2.2 FIPS smart card to provide security functions such as authentication and storage of encryption keys. The smart card uses a PKI-based challenge-response process for authentication.It is necessary to log in or the encrypted drive cannot be accessed, and access to the JumpDrive SAFE S3000 FIPS is blocked after a set number of password attempts are exceeded. At this point, the drive can be reset or wiped clean, or the user can be provided with a security question. However, if the user answers the security question wrong five times, then the device will render itself useless. It does this by zeroing out critical security parameters in the smart card after overwriting all data. The major weakness related to the use of the JumpDrive SAFE S3000 FIPS in an enterprise setting is that Lexar doesn't offer centralized management software to create accounts, establish security policy, and provision and monitor drive usage. Lexar does provide support for integration with third-party management tools, such as those from DeviceLock, Encryptx and Lumension. However, other solutions of this type, such as those available from IronKey and BlockMaster, include management software. The End-User Experience It's very easy to use the JumpDrive SAFE S3000 FIPS. I inserted it into a USB port, Windows Vista 64 automatically installed drivers, and I could see the new drive in Windows Explorer. I opened it and ran the JumpDriveS3000_PC.exe application, then created a password. Whenever I plugged the device in subsequently, the application icon appeared in the system tray. When I double-clicked on the icon, I was asked to log in and I could then access the SAFE partition. By right-clicking on the icon, I could safely remove the volume or lock it. I could also change settings, such as language, passphase or device name. Performance The JumpDrive SAFE S3000 FIPS performed very well in all my tests, which was no surprise because the device uses SLC flash memory. Using ATTO, reads and writes maxed out at 23,701MB per second and 30,200MB per second, respectively, using a 256KB-per-second transfer size. Copying a 987MB file to the encrypted volume took 50.68 seconds, and copying it back took 42.25 seconds, which is consistent with the ATTO results. For reference, my regular test USB stick turned in performances of 6,599MB per second write and 24,005MB per second read in ATTO. Matthew D. Sarrel is executive director of Sarrel Group, an IT test lab, editorial services and consulting firm in New York.
Data is encrypted using AES-256 bit technology in CBC (cipher-block-chaining) mode and using an on-board hardware cryptographic controller. Encryption keys are generated randomly at first use, not assigned and loaded before the device leaves the factory, where the keys could be stolen. The unit mounts as two volumes on Windows and the Mac-one volume is for the software needed to log in, and the other is the encrypted volume. (The device cannot be used on a Linux platform.)