Lexar’s JumpDrive SAFE S3000 FIPS is the first USB flash memory storage device to use a smart card for authentication and encryption to keep the data stored on it safe from prying eyes. And, in eWEEK Labs’ tests, the ruggedized device took a beating and kept on reading.
The Lexar device is an excellent choice for a single user or a few corporate users who need rugged and encrypted USB storage. The user interface is streamlined and well-designed, and performance was consistently good in testing. However, the device’s management capabilities don’t measure up to rivals’, and it is pricey compared with “regular” USB drives: $99 for the 2GB model and $199 for the 8GB model. The device is also noticeably heavier than a typical USB flash drive, at 1.7 ounces. In fact, I believe that when attached to a lanyard, it would be as effective as a sock full of quarters during a physical altercation.
During testing, the first thing that struck me about the JumpDrive SAFE S3000 FIPS is how solidly constructed it is. The actual memory is sealed within a metal case using a military-grade epoxy compound. If someone did manage to crack the case, the memory inside would be destroyed.
It’s hard to imagine the JumpDrive SAFE S3000 FIPS being damaged accidentally. During tests, I dropped it on a concrete floor, spiked it on the same floor as if I’d just scored a touchdown, and threw it down a flight of stairs as well as off the roof of my four-story building. All that torture testing caused no more than superficial damage to the device. Not even whacking it straight on from three different angles by dropping a 2-pound weight from a foot above the device caused a problem.
For comparison, my test USB memory stick survived nothing more than a simple drop to the floor.
The device’s only vulnerability is the actual USB metal connector, which could be easily snapped off using pliers and shearing force or a hammer from exactly the right angle. But that wouldn’t do anyone any good-the outer shell of the device would be destroyed, but the data inside of it would remain inaccessible.
The JumpDrive SAFE S3000 FIPS is Department of Defense MIL-STD-810F waterproof. While I was unable to test in deep water where there would have been significant pressure on the device (Lexar says the device is waterproof to 30m), I did subject the JumpDrive SAFE S3000 FIPS to multiple liquid tests.
First, I tied it to a buoy and threw it into Barnegat Bay, where it hung about 6 feet deep in salt water for about a month. Afterward, the data was still intact. I just had to make sure that I dried off the USB connector before mounting the drive. Data on the drive also remained intact after a full wash and rinse cycle in the dishwasher (a test my normal USB drive survived, as well).
The JumpDrive SAFE S3000 FIPS relies on a Gemalto .NET V2.2 FIPS smart card to provide security functions such as authentication and storage of encryption keys. The smart card uses a PKI-based challenge-response process for authentication.
Data is encrypted using AES-256 bit technology in CBC (cipher-block-chaining) mode and using an on-board hardware cryptographic controller. Encryption keys are generated randomly at first use, not assigned and loaded before the device leaves the factory, where the keys could be stolen. The unit mounts as two volumes on Windows and the Mac-one volume is for the software needed to log in, and the other is the encrypted volume. (The device cannot be used on a Linux platform.)
It is necessary to log in or the encrypted drive cannot be accessed, and access to the JumpDrive SAFE S3000 FIPS is blocked after a set number of password attempts are exceeded. At this point, the drive can be reset or wiped clean, or the user can be provided with a security question. However, if the user answers the security question wrong five times, then the device will render itself useless. It does this by zeroing out critical security parameters in the smart card after overwriting all data.
The major weakness related to the use of the JumpDrive SAFE S3000 FIPS in an enterprise setting is that Lexar doesn’t offer centralized management software to create accounts, establish security policy, and provision and monitor drive usage. Lexar does provide support for integration with third-party management tools, such as those from DeviceLock, Encryptx and Lumension. However, other solutions of this type, such as those available from IronKey and BlockMaster, include management software.
The End-User Experience
It’s very easy to use the JumpDrive SAFE S3000 FIPS.
I inserted it into a USB port, Windows Vista 64 automatically installed drivers, and I could see the new drive in Windows Explorer.
I opened it and ran the JumpDriveS3000_PC.exe application, then created a password. Whenever I plugged the device in subsequently, the application icon appeared in the system tray. When I double-clicked on the icon, I was asked to log in and I could then access the SAFE partition. By right-clicking on the icon, I could safely remove the volume or lock it. I could also change settings, such as language, passphase or device name.
The JumpDrive SAFE S3000 FIPS performed very well in all my tests, which was no surprise because the device uses SLC flash memory.
Using ATTO, reads and writes maxed out at 23,701MB per second and 30,200MB per second, respectively, using a 256KB-per-second transfer size. Copying a 987MB file to the encrypted volume took 50.68 seconds, and copying it back took 42.25 seconds, which is consistent with the ATTO results.
For reference, my regular test USB stick turned in performances of 6,599MB per second write and 24,005MB per second read in ATTO.
Matthew D. Sarrel is executive director of Sarrel Group, an IT test lab, editorial services and consulting firm in New York.