The iStorage datAshur PRO is a small USB 3.0 drive created with the sole purpose of ensuring the safety of your data by using both software and hardware protective measures against any types of external attacks.
As the design may suggest, the datAshur PRO is a hardware-based encryption solution, so it relies on a built-in chip to perform the encryption and decryption process, therefore nullifying any type of possible vulnerability. To better understand how things work, let’s have a closer look at the differences between a software-based encryption solution and a hardware-based one.
Software vs Hardware Encryption
I’m sure that at least one of your USB drives suddenly disappeared and you did wonder what happened with all those photos, school documents, books or projects that you were working on for school or work which were stored on that drive. At that moment you decided to protect your data and encrypt your next USB drive with BitLocker and call it a day, but, while this is enough for most people that don’t always carry sensitive data with them, it may not be enough for the employees of a larger company or a SMB.
The reason for that is because while a software-type encryption program is usually cheaper and can easily be upgraded from an older generation to a newer one, the encryption process is done using the resources of the computer’s Operating System, so, if there is any vulnerability or flaw, it will compromise the device.This is simply impossible on a hardware-type encryption solution, mainly because it relies on an internal processor to generate the encryption key, so it doesn’t need external drivers or software. You may have also noticed that after you’ve secured your regular USB drive, your computer becomes a lot slower when reading/writing data on the drive and the reason for that is because the encryption software uses the host’s resources to encrypt/decrypt the data, something that doesn’t happen with a hardware encryption system, since as said before, it doesn’t rely on the resources from the host computer.
Furthermore, the software-based encryption is vulnerable to brute force attacks, while a device using a hardware-type encryption will delete the keys after a certain number of failed attempts (something which can save companies a lot of headache and money).
But, a flash drive that uses a hardware-type encryption cannot be upgraded, so, when the technology it uses becomes obsolete, you will have to physically replace it with a newer version and it is a lot more expensive than the software-type alternative. At the same time, to ensure that the computers aren’t vulnerable at all times, a company may need to purchase more licence fees and built a reliable IT department (and neither come cheap) – some SMBs may actually believe that only large companies are the target for hackers which is a very dangerous assumption, since they’re actually the easiest to exploit and every year the attacks on the SMBs is on the rise.
The iStorage datAshur PRO features a rectangular metallic case with plastic parts on the left and right side, while on top, you’ll notice a series of buttons and three LED lights (the keyring can be unscrewed to allow an easy way to add your keys). Inside the package, the manufacturer also provides an aluminium housing which ensures that the device is dust and water resistant (it is IP57 and MIL-STD-810F certified, so it should also be resistant to mechanical shocks, humidity and vibrations).
Considering that the USB drive relies on a separate processor for the encryption/decryption of the data, some attackers may attempt to remove the aluminium body and expose the internal hardware. To make sure that this can’t happen, iStorage has made the device tamper-proof which should destroy the processor in case someone tries to remove it.
Inside the case, there’s also a small 3.7V rechargeable battery (that lasts about a full day) which delivers enough power to insert the PIN number (using the alphanumeric physical buttons) before you connect the drive to a port, but be aware that you may need to charge the battery from time to time if you don’t use the drive too often, otherwise you won’t be able to unlock it (from 0 to 100%, it takes about an hour).
On top of the numbered buttons and next to the USB connector, there are two LEDs, one for Locked (when it’s red, the drive is locked) and the other for Unlocked (if it’s solid green, then the flash drive is unlocked and if it’s flashing green, then the drive is in Read-Only mode).
On the other side, there’s a larger Key button (press it once before inserting the PIN and once afterwards to unlock the device) and another LED light which, when is solid blue, it indicates that the flash drive is connected to a computer, but if it’s flashing blue, then the data is being transferred – the USB 3.0 flash drive auto-locks immediately after you disconnect it from the host device. The buttons are epoxy coated, so they should be wear resistant.
How to Use it
The first time you use the USB 3.0 flash drive, the default user PIN is 11223344 which needs to be changed immediately after you’ve powered on the device and to do so, press the KEY button and within 10 seconds, insert the default PIN and the KEY button again to unlock the drive and, afterwards, press the KEY button twice, insert the new User PIN, double click the KEY button again, re-insert the new User PIN and lastly, press the KEY button twice (the PIN can have up to 15 characters).
The datAshur PRO allows the user to enter the Options mode, where you can configure the drive to work in Read-Only mode (or re-enable Read/Write) or to set a Timeout automatic lock – this feature ensures that the drive will be locked after a defined number of minutes (from 1 to 99), so, in case the drive remains connected to a host computer unattended, the data will remain uncompromised. Considering that a corporate environment may have different access levels, it may be wise to set up an Admin PIN and several User PINs, so you can easily retrieve data in case the employee has either been fired or has forgotten the PIN.
Protection and Performance
To protect against a brute force attempt to hacking into the drive, the device will delete the User PIN after 10 consecutive tries, at which point only the Admin will be able to access the content; if the Admin also inserts 10 incorrect PINs, then the data is completely lost and the flash drive reverts back to factory default settings – at this point, you will need to reformat the drive to use it once again (companies may prefer the data to be destroyed because hackers can sell the valuable information to their competitors).
Furthermore, the flash drive is also immune to BadUSB (if you’re unfamiliar with this exploit, it is a self-propagating firmware-level malware which can affect any type of USB devices – it’s immune to formatting and it won’t be detected by your Antivirus).
Note: The iStorage datAshur PRO uses the military grade XTS-AES 256-bit hardware encryption (the crypto-parameters are protected with SHA-256 hashing) and it is FIPS 140-2 Level 3, NLNCSA and NATO Restricted certified, which means that it’s suitable for regulated industry sectors. The device is also compatible with the following operating systems: Windows OS, Linux OS, MacOS, ChromeOS, Android, Thin Clients, as well as embedded systems.
Using the ATTO benchmark tool, the iStorage datAshur PRO 16GB managed to deliver 142 MBps while reading files from 64KB to 64 MB and an average of 65 MBps while writing files between 16KB and 4MB (the speed declined to an average of 24 MBps afterwards). I also moved a 2.5GB file the old fashion way and I saw an average of 134 MBps while reading the file and an average of 24.3MBps while writing it. Seeing these results, it’s clear that the datAshur PRO is not the fastest USB 3.0 flash drive available, but it is a decent performer, especially since the emphasis is put on the security aspect.
Check out the product here: