Secure and Portable, is the SecureUSB KP the Ticket?

Have you ever found yourself in need of a way to keep some files or data secure while still needing them to be portable? In today’s modern world these two requirements seem to go hand-in-hand more often. Given the damage done to organizations and individuals through data breaches caused by misplaced or stolen data, it’s no wonder that an entire market of secure, easy to use and portable storage devices is developing and growing.

Perhaps, if these devices had been available at the time, my personal data would not have been lost by the Veterans Administration (VA), saving them $20 million, and even more importantly, the unfortunate incident regarding Santa and the “Naughty List” could have been avoided, along with countless similar incidents. 

The Product

I travel, I mean, I travel a LOT. Part of my job is doing talks at security and IT conferences all across the US. When I travel, I carry potentially sensitive information with me, (Scans of my drivers license, passport, some passwords and service recovery passcodes, etc.) just in case I lose a wallet, get locked out of accounts, etc. My paranoid nature keeps me from carrying any of this unencrypted, and my travel schedule keeps me wanting to carry the lightest, smallest devices possible. This is why I chose smaller USB keys over the larger portable drives (which also require another cable to haul along). Your mileage may vary.

Up until now, I’ve been using a USB 2.0 version of the 16GB Ironkey Basic S1000 (<-Amazon.com link) USB drive but have found myself feeling tight on storage and a little limited by it’s implementation. While at the RSA conference this year, I ran across SECUREDATA, Inc., which had some devices that really sparked my interest. While they had a number of different products, I was immediatly drawn to the SecureUSB KP (<-Amazon.com link), which I will refer to as “SecureUSB” from here on out. When they asked me if I would be willing to test it out for a month or so and give them my feedback, I accepted.

** For the record, while I received this as a evaluation drive, I am returning it to them when I’m done with it and they did not not pay me to do this review. They simply asked for my feedback, good or bad.**  

I have to say, there is something really sexy about about the smooth lines and brushed aluminum finish of the Ironkey (Yes, I just called a USB Key “sexy”), but the SecureUSB is no slouch either, it’s just different. Visually the SecureUSB looks larger than the IronKey, but when set side by side, it’s not. I’ve actually done this more than once just because my eyes do trick me. I think it’s the difference between the uninterrrupted case of the IronKey and the obvious PIN keys that are present on the SecureUSB, however even with the cover on the SecureUSB it just looks bigger to me. Maybe it’s black color as well. 

My Testing

Let’s be clear, this review is about the usability or “experience” using the drive and it’s value as compared to some other options, it is not an in-depth security or ruggedness review. For that reason I will not be security testing the FIPS 140-2 Compliant Design or IP 57 dust/water resistance claims. The focus of this review is how well the device works, especially when compared to some other options. The SecureUSB drives are available in several sizes including 8GB for about $79, 32GB for about $129 or 64GB versions for about $159

Build Quality

The first thing I noticed is the that build quality of the drive feels pretty good. The drive is almost all black with a blue o-ring at it’s base and a blue and white logo painted or silkscreened (not just a sticker) on the cover.

On the front of the drive itself are the buttons which are a matte black with white numbers and letters. They feel like they are made from a rubber-like material, but not cheap. On the back end, there is an area where you could attach this to a keychain, lanyard or something similar. I find this is a nice touch so I don’t lose the device. Nearest the USB-A connector is a small semi-transparent window that houses the status LEDs.

The back of the drive has a QR code, serial number and other information that is again, either painted or silk screened on. It doesn’t feel cheap like stickers do.

The USB-A connector us really unremarkable and has the telltale blue insert that tells you that this is a USB 3 device.

Unlocking the Drive

To unlock the drive, you simply press the key button, then enter the PIN number (default is 11223344) using the buttons and press the key button again within 10 seconds. Once unlocked you have 30 seconds to put in a computer or it locks itself again. This process is pretty simple, but I did have to refer to the quickstart guide once when I forgot the process.

The drive does support a “User” PIN and a separate “Admin” PIN. These PINs must be 7-15 digits long, cannot contain only consecutive numbers (e.g. 11111111) and cannot be just consecutive numbers (e.g. 2345678)

To avoid brute-force attacks, if you mess up and enter the wrong PIN ten times in a row, regardless of how much time has passed, the encryption keys are deleted and the data is gone. This is true even if you set an “Admin” PIN, the files are gone, so be careful here.

Admin Mode

Speaking of the “Admin” PIN, the drive has a bunch of features you can use in the “Admin” mode that are nice if you are deploying in an organization. I did not use these features myself, but they are documented in the manual.

The Admin can reset the user password and do some other neat things like adjust timeout to locking and other things as well. In addition, the drive can be opened in a read-only mode by either the user or the admin.

One thing that I find a bit odd is that according to the documentation whenever you unlock the drive with the “Admin” Pin, it resets the “User” PIN to default. NOTE – Secure Data reached out to me and mentioned that the documentation may not be clear here. This is what they said, I have no way to test this, but have no reason to doubt it either – “That sentence is trying to explain that when the Admin PIN is first set up, it will reset the User PIN”. So the key difference is, when the Admin PIN is first set up, the user PIN is reset, not any time the Admin PIN is used. Good to know.

Using the Drive

In my time using the drive, I found it to be pretty easy to use and downright convenient when I wanted to grab something off it quickly. As I mentioned, I have been using an IronKey, but that requires running a small program to connect to the drive, then mount another partition, using 2 drive letters and taking some extra time to get to the files.

IronKey Unlock Software

This can be a bit cumbersome if you just want to grab a file. Similarly, I have used simple USB-3 drives and VeraCrypt with the same issue. You have to run a program first, then unlock the drive. having a PIN on the device is much more convenient. This feature could also allow you create a bootable device that is encrypted when not in use. Unlock the drive, stick in the machine and tell the BIOS to use it as a boot device and you are in business. This simply can’t be done with the other options that require software to unlock them (although you could use them to run a VM).

Conclusion

Ultimately, as I said, this review is about usability, value and the overall experience.

After using the device for a little while, I have to say that I’m impressed. Of the features I used, the device did everything it said it would without complaint. Remembering the process for unlocking and making PIN changes, etc. may take some time to get used, but the basic functionality is great.

While the IronKey still wins the day from a sheer beauty aspect, the SecureUSB is far from ugly. Speed wise, I typically got around 100MBps during sustained file copies, which is something my current IronKey (remember it’s USB 2.0) can’t even come close to. 

SecureUSB Speed
Cheap Microcenter Drive on a Ryzen 7 2700 machine

While I really liked the drive, in the end I felt that at around $129.00 the cost was very reasonable for what you get, especially compared to the IronKey, however for someone that doesn’t use something like this often, or doesn’t need FIPS validation, using a cheap USB 3.1 thumb drive like this Microcenter 32GB version for under $4, encrypted with VeraCrypt might be a viable solution as well although it certainly lacks the “cool factor” that the SecureUSB does and is considerably slower. 

Several options, only two are cool

I’d say if you are in the market for a hardware encrypted USB thumb drive, it would benefit you to give the SecureUSB KP (<-Amazon.com link) a serious look. I really enjoyed my time with it and will be sad to see it go.

Final Note, I linked to items on Amazon with an affiliate link. If you found value in this review and decide to get one I would appreciate you following the link. Any little bit helps. Thanks


Erich Kron is the Security Awareness Advocate at KnowBe4, and has over 20 years’ experience in the medical, aerospace manufacturing and defense fields. He is the former security manager for the 2nd Regional Cyber Center-Western Hemisphere.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.