Samsung Knox frames a security-best approach to the mobile era

In today’s workplace, mobility rules! As employees demand better agility and data accessibility, firms are fast adopting concepts like BYOD (Bring Your Own Device) and COPE (Corporate Owned Personally Enabled) to empower productivity. Many devices now hold vital corporate information and personal financial details, like credit card numbers.

For many, mobility growth is a double-edged sword. While employees enjoy easy access to enterprise data from their devices, cybercriminals are targeting the same devices for nefarious intentions. Kaspersky Labs reported that in 2016 the number of reported malware cyberattacks on mobile devices was 8.5 million—three times more than 2015. And the growth continues unabated with the biggest vector being poorly and malicious designed mobile device apps.

Rebooting mobile security

Extending traditional security policies to mobile devices is not easy. With the number of mobile devices per user proliferating, with many choosing convenience over security when connecting online, valuable corporate data is under threat of exposure. Centralized enterprise security control is no longer enough.  

Samsung Knox takes a different security approach for both devices and enterprises, calling it a defense-grade mobile security platform. Activating Knox is simple—just turn on the phone and you are protected!

Underneath the simple façade lies a sophisticated mobile security environment that begins at the chip level. Samsung calls it hardware-rooted trusted environment. Knox creates this trusted environment, called TrustZone Secure World, for enterprise-critical operations, like decrypting enterprise data.

Deciphering Knox

Knox addresses 5 key challenges that face today’s mobile security

Knox is designed from the ground up to address five key challenges that face today’s mobile security: device rooting, mixing of enterprise data with user apps on the same device, device theft, difficulty of securing customer enterprise apps, and the lack of enterprise manageability and supporting utilities.

The mobile security platform enables hardware root of trust. It uses Device Root Key (DRK), a device-unique asymmetric key signed by Samsung through an X.509 certificate. The DRK is added during the manufacture of the mobile device at the Samsung factory, and can only be accessed via software modules within the TrustZone Secure World. Knox also uses device-unique hardware keys and keys derived from hardware that are only accessible in the TrustZone Secure World; ensuring data associated with the keys cannot be decrypted by any other devices.

Knox is designed to improve the current Secure Boot. The latter is used to prevent unauthorized bootloaders injecting malicious code into the RAM when the device is powered up, using cryptographic security verification. However, Secure Boot cannot distinguish an unpatched version of authorized code. Knox’ Trusted Boot does.

The platform also builds on Samsung’s strong Android security heritage with Security Enhancements for Android Management Service (SEAMS). It provides API-level control of the security policy engine. Third-party vendors can also use SEAMS to build their own secure containers.

Knox bolsters Android’s system protection that assumes the integrity of the OS. Its TrustZone-based Integrity Measurement Architecture (TIMA) leverages hardware features, specifically TrustZone, to ensure that it cannot be preempted or disabled by malicious software.

Once deployed, Knox introduces the TIMA Client Certificate Management (CCM). It is a TrustZone-based security service that integrates with the Trusted Boot feature. Essentially, if the Trusted Boot measurements do not match the authorized values, or if the Knox warranty bit is voided, the entire TIMA CCM functions shut down. This protects enterprise data from potential compromise.

Knox offers specific solutions that address the security needs of mobile apps, including container-based Knox Workspace, Virtual Private Network support, SmartCard Framework and Single Sign On.

Building a secure mobile future

The rise in adoption underscores the importance of Knox. It is already trusted by more than 30 governments around the world. It also looks at security from a device perspective, ensuring that firms have a measurable control of their data on the device.

Knox is a boon for firms embarking on their digital transformation journey. For many, the lack of device-level security is a key challenge when transforming their internal infrastructure to become agile, mobile and highly scalable. After all, it only takes a single breach to destroy reputation and impact revenues.

In essence, Knox reinforces mobile security by helping firms to become mobile best—not just mobile first.

Learn more about Knox at: or email at:


Disclaimer: All images are for reference only.

Original Author: