Samsung KNOX addresses platform security with a comprehensive three-pronged strategy to secure the system: Customisable Secure Boot*, ARM® TrustZone®-based Integrity Measurement Architecture (TIMA), and a kernel with built-in Security Enhancements for Android (SE for Android) access controls.
Customisable Secure Boot*
Customisable Secure Boot ensures that only verified and authorised software can run on the device. Customisable Secure Boot is a primary component that forms the first line of defense against malicious attacks on devices with Samsung KNOX. In addition, Samsung Knox's Secure Boot technology allows the switch of the secure boot root certificate in a secure manner after the devices are shipped. As a result, customers that have high security requirements can purchase regular consumer devices and switch the root-of-trust used for secure boot to better protected ones.
* Customisable Secure Boot availability varies depending on hardware specification.
TrustZone-based Integrity Measurement Architecture (TIMA)
TIMA runs in the secure-world and provides continuous integrity monitoring of the Linux kernel. When TIMA detects that the integrity of the kernel or the boot loader is violated, it takes a policy-driven action in response. One of these policy actions disables the kernel and powers down the device. ARM™ and TrustZone™ are registered trade marks of ARM Limited in the EU and elsewhere.
Security Enhancements for Android
Security Enhancements for Android provide an enhanced mechanism to enforce the separation of information based on confidentiality and integrity requirements. Security Enhancements for Android isolates applications and data into different domains so that threats of tampering and bypassing of application security mechanisms are reduced while the amount of damage that can be caused by malicious or flawed applications is minimised.
In addition to securing the platform, Samsung KNOX addresses enterprise application and data security requirements. Samsung KNOX container provides security for enterprise data by isolating enterprise applications and encrypting enterprise data both at-rest and in motion.
Samsung KNOX Container
Samsung KNOX Container is an isolated and secure environment within the mobile device, completed with its own home screen, launcher, applications, and widgets. Applications and data inside the container are separated from applications outside the container. This provides a powerful solution for the “data leakage problem” associated with the BYOD model.
Encrypted File System
Samsung KNOX container uses a separate encrypted file system completely isolated from applications outside the container. The data is encrypted using an Advanced Encryption Standard (AES) cipher algorithm with a 256-bit key (AES-256).
Virtual Private Network
Samsung KNOX container offers an on-demand FIPS-certified VPN client called per-app VPN. Per-app VPN provides enterprise IT administrators with the ability to configure, provision, and manage the use of VPN on a per-application basis. Samsung KNOX container VPN offers support for strong IPSec VPN encryption for most sensitive government agencies, including support for Suite B cryptography.
Samsung KNOX for IT Managers Comprehensive protection of enterprise data from leakage, malware and malicious attacks
The advanced security and management features of Samsung KNOX make it the ideal Android platform for enterprise deployment. Furthermore, Samsung KNOX Container technology can be used to create a secure zone on the employee’s device for corporate applications and data. The user’s personal apps and data remain outside the secure zone and are thus kept private.Samsung KNOX provides reassurance and convenience for IT departments looking to implement and manage BYOD strategies.
Samsung KNOX for Employees Using personal mobiles for work
Samsung KNOX offers a seamless and intuitive dual-persona platform for situations when a single Samsung device is used for both work and play. Samsung KNOX Container provides the user reassurance that their personal applications and data are safe and separate from their work environment.
Samsung KNOX for Partners An easier way to create enterprise grade mobile applications
Samsung KNOX enables existing Android eco-system applications to automatically gain enterprise-grade security for data storage and transmission without any new application development. Samsung KNOX also relieves application developers from the burden of developing individual enterprise features such as FIPS-compliant VPN, on-device encryption (ODE), and enterprise Single Sign On (SSO).
Samsung KNOX works with enterprise-preferred MDM vendor solutions and provides industry-leading security and management controls.