SlideShare a Scribd company logo

Introduction to Samsung KNOX

Download as PPTX, PDF
Wayne Pau
Wayne Pau

Basic overview of new Samsung KNOX and how it compares to Generic Android and iOS offerings.

1 of 13
Samsung KNOX Wayne Pau, Emerging Technologies SAP Mar 26, 2013
Samsung KNOX • Generally more “Secure” than existing Container/Quarantines • Much “Deeper” solution than other Android SW options: 1. Customized Secure Boot 2. ARM TrustZone-based Integrity Measure Architecture (TIMA) 3. Security Enhanced Kernel • Allows KNOX to constantly verify/monitor for intrusions/attacks • Creates Samsung-only App Signing process (ie. KNOX-only App Store) © 2012 SAP AG. All rights reserved. Internal 2
Samsung KNOX - Developers • KNOX Offers Developers “out-of-the-box”: 1. Secure KNOX Container 2. Separate Encrypted File Systems (KNOX zone) 3. FIPS certified VPN client per app 4. Container Level SSO • Only a “repackage”. No need to re-write or embed API • Integration with MDM vendors for 65 Policies: • Certificate management • Enterprise Single-Sign-On • Container Application Policy Group • Audit Log • Enterprise ISL Group • Container Firewall Policy Group • SEAndroid Policy Enforcement • Enterprise Premium VPN Policy Group • Enterprise Container Management Policy Group • SmartCard Policy Group • Container Password Policy Group • Container VPN Policy Group © 2012 SAP AG. All rights reserved. Internal 3
Inter-App Communication Spectrum Apple iOS Samsung KNOX Google Android ← More Secure Less Secure → © 2012 SAP AG. All rights reserved. Internal 4
Inter-App Communication Spectrum ← More Secure Less Secure → © 2012 SAP AG. All rights reserved. Internal 5
iOS – Apple Sandbox • No Inter-app Communication • Each App installed in own Container • Apps have to be signed by Apple • Keychain from Apple for password/sensitive data • Does not support External Storage (ie. SD Cards) • Only 1x app in foreground • Most apps close <10 min after UI context switch (change app) • Industry “deemed” secure © 2012 SAP AG. All rights reserved. Internal 6
Generic Android – Google Sandbox • “Privileged- Separated” Operation System • Apps apply and grant permissions to outside access • Apps are “developer” signed (not by Google) • Support External Storage (SD) • Tradition Volume level encryption • Vulnerable to USB/MTP mounting (see above) • Easy to Root. Hard to 100% detect “Rooting” • Industry “deemed” not very secure © 2012 SAP AG. All rights reserved. Internal 7
Generic Android – Google Sandbox • Apps are “repackaged” & signed by Samsung • Apps run in Secure KNOX quarantine • Secure Boot Loader & SE Kernel • Secure focus only between in KNOX container vs. outside KNOX container © 2012 SAP AG. All rights reserved. Internal 8
What does KNOX protect against? • Spoofed, Fake or Dangerous Apps (quarantine + app signing) • Automatic Data at Rest encryption (no need for custom encryption or encryption detection) • Automatic Remote Kill (no need for data fading/Time-bomb) • Baked-in SSO authentication • Secure Corporate Email-Only integration • 3rd Party Secure Viewer integration © 2012 SAP AG. All rights reserved. Internal 9
Exchange ActiveSync & BYOD • KNOX is ‘Optimized’ for BYOD • KNOX Email Client – Only Wipes Out KNOX Container [corp. data] • Ignores data outside KNOX Container [user personal data] • No add’n changes @ Exchange Server (Note: If user connects to Exchange with non-secure/non-KNOX email client, this will still wipe entire device as per the current generic Android and iOS behaviour. For more info on EAS Remote Wipe see http://office.microsoft.com/en-us/support/delete-all-information-from-your-lost-phone-or-tablet- HA102834573.aspx?CTT=1) © 2012 SAP AG. All rights reserved. Internal 10
Competition Single Android O/S & ROM level Containers: Solutions: Enterproid “The 3LM Divide” Cyanogen Android Containers Hardware & Kernel: & Wrappers: Blackberry Balance Good Dynamics (BB10) Mocana Samsung KNOX © 2012 SAP AG. All rights reserved. Internal 11
More Links http://www.bloomberg.com/news/2013-01-10/rim-leads-phones-letting-employees-use-own-devices-on-job-tech.html http://forums.crackberry.com/news-rumors-f40/blackberry-balance-competition-ottawa-citizen-rim-aims-offer-dual-use-phones-762189/ https://www.redbend.com/images/stories/redbend_datasheets/red_bend_data_sheet_true_solution.pdf http://www.slideshare.net/agent0x0/the-android-vs-apple-ios-security-showdown https://threatpost.com/en_us/blogs/apple-details-ios-security-features-new-guide-053112 http://0xlab.org/~jserv/android-binder-ipc.pdf © 2012 SAP AG. All rights reserved. Internal 12
Thank you Contact information: Wayne Pau (wayne.pau@sap.com) Emerging Technologies

Recommended

Samsung KNOX for Dummies
Samsung KNOX for DummiesSamsung KNOX for Dummies
Samsung KNOX for DummiesSamsung Business USA
 
How To Use IFTT
How To Use IFTTHow To Use IFTT
How To Use IFTTOliviaLynWorx
 
Samsung KNOX - The Most Secure Android Solution
Samsung KNOX - The Most Secure Android SolutionSamsung KNOX - The Most Secure Android Solution
Samsung KNOX - The Most Secure Android SolutionSamsung Biz Mobile
 
The KNOX Story
The KNOX StoryThe KNOX Story
The KNOX StorySamsung Business USA
 
[Infographic] IFA 2016: Samsung Knox
[Infographic] IFA 2016: Samsung Knox[Infographic] IFA 2016: Samsung Knox
[Infographic] IFA 2016: Samsung KnoxSamsung Biz Mobile
 
The lord's day
The lord's dayThe lord's day
The lord's dayJames Pharr
 
Cellutions ptt lone worker protection
Cellutions ptt lone worker protectionCellutions ptt lone worker protection
Cellutions ptt lone worker protectionpittand
 
presentation 1
presentation 1presentation 1
presentation 1missbluez
 

Recommended

Samsung KNOX for Dummies
Samsung KNOX for DummiesSamsung KNOX for Dummies
Samsung KNOX for DummiesSamsung Business USA
 
How To Use IFTT
How To Use IFTTHow To Use IFTT
How To Use IFTTOliviaLynWorx
 
Samsung KNOX - The Most Secure Android Solution
Samsung KNOX - The Most Secure Android SolutionSamsung KNOX - The Most Secure Android Solution
Samsung KNOX - The Most Secure Android SolutionSamsung Biz Mobile
 
The KNOX Story
The KNOX StoryThe KNOX Story
The KNOX StorySamsung Business USA
 
[Infographic] IFA 2016: Samsung Knox
[Infographic] IFA 2016: Samsung Knox[Infographic] IFA 2016: Samsung Knox
[Infographic] IFA 2016: Samsung KnoxSamsung Biz Mobile
 
The lord's day
The lord's dayThe lord's day
The lord's dayJames Pharr
 
Cellutions ptt lone worker protection
Cellutions ptt lone worker protectionCellutions ptt lone worker protection
Cellutions ptt lone worker protectionpittand
 
presentation 1
presentation 1presentation 1
presentation 1missbluez
 
NACD Southern California 2010 Directors in a Digital World
NACD Southern California 2010 Directors in a Digital WorldNACD Southern California 2010 Directors in a Digital World
NACD Southern California 2010 Directors in a Digital WorldFayFeeney
 
We have iPads, now what? #DLTV2014
We have iPads, now what? #DLTV2014We have iPads, now what? #DLTV2014
We have iPads, now what? #DLTV2014Rebecca Davies
 
Trends In Mobility: Futurist Gerd Leonhard @ Cyprus Emergence 2009
Trends In Mobility: Futurist Gerd Leonhard @ Cyprus Emergence 2009 Trends In Mobility: Futurist Gerd Leonhard @ Cyprus Emergence 2009
Trends In Mobility: Futurist Gerd Leonhard @ Cyprus Emergence 2009 Gerd Leonhard
 
WhiteLabel Overview 2017
WhiteLabel Overview 2017WhiteLabel Overview 2017
WhiteLabel Overview 2017Chris Nagy
 
How to Use IFTTT
How to Use IFTTTHow to Use IFTTT
How to Use IFTTTphillinetlatido
 
Intro Zeus Group - AMPROG 2016
Intro Zeus Group - AMPROG 2016Intro Zeus Group - AMPROG 2016
Intro Zeus Group - AMPROG 2016Oleksandr Andriyanov
 
GWAVACon 2015: BlackBerry - Vorratsdatenspeicherung - Was bedeutet das für mo...
GWAVACon 2015: BlackBerry - Vorratsdatenspeicherung - Was bedeutet das für mo...GWAVACon 2015: BlackBerry - Vorratsdatenspeicherung - Was bedeutet das für mo...
GWAVACon 2015: BlackBerry - Vorratsdatenspeicherung - Was bedeutet das für mo...GWAVA
 
Samsung KNOX™ Meets Evolving Enterprise Mobility Challenges
Samsung KNOX™ Meets Evolving Enterprise Mobility ChallengesSamsung KNOX™ Meets Evolving Enterprise Mobility Challenges
Samsung KNOX™ Meets Evolving Enterprise Mobility ChallengesSamsung at Work
 
Samsung knox security_solution_v1_10_0
Samsung knox security_solution_v1_10_0Samsung knox security_solution_v1_10_0
Samsung knox security_solution_v1_10_0Javier Gonzalez
 
Sustaining competitiveness through technology advancement
Sustaining competitiveness through technology advancementSustaining competitiveness through technology advancement
Sustaining competitiveness through technology advancementDr. Ali Iranmanesh
 
Citirx Day 2013: Citrix Enterprise Mobility
Citirx Day 2013: Citrix Enterprise MobilityCitirx Day 2013: Citrix Enterprise Mobility
Citirx Day 2013: Citrix Enterprise MobilityDigicomp Academy AG
 
June 2011 ExecuTALK: Adnon Dow - AVAYA VP on Mobility Trends and Innovations
June 2011 ExecuTALK: Adnon Dow - AVAYA VP on Mobility Trends and InnovationsJune 2011 ExecuTALK: Adnon Dow - AVAYA VP on Mobility Trends and Innovations
June 2011 ExecuTALK: Adnon Dow - AVAYA VP on Mobility Trends and Innovationsnagiliti
 
Push to-talk-android
Push to-talk-androidPush to-talk-android
Push to-talk-androidAnjali Jain
 
[Tutorial ]How to Use IFTTT Applets
[Tutorial ]How to Use IFTTT Applets [Tutorial ]How to Use IFTTT Applets
[Tutorial ]How to Use IFTTT Applets Ana Uy
 
IFTTT Website Tutorial
IFTTT Website TutorialIFTTT Website Tutorial
IFTTT Website TutorialJasmine Ancheta
 
2016 Florida Chamber of Commerce Transportation Summit presentation
2016 Florida Chamber of Commerce Transportation Summit presentation2016 Florida Chamber of Commerce Transportation Summit presentation
2016 Florida Chamber of Commerce Transportation Summit presentationMiami-Dade Transportation Planning Organization
 
(G Suite )클라우드 전자결재 GDriveFlow (Google App Engine 기반)
(G Suite )클라우드 전자결재 GDriveFlow (Google App Engine 기반)(G Suite )클라우드 전자결재 GDriveFlow (Google App Engine 기반)
(G Suite )클라우드 전자결재 GDriveFlow (Google App Engine 기반)Charly Choi
 
ASPA 2017 Best Practices Conference presentation
ASPA 2017 Best Practices Conference presentationASPA 2017 Best Practices Conference presentation
ASPA 2017 Best Practices Conference presentationMiami-Dade Transportation Planning Organization
 
SAP Design Day 2016 (Montreal) - F.L.U.T.E.
SAP Design Day 2016 (Montreal) - F.L.U.T.E.SAP Design Day 2016 (Montreal) - F.L.U.T.E.
SAP Design Day 2016 (Montreal) - F.L.U.T.E.Wayne Pau
 
UofT Department of Computer Science Innovation Lab - Innovation & Team Building
UofT Department of Computer Science Innovation Lab - Innovation & Team BuildingUofT Department of Computer Science Innovation Lab - Innovation & Team Building
UofT Department of Computer Science Innovation Lab - Innovation & Team BuildingWayne Pau
 
UofT SMARTWEEK 2014 - UX + IoT
UofT SMARTWEEK 2014 - UX + IoTUofT SMARTWEEK 2014 - UX + IoT
UofT SMARTWEEK 2014 - UX + IoTWayne Pau
 
Next36 design thinking_intro_4x3_v2
Next36 design thinking_intro_4x3_v2Next36 design thinking_intro_4x3_v2
Next36 design thinking_intro_4x3_v2Wayne Pau
 

More Related Content

Viewers also liked

NACD Southern California 2010 Directors in a Digital World
NACD Southern California 2010 Directors in a Digital WorldNACD Southern California 2010 Directors in a Digital World
NACD Southern California 2010 Directors in a Digital WorldFayFeeney
 
We have iPads, now what? #DLTV2014
We have iPads, now what? #DLTV2014We have iPads, now what? #DLTV2014
We have iPads, now what? #DLTV2014Rebecca Davies
 
Trends In Mobility: Futurist Gerd Leonhard @ Cyprus Emergence 2009
Trends In Mobility: Futurist Gerd Leonhard @ Cyprus Emergence 2009 Trends In Mobility: Futurist Gerd Leonhard @ Cyprus Emergence 2009
Trends In Mobility: Futurist Gerd Leonhard @ Cyprus Emergence 2009 Gerd Leonhard
 
WhiteLabel Overview 2017
WhiteLabel Overview 2017WhiteLabel Overview 2017
WhiteLabel Overview 2017Chris Nagy
 
GWAVACon 2015: BlackBerry - Vorratsdatenspeicherung - Was bedeutet das für mo...
GWAVACon 2015: BlackBerry - Vorratsdatenspeicherung - Was bedeutet das für mo...GWAVACon 2015: BlackBerry - Vorratsdatenspeicherung - Was bedeutet das für mo...
GWAVACon 2015: BlackBerry - Vorratsdatenspeicherung - Was bedeutet das für mo...GWAVA
 
Samsung KNOX™ Meets Evolving Enterprise Mobility Challenges
Samsung KNOX™ Meets Evolving Enterprise Mobility ChallengesSamsung KNOX™ Meets Evolving Enterprise Mobility Challenges
Samsung KNOX™ Meets Evolving Enterprise Mobility ChallengesSamsung at Work
 
Samsung knox security_solution_v1_10_0
Samsung knox security_solution_v1_10_0Samsung knox security_solution_v1_10_0
Samsung knox security_solution_v1_10_0Javier Gonzalez
 
Sustaining competitiveness through technology advancement
Sustaining competitiveness through technology advancementSustaining competitiveness through technology advancement
Sustaining competitiveness through technology advancementDr. Ali Iranmanesh
 
Citirx Day 2013: Citrix Enterprise Mobility
Citirx Day 2013: Citrix Enterprise MobilityCitirx Day 2013: Citrix Enterprise Mobility
Citirx Day 2013: Citrix Enterprise MobilityDigicomp Academy AG
 
June 2011 ExecuTALK: Adnon Dow - AVAYA VP on Mobility Trends and Innovations
June 2011 ExecuTALK: Adnon Dow - AVAYA VP on Mobility Trends and InnovationsJune 2011 ExecuTALK: Adnon Dow - AVAYA VP on Mobility Trends and Innovations
June 2011 ExecuTALK: Adnon Dow - AVAYA VP on Mobility Trends and Innovationsnagiliti
 
Push to-talk-android
Push to-talk-androidPush to-talk-android
Push to-talk-androidAnjali Jain
 
[Tutorial ]How to Use IFTTT Applets
[Tutorial ]How to Use IFTTT Applets [Tutorial ]How to Use IFTTT Applets
[Tutorial ]How to Use IFTTT Applets Ana Uy
 
(G Suite )클라우드 전자결재 GDriveFlow (Google App Engine 기반)
(G Suite )클라우드 전자결재 GDriveFlow (Google App Engine 기반)(G Suite )클라우드 전자결재 GDriveFlow (Google App Engine 기반)
(G Suite )클라우드 전자결재 GDriveFlow (Google App Engine 기반)Charly Choi
 

Viewers also liked (18)

NACD Southern California 2010 Directors in a Digital World
NACD Southern California 2010 Directors in a Digital WorldNACD Southern California 2010 Directors in a Digital World
NACD Southern California 2010 Directors in a Digital World
 
We have iPads, now what? #DLTV2014
We have iPads, now what? #DLTV2014We have iPads, now what? #DLTV2014
We have iPads, now what? #DLTV2014
 
Trends In Mobility: Futurist Gerd Leonhard @ Cyprus Emergence 2009
Trends In Mobility: Futurist Gerd Leonhard @ Cyprus Emergence 2009 Trends In Mobility: Futurist Gerd Leonhard @ Cyprus Emergence 2009
Trends In Mobility: Futurist Gerd Leonhard @ Cyprus Emergence 2009
 
WhiteLabel Overview 2017
WhiteLabel Overview 2017WhiteLabel Overview 2017
WhiteLabel Overview 2017
 
How to Use IFTTT
How to Use IFTTTHow to Use IFTTT
How to Use IFTTT
 
Intro Zeus Group - AMPROG 2016
Intro Zeus Group - AMPROG 2016Intro Zeus Group - AMPROG 2016
Intro Zeus Group - AMPROG 2016
 
GWAVACon 2015: BlackBerry - Vorratsdatenspeicherung - Was bedeutet das für mo...
GWAVACon 2015: BlackBerry - Vorratsdatenspeicherung - Was bedeutet das für mo...GWAVACon 2015: BlackBerry - Vorratsdatenspeicherung - Was bedeutet das für mo...
GWAVACon 2015: BlackBerry - Vorratsdatenspeicherung - Was bedeutet das für mo...
 
Samsung KNOX™ Meets Evolving Enterprise Mobility Challenges
Samsung KNOX™ Meets Evolving Enterprise Mobility ChallengesSamsung KNOX™ Meets Evolving Enterprise Mobility Challenges
Samsung KNOX™ Meets Evolving Enterprise Mobility Challenges
 
Samsung knox security_solution_v1_10_0
Samsung knox security_solution_v1_10_0Samsung knox security_solution_v1_10_0
Samsung knox security_solution_v1_10_0
 
Sustaining competitiveness through technology advancement
Sustaining competitiveness through technology advancementSustaining competitiveness through technology advancement
Sustaining competitiveness through technology advancement
 
Citirx Day 2013: Citrix Enterprise Mobility
Citirx Day 2013: Citrix Enterprise MobilityCitirx Day 2013: Citrix Enterprise Mobility
Citirx Day 2013: Citrix Enterprise Mobility
 
June 2011 ExecuTALK: Adnon Dow - AVAYA VP on Mobility Trends and Innovations
June 2011 ExecuTALK: Adnon Dow - AVAYA VP on Mobility Trends and InnovationsJune 2011 ExecuTALK: Adnon Dow - AVAYA VP on Mobility Trends and Innovations
June 2011 ExecuTALK: Adnon Dow - AVAYA VP on Mobility Trends and Innovations
 
Push to-talk-android
Push to-talk-androidPush to-talk-android
Push to-talk-android
 
[Tutorial ]How to Use IFTTT Applets
[Tutorial ]How to Use IFTTT Applets [Tutorial ]How to Use IFTTT Applets
[Tutorial ]How to Use IFTTT Applets
 
IFTTT Website Tutorial
IFTTT Website TutorialIFTTT Website Tutorial
IFTTT Website Tutorial
 
2016 Florida Chamber of Commerce Transportation Summit presentation
2016 Florida Chamber of Commerce Transportation Summit presentation2016 Florida Chamber of Commerce Transportation Summit presentation
2016 Florida Chamber of Commerce Transportation Summit presentation
 
(G Suite )클라우드 전자결재 GDriveFlow (Google App Engine 기반)
(G Suite )클라우드 전자결재 GDriveFlow (Google App Engine 기반)(G Suite )클라우드 전자결재 GDriveFlow (Google App Engine 기반)
(G Suite )클라우드 전자결재 GDriveFlow (Google App Engine 기반)
 
ASPA 2017 Best Practices Conference presentation
ASPA 2017 Best Practices Conference presentationASPA 2017 Best Practices Conference presentation
ASPA 2017 Best Practices Conference presentation
 

More from Wayne Pau

SAP Design Day 2016 (Montreal) - F.L.U.T.E.
SAP Design Day 2016 (Montreal) - F.L.U.T.E.SAP Design Day 2016 (Montreal) - F.L.U.T.E.
SAP Design Day 2016 (Montreal) - F.L.U.T.E.Wayne Pau
 
UofT Department of Computer Science Innovation Lab - Innovation & Team Building
UofT Department of Computer Science Innovation Lab - Innovation & Team BuildingUofT Department of Computer Science Innovation Lab - Innovation & Team Building
UofT Department of Computer Science Innovation Lab - Innovation & Team BuildingWayne Pau
 
UofT SMARTWEEK 2014 - UX + IoT
UofT SMARTWEEK 2014 - UX + IoTUofT SMARTWEEK 2014 - UX + IoT
UofT SMARTWEEK 2014 - UX + IoTWayne Pau
 
Next36 design thinking_intro_4x3_v2
Next36 design thinking_intro_4x3_v2Next36 design thinking_intro_4x3_v2
Next36 design thinking_intro_4x3_v2Wayne Pau
 
Designing Mobile Apps with Empathy - Why to create more accessible Mobile Apps
Designing Mobile Apps with Empathy - Why to create more accessible Mobile AppsDesigning Mobile Apps with Empathy - Why to create more accessible Mobile Apps
Designing Mobile Apps with Empathy - Why to create more accessible Mobile AppsWayne Pau
 
Fast & Lightweight Usability Testing Experiment (FLUTE)
Fast & Lightweight Usability Testing Experiment (FLUTE)Fast & Lightweight Usability Testing Experiment (FLUTE)
Fast & Lightweight Usability Testing Experiment (FLUTE)Wayne Pau
 
Usability Testing: Targeting Mobile Devices
Usability Testing: Targeting Mobile DevicesUsability Testing: Targeting Mobile Devices
Usability Testing: Targeting Mobile DevicesWayne Pau
 
Design Thinking: User Empathy
Design Thinking: User EmpathyDesign Thinking: User Empathy
Design Thinking: User EmpathyWayne Pau
 
Ux checklist
Ux checklistUx checklist
Ux checklistWayne Pau
 

More from Wayne Pau (9)

SAP Design Day 2016 (Montreal) - F.L.U.T.E.
SAP Design Day 2016 (Montreal) - F.L.U.T.E.SAP Design Day 2016 (Montreal) - F.L.U.T.E.
SAP Design Day 2016 (Montreal) - F.L.U.T.E.
 
UofT Department of Computer Science Innovation Lab - Innovation & Team Building
UofT Department of Computer Science Innovation Lab - Innovation & Team BuildingUofT Department of Computer Science Innovation Lab - Innovation & Team Building
UofT Department of Computer Science Innovation Lab - Innovation & Team Building
 
UofT SMARTWEEK 2014 - UX + IoT
UofT SMARTWEEK 2014 - UX + IoTUofT SMARTWEEK 2014 - UX + IoT
UofT SMARTWEEK 2014 - UX + IoT
 
Next36 design thinking_intro_4x3_v2
Next36 design thinking_intro_4x3_v2Next36 design thinking_intro_4x3_v2
Next36 design thinking_intro_4x3_v2
 
Designing Mobile Apps with Empathy - Why to create more accessible Mobile Apps
Designing Mobile Apps with Empathy - Why to create more accessible Mobile AppsDesigning Mobile Apps with Empathy - Why to create more accessible Mobile Apps
Designing Mobile Apps with Empathy - Why to create more accessible Mobile Apps
 
Fast & Lightweight Usability Testing Experiment (FLUTE)
Fast & Lightweight Usability Testing Experiment (FLUTE)Fast & Lightweight Usability Testing Experiment (FLUTE)
Fast & Lightweight Usability Testing Experiment (FLUTE)
 
Usability Testing: Targeting Mobile Devices
Usability Testing: Targeting Mobile DevicesUsability Testing: Targeting Mobile Devices
Usability Testing: Targeting Mobile Devices
 
Design Thinking: User Empathy
Design Thinking: User EmpathyDesign Thinking: User Empathy
Design Thinking: User Empathy
 
Ux checklist
Ux checklistUx checklist
Ux checklist
 

Introduction to Samsung KNOX

  • 1. Samsung KNOX Wayne Pau, Emerging Technologies SAP Mar 26, 2013
  • 2. Samsung KNOX • Generally more “Secure” than existing Container/Quarantines • Much “Deeper” solution than other Android SW options: 1. Customized Secure Boot 2. ARM TrustZone-based Integrity Measure Architecture (TIMA) 3. Security Enhanced Kernel • Allows KNOX to constantly verify/monitor for intrusions/attacks • Creates Samsung-only App Signing process (ie. KNOX-only App Store) © 2012 SAP AG. All rights reserved. Internal 2
  • 3. Samsung KNOX - Developers • KNOX Offers Developers “out-of-the-box”: 1. Secure KNOX Container 2. Separate Encrypted File Systems (KNOX zone) 3. FIPS certified VPN client per app 4. Container Level SSO • Only a “repackage”. No need to re-write or embed API • Integration with MDM vendors for 65 Policies: • Certificate management • Enterprise Single-Sign-On • Container Application Policy Group • Audit Log • Enterprise ISL Group • Container Firewall Policy Group • SEAndroid Policy Enforcement • Enterprise Premium VPN Policy Group • Enterprise Container Management Policy Group • SmartCard Policy Group • Container Password Policy Group • Container VPN Policy Group © 2012 SAP AG. All rights reserved. Internal 3
  • 4. Inter-App Communication Spectrum Apple iOS Samsung KNOX Google Android ← More Secure Less Secure → © 2012 SAP AG. All rights reserved. Internal 4
  • 5. Inter-App Communication Spectrum ← More Secure Less Secure → © 2012 SAP AG. All rights reserved. Internal 5
  • 6. iOS – Apple Sandbox • No Inter-app Communication • Each App installed in own Container • Apps have to be signed by Apple • Keychain from Apple for password/sensitive data • Does not support External Storage (ie. SD Cards) • Only 1x app in foreground • Most apps close <10 min after UI context switch (change app) • Industry “deemed” secure © 2012 SAP AG. All rights reserved. Internal 6
  • 7. Generic Android – Google Sandbox • “Privileged- Separated” Operation System • Apps apply and grant permissions to outside access • Apps are “developer” signed (not by Google) • Support External Storage (SD) • Tradition Volume level encryption • Vulnerable to USB/MTP mounting (see above) • Easy to Root. Hard to 100% detect “Rooting” • Industry “deemed” not very secure © 2012 SAP AG. All rights reserved. Internal 7
  • 8. Generic Android – Google Sandbox • Apps are “repackaged” & signed by Samsung • Apps run in Secure KNOX quarantine • Secure Boot Loader & SE Kernel • Secure focus only between in KNOX container vs. outside KNOX container © 2012 SAP AG. All rights reserved. Internal 8
  • 9. What does KNOX protect against? • Spoofed, Fake or Dangerous Apps (quarantine + app signing) • Automatic Data at Rest encryption (no need for custom encryption or encryption detection) • Automatic Remote Kill (no need for data fading/Time-bomb) • Baked-in SSO authentication • Secure Corporate Email-Only integration • 3rd Party Secure Viewer integration © 2012 SAP AG. All rights reserved. Internal 9
  • 10. Exchange ActiveSync & BYOD • KNOX is ‘Optimized’ for BYOD • KNOX Email Client – Only Wipes Out KNOX Container [corp. data] • Ignores data outside KNOX Container [user personal data] • No add’n changes @ Exchange Server (Note: If user connects to Exchange with non-secure/non-KNOX email client, this will still wipe entire device as per the current generic Android and iOS behaviour. For more info on EAS Remote Wipe see http://office.microsoft.com/en-us/support/delete-all-information-from-your-lost-phone-or-tablet- HA102834573.aspx?CTT=1) © 2012 SAP AG. All rights reserved. Internal 10
  • 11. Competition Single Android O/S & ROM level Containers: Solutions: Enterproid “The 3LM Divide” Cyanogen Android Containers Hardware & Kernel: & Wrappers: Blackberry Balance Good Dynamics (BB10) Mocana Samsung KNOX © 2012 SAP AG. All rights reserved. Internal 11
  • 13. Thank you Contact information: Wayne Pau (wayne.pau@sap.com) Emerging Technologies

Editor's Notes

  1. http://www.slideshare.net/agent0x0/the-android-vs-apple-ios-security-showdownhttp://forums.crackberry.com/news-rumors-f40/do-enterprises-still-believe-samsungs-safe-knox-779008/http://www.theverge.com/2013/3/6/4071766/galaxy-s-iii-bug-bypasses-lockscreenhttp://www.theverge.com/2013/2/14/3987830/ios-6-1-security-flaw-lets-anyone-make-calls-from-your-iphonehttp://theiphonewiki.com/wiki/ASLRhttps://blog.duosecurity.com/2012/07/exploit-mitigations-in-android-jelly-bean-4-1/https://blog.duosecurity.com/2012/02/a-look-at-aslr-in-android-ice-cream-sandwich-4-0/https://threatpost.com/en_us/blogs/apple-details-ios-security-features-new-guide-053112
  2. http://theiphonewiki.com/wiki/ASLR
  3. AIDL/Binder type of Intent to support IPCOffers Explicit &amp; Implicit Intents + Intent FiltersLeverage Android Permission Modelhttp://developer.android.com/guide/components/aidl.htmlhttp://developer.android.com/reference/android/content/Intent.htmlhttp://0xlab.org/~jserv/android-binder-ipc.pdfhttp://www.cs.berkeley.edu/~emc/papers/mobi168-chin.pdfhttps://lkml.org/lkml/2009/6/25/3https://www.owasp.org/images/c/ca/ASDC12-An_InDepth_Introduction_to_the_Android_Permissions_Modeland_How_to_Secure_MultiComponent_Applications.pdf
  4. AIDL/Binder type of Intent to support IPCOffers Explicit &amp; Implicit Intents + Intent FiltersLeverage Android Permission Modelhttp://developer.android.com/guide/components/aidl.htmlhttp://developer.android.com/reference/android/content/Intent.htmlhttp://0xlab.org/~jserv/android-binder-ipc.pdfhttp://www.cs.berkeley.edu/~emc/papers/mobi168-chin.pdfhttps://lkml.org/lkml/2009/6/25/3https://www.owasp.org/images/c/ca/ASDC12-An_InDepth_Introduction_to_the_Android_Permissions_Modeland_How_to_Secure_MultiComponent_Applications.pdf
  5. Note: BB10 runs on QNX which has a different invocation framework. Not the same with Android’s based.