5. Trends: Convergence & Risk
Mobility is where these trends converge.
At Samsung we are applying the lessons learned from the first wave of mobility to these evolutions.
• Speed
• Near-zero latency
• Unknown, untrusted networks5G
IoT
AI
• 25+ billion endpoints by 2020
• Increased attack surfaces
• Different endpoints to support
• Beyond personal digital assistants
• Cognitive decision making
• Do you trust the apps and the
algorithms?
• Tampering can have catastrophic
downstream effects.
8. Risk Mitigation in Connected World
Comprehensive security strategy
• Validated, proven hardware
• Validated, secure firmware
• Secure transport/networks
• Security management infrastructure:
• Unified Endpoint Management
• Mobile Threat Defense (AI is your friend)
• Buy into an open-standards ecosystem (plug, play, swap as needed)
9. The Importance of hardware-based Security
Truly secure computing must address all
layers of your devices
Hardware
• Warranty Bit
• Device Unique Root Key
• Samsung Secure Boot Key
Application Layer
• Knox Workspace Container
• Sensitive Data Protection (during runtime)
• On Disk Encryption
• SE Android
• Client Certificate Management
• Keystore Management
• Device Attestation
• Realtime Kernel Protection
Firmware / Operating System
• Firmware Rollback Prevention
• Trusted and Verified Boot
• Secure Boot
10. Knox Security: The long story of securing your world
There are critical steps to ensure the integrity of any device.
Hardware Root of Trust
• Irretrievable device unique
hardware keys are built in
only accessible via
TrustZone
Build Trust
• Verifies all booting
components using
TrustZone
• If compromised,
Workspace container
gets locked
Maintain Trust
• Prevent unauthorized
Kernel access or code
modification
• Sensitive data are kept
encrypted even after
powered on
• Verify the integrity of
device security using
EMM
Measurements
guaranteed per device
Building trust
Manufacturing time Booting time Run time
Maintaining trust
11. Why Real-time Protection
It is critical to protect the device and its data while in
use, as people do not power down devices often.
• All data encrypted
• Integrity check at boot-up
• All data decrypted
• No kernel protection
• All data encrypted
• Integrity check at boot-up
• Personal data decrypted, but
important work data stays
encrypted decrypted when
Knox container is unlocked
• The kernel is protected in
run-time
Power
ON
AOSP
Samsung
Knox
Power
OFF
12. Trusted by Experts and Government Bodies
of Any Mobile Security Platform by
Meets stringent government security standards worldwide including MDFPP of NIAP
Most “Strong” Ratings
Mobile Device Security: A Comparison of Platforms 2019