Multi-layered security
Any one security flaw in the framework could lead to complete control of a device by attackers. The Knox platform’s multiple defense layers detect any tampering and ensure data is always secure. Explore each of these layers below, or download the whitepaper for a deep dive.
Security Enhancements for Android
Knox protects applications and data by strictly defining what each process is allowed to do and what data it can access. This allows Knox to separate, encrypt, and protect enterprise data within a managed container.
Real-time Kernel Protection
Integrity Measurement Architecture
Periodic Kernel Measurement & Real-time Kernel Protection work to constantly inspect the core software of the OS, the kernel. These checks ensure that requests to bypass device security are blocked and sensitive data is protected.
TrustZone
Knox leverages a processor architecture known as TrustZone, in which highly sensitive computations are isolated from the rest of the device’s operations, protecting enterprise data.
Secure / Trusted Boot and
Hardware Root of Trust
To prevent security measures from being bypassed or compromised, Knox uses Boot-time Protections backed by Hardware Root of Trust to verify integrity of the device during the boot process.
Platform philosophy
The Knox platform was designed in multiple layers across hardware and software so the device can constantly ensure data is secure. The design philosophy is to first build a trusted environment rooted in the hardware, to maintain it once the device is running, and to prove its integrity when asked. Only then can you make it truly ready for enterprise use.
Build trust
01
Chipset
The Knox platform ensures only approved versions of system-critical software are loaded. As the platform is built-in, the trust starts in the hardware, with unique certificates burnt into the chipset of each device.
02
Knox warranty fuse
With these unique certificates, the Knox platform can verify each piece of software that loads. If verification fails, Knox either records the tampering by flipping a one-time fuse called the Knox Warranty Bit, or prevents further booting. Devices with compromised Knox Warranty Bits cannot use certain Knox features and services, such as Knox Workspace or Samsung Pay.
03
Rollback prevention
Rollback prevention ensures that a Samsung device is not downgraded to an earlier, vulnerable software version.
Maintain trust
04
Software
Loaded, verified software can still be modified by the user, either intentionally or unintentionally. i.e. Downloading a malicious app or malware.
05
Device monitoring
The Knox platform ensures that system-critical software is not modified once loaded. The platform uses a set of technologies to protect the device kernel - the core of the operating system. It also protects applications and its data during runtime to detect malicious attacks as well as monitoring policy settings to quickly isolate any threat.
06
Rooting prevention
Samsung Knox is designed to protect the kernel and prevent rooting. This keeps the system processes and resources protected from hostile access and malware attacks.
Prove trust
07
Attestation
For IT admins intending to manage mobile devices with an EMM, Knox-enabled devices can provide you with an attestation, which lets you see if a device has been tampered with or not. Based on that, you can decide if the device can be trusted, and if it is allowed to receive sensitive corporate data.
08
Software approval
The Knox platform only loads and runs approved system-critical software on a device and can prove this to a third-party when requested.
Make ready
09
EMM integration
The final step of the design philosophy is to make the trusted platform ready for enterprise use. This involves giving enterprises complete control and configurability over their data and applications using an EMM.
10
Controls and utilities
Knox supplies a collection of controls and utilities:
Encryption that keeps data secure and confidential; VPN allows data to be easily and securely sent and received when working out of office; SSO allows data to be easily accessed with consolidated authentication for apps and data.
Knox certifications
Government and related organizations around the world have some of the most stringent information and technology security requirements. Samsung Electronics works closely with these organizations on a continuous basis to ensure that our products and solutions meet and exceed these requirements.
