One of the most important security measures for any data, especially on a mobile device, is data encryption. The Data-at-Rest Capability Package (DAR CP) defines a high bar for ensuring data is encrypted not just once, but twice, to meet the needs for protecting classified data as part of the Commercial Solutions for Classified (CSfC) program. A key component for any solution to meet the requirements of the DAR CP is to have independent cryptographic layers for protecting the stored data.
Samsung devices supporting Samsung Knox File Encryption have now been approved as meeting this requirement for independent layers natively, without the need for third-party cryptography.
What is the DAR CP?
As part of the CSfC program, the National Security Agency (NSA) has created several Capability Packages. These are requirements that must be met for any solution that will handle data that is classified, and so are outlines for how the group should approach building said solution. Components that can be used to meet the requirements of Capability Packages must be approved by the NSA to be listed on the Components List site. The DAR CP is specifically focused on the storage of classified data on the local device.
The DAR CP provides many different possible solutions based on the devices in question, though for mobile devices, the expected configuration is called PE/FE (or PF) for Platform Encryption/File Encryption. The Platform Encryption would be considered the outer layer, while the File Encryption would be considered the inner layer. In normal operations, the outer layer would be unlocked say at boot, while the inner layer would remain locked until the user would need to access the classified data, and locked again once access is no longer needed.
In addition to the requirements about encryption algorithms, key sizes and device configuration, the DAR CP also mandates that each layer of data encryption be cryptographically independent.
What does it mean to be cryptographically independent?
Cryptographic independence for the NSA means that each layer performing the encryption must be implemented using different methods and most importantly, different cryptographic modules. Further, the cryptographic modules cannot just be copies of the same module embedded into a different method of handling the encryption. This is meant to ensure that a potential vulnerability in one module would not also be found in the second module, providing confidence that there is at least one layer that is not compromised.
The most common method for handling independence is through manufacturer diversity. In practice this means that the customer would need to purchase and integrate two programs from separate vendors, once for each layer. For example, on a PC, the customer could implement a Full Disk Encryption solution for the outer layer and then some sort of file encryption for the inner layer (such as encrypted ZIP files). The key point though, would be that the two layers would come from two different vendors, using two different cryptographic modules.
What is the Samsung solution?
The Samsung solution, meeting the PF configuration in the DAR CP, is based on components that are evaluated as part of the Protection Profile for Mobile Device Fundamentals 3.1 (PP_MD_V3.1 or MDFPP) and as part of the PP-Module for File Encryption 1.0 (MOD_FE_V1.0).
The outer layer (PE component) is the File-Based Encryption evaluated as part of the PP_MD_V3.1 evaluation, which encrypts the entire user data partition. The inner layer (FE component) is the Samsung Knox File Encryption product which is part of a Work Profile. When enabled, all data stored within the Work Profile is encrypted, and then is passed to the file system for encryption by the outer layer. All encryption happens automatically, without any user intervention.
How is Samsung cryptographically independent?
The Samsung design to provide both layers was specifically targeted to meet the requirements of the DAR CP, including cryptographic independence. The outer layer of encryption is handled by a hardware storage encryption module that is part of the System-on-Chip (SoC). The inner layer of encryption is handled by a kernel cryptographic module. The inner layer was specifically chosen to be separate and independent of the outer layer.
The outer layer, as part of the SoC, is maintained by the hardware provider (such as Samsung Semiconductor or Qualcomm, depending on the device model), while the kernel cryptographic module is maintained by Samsung Research.
What does this mean for Samsung devices?
On June 5, 2020 the NSA provided CSfC Independent Layer Approval for devices that have Android 9 and Android 10 and Samsung Knox File Encryption v1.0 (for Android 9) and v1.2 (for Android 10). This means that with the appropriate devices and configuration, a customer can use a Samsung device with no additional software, and meet the requirements of the DAR CP.
Who would use this?
Samsung designed Knox File Encryption around the NSA requirements found in the Data-at-Rest Capability Package, built on top of the encryption already provided by default. While these requirements are specifically written for classified environments, Samsung focused on creating a simple solution that would be easy for anyone to use, not just the NSA. Any organization that has confidential data that may be stored on mobile devices should consider implementing encryption on the Work Profile.