Knox security

Government-grade protection

Knox is a multi-layered platform built into the hardware and software of Samsung's latest devices. Knox constantly verifies the integrity of the device through a chain of security checks that begin at the hardware level and extend to the operating system, and detects any tampering to ensure your data is always secure.

Multi-layered security

Any one security flaw in the framework could lead to complete control of a device by attackers. Knox’s multiple defense layers detect any tampering and ensure data is always secure. Explore each of these layers below, or download the whitepaper for a deep dive.
Security Enhancements for Android
Real-time Kernel Protection</br> Integrity Measurement Architecture
TrustZone
Secure / Trusted Boot and</br> Hardware Root of Trust

Security Enhancements for Android

Knox protects applications and data by strictly defining what each process is allowed to do and what data it can access. This allows Knox to separate, encrypt, and protect enterprise data within a managed container.

Real-time Kernel Protection
Integrity Measurement Architecture

Periodic Kernel Measurement & Real-time Kernel Protection work to constantly inspect the core software of the OS, the kernel. These checks ensure that requests to bypass device security are blocked and sensitive data is protected.

TrustZone

Knox leverages a processor architecture known as TrustZone, in which highly sensitive computations are isolated from the rest of the device’s operations, protecting enterprise data.

Secure / Trusted Boot and
Hardware Root of Trust

To prevent security measures from being bypassed or compromised, Knox uses Boot-time Protections backed by Hardware Root of Trust to verify integrity of the device during the boot process.

Platform philosophy

Knox was designed in multiple layers across hardware and software so the device can constantly ensure data is secure. The design philosophy is to first build a trusted environment rooted in the hardware, to maintain it once the device is running, and to prove its integrity when asked. Only then can you make it truly ready for enterprise use.
Build trust
01 Chipset
The Knox platform ensures only approved versions of system-critical software are loaded. As the platform is built-in, the trust starts in the hardware, with unique certificates burnt into the chipset of each device.
02 Knox warranty fuse
With these unique certificates, the Knox platform can verify each piece of software that loads. If verification fails, Knox either records the tampering by flipping a one-time fuse called the Knox Warranty Bit, or prevents further booting. Devices with compromised Knox Warranty Bits cannot use certain Knox features or services, such as Knox Workspace or Samsung Pay.
03 Rollback prevention
Rollback prevention ensures that a Samsung device is not downgraded to an earlier, vulnerable software version.
Maintain trust
04 Software
Loaded, verified software can still be modified by the user, either intentionally or unintentionally. i.e. Downloading a malicious app or malware.
05 Device monitoring
The Knox platform ensures that system-critical software is not modified once loaded. The platform uses a set of technologies to protect the device kernel - the core of the operating system. It also protects applications and its data during runtime to detect malicious attacks as well as monitoring policy settings to quickly isolate any threat.
06 Rooting prevention
Samsung Knox is designed to protect the kernel and prevent rooting. This keeps the system processes and resources protected from hostile access and malware attacks.
Prove trust
07 Attestation
For IT admins intending to manage mobile devices with an MDM, Knox-enabled devices can provide you with an attestation, which lets you see if a device has been tampered with or not. Based on that, you can decide if the device can be trusted, and if it is allowed to receive sensitive corporate data.
08 Software approval
The Knox platform only loads and runs approved system-critical software on a device and can prove this to a third-party when requested.
Make ready
09 MDM integration
The final step of the design philosophy is to make the trusted platform ready for enterprise use. This involves giving enterprises complete control and configurability over their data and applications using an MDM.
10 Controls and utilities
Knox supplies a collection of controls and utilities:
Encryption that keeps data secure and confidential; VPN allows data to be easily and securely sent and received when working out of office; SSO allows data to be easily accessed with consolidated authentication for apps and data.

Knox certifications

Government and related organizations around the world have some of the most stringent information and technology security requirements. Samsung Electronics works closely with these organizations on a continuous basis to ensure that our products and solutions meet and exceed these requirements.
TRY FOR FREE

Knox IT solutions are designed to work together to help you from deployment to daily use.

Knox Configure
Configure device settings in bulk
Learn more
Knox Mobile Enrollment
Enroll devices to an MDM in bulk
Learn more
Knox Manage
Manage devices in the cloud
Learn more
Knox Workspace
Secure company data in an encrypted container
Learn more
Samsung E-FOTA
Maintain device OS versions
Learn more