Don’t be a dummy. Provide enhanced mobile security for your business with Samsung KNOX. Learn how you can bring defense-grade mobile security to your workplace. http://www.samsung.com/us/business/security/knox/
18. Samsung KNOX For Dummies, Samsung Special Edition 14
your phone already has on it!). Unfortunately, it’s impractical
to verify the integrity and authenticity of all that software at
boot‐time, because it would (seemingly) take forever to the
user — like booting up a computer every time you want to use
your phone!
KNOX checks all this extra system software using an
enhanced version of the basic “DM‐Verity” software included
with the Google Android Lollipop OS release. KNOX verifies
the integrity of system software not covered by the boot‐time
checks (discussed in the previous section) and if a malicious
process or user is detected, it blocks any attempt to access
the modified software and data.
DM‐Verity is a Linux kernel driver for verifying the integrity of
a partition at run‐time.
Go! Run‐Time Defenses
More sophisticated attacks can compromise the device or
intercept data at run‐time (when you actually launch an app
or access data). To protect devices against run‐time attacks,
KNOX uses the TrustZone‐based Integrity Measurement
Architecture (TIMA), a proprietary security technology
developed by Samsung. The TIMA components include
the following:
✓✓ Periodic Kernel Measurement (PKM): PKM performs
continuous periodic monitoring of the kernel to detect
if legitimate kernel code and data have been modified
by malicious software. PKM is analogous to a scheduled
scan in traditional antivirus or antimalware software for
desktop computers.
✓✓ Real‐Time Kernel Protection (RKP): RKP performs ongo-
ing, real‐time monitoring of the OS from within TrustZone
to prevent kernel tampering. RKP is analogous to real‐
time, on‐demand antivirus or antimalware software
scanning that is triggered when a USB thumb drive, for
example, is connected to a desktop computer.
RKP and PKM are essential in protecting Android devices
against unknown future threats. Flagging suspicious activi-
ties is the first step in identifying and preventing security
19. Chapter 2: The KNOX Platform 15
breaches. These real‐time checks give enterprises confidence
that devices are continuously monitored for breaches, and
that IT is alerted if corporate devices have been compromised.
Update Protection
Rollback prevention is a feature of KNOX that blocks
the device from loading a valid but older version of boot
components. Older versions of software may contain
vulnerabilities that attackers can exploit. KNOX rollback
prevention checks the version of the bootloader and kernel
during both boot and updates, and blocks these processes
from continuing if versions are unacceptably old. KNOX
further secures this process by using hardware features
installed at the factory.
The KNOX security platform is built in to flagship Samsung
mobile devices and protects the device right out of the box,
throughout the entire device life cycle.