Android’s decoupling of the hardware and operating system brings benefits to IT: It allows application and hardware vendors to compete on innovation, features, form factor, price and security. Samsung Knox is an example of the latter: A combination of hardware features and software enhancements to Android that increase mobile security.
What Is a Trusted Platform?
Not every Android phone is designed for the enterprise market. Vendors such as Samsung have evaluated the higher security requirements of enterprise customers and have responded by releasing trusted platforms: Devices with built-in hardware that establishes the integrity and identity of the platform and ensures only trusted software is loaded.
With a trusted platform, bootkit and rootkit attacks by malware and curious end users are generally blocked. Additionally, data encryption is more difficult to subvert because keys are not software accessible.
Today’s technology comes from the Trusted Computing Group (TCG) which publishes the Trusted Platform Module (TPM). TCG started in 2003, defining what a trusted platform would look like, and how it might be implemented and standardized. A TPM is a computer-within-a-computer, completely shielded from the main CPU. Software, whether friendly or unfriendly, can’t reach into the memory or storage of the TPM directly. In larger devices, such as laptops and desktops, the TPM is usually a separate chip.
Building Trusted Platforms on Smartphones
Trusted platform smartphones take a different approach for mobile devices with smaller packages and with tighter power budgets. Rather than add a TPM chip, devices build a Trusted Execution Environment (TEE) right into the main CPU and create a trusted platform. TEEs are implemented on the same CPU as the phone itself, helping with whole-disk encryption and overall processing speed.
A smartphone TEE isolates the management and storage of secure data, such as encryption keys. The TEE has its own software and memory that can’t be touched by the main CPU and runs authorized applications for security processing.
A well-defined API is used to communicate between the main CPU and the TEE, which tightly controls how data moves back and forth between the TEE and the outside world. Samsung’s TEE falls under the Knox brand and is built into Samsung smartphones.
The Samsung Knox TEE extends TrustZone, a TEE technology developed for ARM CPUs. By itself, TrustZone doesn’t provide all the features needed for a trusted platform. But with extensions and additions created by Samsung for the Knox TEE, Samsung smartphones become trusted platforms, providing a much higher level of security.
Supporting the TEE
Before delving into the extended environment of Knox TEE, it’s important to understand hardware root of trust components. These are trusted root pieces built-in at the factory, and support basic trusted platform functions such as secure booting.
1. Device Root Key (DRK) and Device Unique Hardware Key (DUHK)
The DRK and DUHK are public/private key pairs, unique to each device, that are created and stored in the TEE as part of the manufacturing and initial boot process.
A DRK is loaded and signed by Samsung during manufacturing; the DUHK is created at first boot and is signed by the DRK. In effect, each phone has its own digital certificates — with matching private keys — signed by Samsung. The private keys are stored in the Knox TEE, which means that they can’t be read or replaced directly by the Android OS or apps — only used by calling the TEE API.
Both the DRK and DUHK serve as authenticators, or a way for software to determine exactly which smartphone is being used. But authentication is just a start.
Starting with the signed DRK and DUHK private keys, the TEE can create additional protected signed encryption keys and authentication tokens. This connection lets software verify exactly which phone created the encryption keys, and recognize they were produced in a Samsung Knox TEE. These keys never leave the TEE, making them perfect for encrypting smartphone storage: Even if the encrypted data is stolen by malware, the keys cannot be read outside the TEE.
2. Samsung’s Secure Boot Certificate and Trusted Boot
Samsung also manufactures into the phone one of its own digital certificates. The Knox TEE uses this certificate to verify digital signatures on software, specifically boot components. A secure boot certificate is what enables the smartphone to know, as it is booting, that each loading component came directly from Samsung.
Secure Boot is limited, since it cannot distinguish between different approved versions, for example, a bootloader with a known vulnerability and a later patched version, as both versions have valid signatures. To address this limitation, Knox adds Trusted Boot, under which each software component in the chain computes and securely stores the cryptographic hash of the next component in TrustZone memory before loading it.
Storing and archiving measurement data enables third-parties to utilize attestation to identify the exact software version currently running on the device. This method ensures only the latest patched software versions are utilized to ensure patched software is not downgraded to an insecure version.
3. Rollback Prevention and Warranty Bit
Rollback Prevention defines the minimum acceptable version of the firmware for that phone. This is permanently stored in the TEE. If someone tries to load older firmware, Rollback Prevention causes the TEE to reject the installation. Rollback Prevention can be updated during firmware upgrades, keeping the protection up-to-date, and preventing additional security vulnerabilities.
To detect potential root of trust tampering, a memory location in the TEE called the Warranty Bit, signals that someone has managed to put non-approved software on the phone. Sometimes called a hardware fuse, a Warranty Bit cannot be reversed once it is written.
If the Warranty Bit fuse is “blown,” then on the next boot, the TEE will wipe out any encryption keys and authentication tokens, including the DRK and DUHK it has stored. The device is still usable, but will no longer be able to take advantage of TEE-dependent features such as Knox Workspace or Samsung Pay, as the ability to verify hardware is compromised.
Even with the decoupling of Android’s hardware and software, the use of trusted hardware roots gives IT administrators an extra level of security built directly into the phone — decreasing the attack surface and giving more tools to detect threats.
Are unpatched security vulnerabilities worth the risk? A recent report shows just how much known vulnerabilities can cost your business.