In the world of information security, it doesn’t take long to be caught with your proverbial “pants down.” An encryption protocol or software library that used to be perfectly fine can become persona non grata, seemingly overnight. First, MD5 was fine. Now, if you use it, it’s security “malpractice.”
But it’s clear why: Bad guys only have to find one weak link in the sensitive underpinnings of your systems to take control and steal data or hold it hostage. This is exactly why monthly security patches are so critical; what you have now is only good until the next exploit drops. It’s also the rationale behind Samsung’s implementation of Dual Data at Rest Encryption within our mobile security stack.
Protections must match the risk. For many, relying on monthly security patches is adequate. It reduces the risk of being so far behind that you’re a sitting duck from novice attackers. But, relying only on patching leaves systems and data exposed until everything gets fixed. Having something to protect you during the patching “gaps” dramatically reduces your risk exposure.
Let’s imagine you sell airplane engines. You build to very high standards, but even so, there may be a one in a million chance of an engine failing on a given flight. It might sound pretty safe, but think about how many engines are in service. And how many flights happen every day? It should be clear that, eventually, one will fail. Of course there’s a simple answer: use two engines! A two-engine plane is clearly safer, but by how much? You might be tempted to say “twice as safe.” Here’s the shocker: the second engine makes the plane in our simple example a million times less likely to have complete engine failure on a flight.
As you can see, understanding redundancy is incredibly important when managing risk. To reduce the risk that data you encrypt today won’t be cracked tomorrow, you can encrypt it twice, using two completely separate systems. Just like in the engine example, having dual encryption systems based on separate crypto modules means if an issue is exposed in one module, your data remains protected by the second until the system is patched.
Samsung’s Dual Data-at-Rest Encryption (DualDAR), part of Knox Platform for Enterprise (KPE), is designed for CIOs who require data to be protected at all times. The system even enables our devices to handle classified data in defense deployments. Let’s look a bit closer.
How Android encryption has evolved
Originally Android devices used full-disk encryption (FDE) to protect device data. FDE had a limitation: once the device booted and the disk could be decrypted, all data stayed that way while the device was in use. Samsung extended FDE on early versions of KPE to allow sensitive work data to be encrypted separately, ensuring it was protected while not in use without blocking users from using the device for other purposes. Android’s file-based encryption (FBE) was then designed to allow even more granularity: each file could be separately encrypted.
These previous iterations of Android encryption enabled us to treat sensitive data differently, locking it down when not in use. But, it didn’t provide the redundancy we discussed above. This brings us to DualDAR.
While FBE is good enough for many applications, there’s a higher bar set for classified data by the National Security Agency (NSA), which requires that data should be double-encrypted. This is laid out in detail in the NSA’s Commercial Solutions for Classified Program’s (CSfC). Two layers of encryption protect against accidental misconfiguration, operator error or malicious attacks on one of the encryption layers. While Samsung designed Knox File Encryption around these NSA requirements for classified environments, we focused on creating a simple solution that would be easy for anyone to use, not just the NSA. Any organization that has confidential data that may be stored on mobile devices should consider implementing our DualDAR encryption on their Work Profiles.
What is Samsung Dual Data-at-Rest?
On Samsung’s latest Galaxy smartphones, DualDAR meets the challenge raised by the NSA.
In broad terms, DualDAR uses Samsung Knox File Encryption 1.0 to provide two “layers” of container data encryption and is the first certified, integrated Dual Data-at-Rest solution for mobile devices. Each layer uses different crypto modules, keys, passwords and even different source code. First, hardware-based encryption using AES-256 is run across the data — what you’d get with normal Android FBE. Then, a second customizable encryption layer runs on the data. This second layer can use the preinstalled Linux crypto module, or use one provided by a third-party crypto vendor or your choice. If you’re interested reading more, head over to the DualDAR Architecture on Samsung’s online SDK.
How to build an effective incident response plan
Get this free guide on how to respond to mobile security breaches — or thwart them altogether. Download Now
DualDAR is strictly used for protecting data saved within a Work Profile in Android. This is a natural fit since it’s where business apps and data are stored. DualDAR leverages the “Credential Encrypted” (CE) storage of Android’s File Based Encryption. When the phone locks, this encrypted area is inaccessible since the key to decrypt the data is “evicted” or thrown out. That means that not even the apps running in the background on the locked device can read the data anymore. For apps that need to read and write data in the background, such as an email app checking for and saving new messages, DualDAR exposes controls to allow an admin to “whitelist” such apps. These controls are exposed via the Universal Endpoint Management (UEM) interfaces. UEM vendors can look to the DualDAR UEM integration guide for more details on how to expose these controls.
As with everything in security, there’s a balancing act between usability and strict controls and protections. DualDAR has been built to meet the high security requirements from the NSA, without being cumbersome to use or deploy. It’s a great example of how Samsung builds devices consumers love, while giving IT leaders the business solutions that lower your security risk and simplify your job of preventing the unthinkable from happening under your watch.