Samsung’s Knox, the secure enterprise enhancements to its Android devices, is not unique, but it is brilliant nevertheless. Market dominance, control over mobile hardware, and Android’s open source model made this a straightforward development for Samsung that should pay dividends. It could even create a contagion of secure Android products from other Android device manufacturers.
While it takes Samsung’s scale and reach to implement Knox, the engineering design of this project could have been done by a software engineering graduate student. Applying the right technology to the right business case is the secret to great engineering. Apple and the mobile device management (MDM) vendors should worry.
Samsung built an authenticated boot of the Android operating system to create a trusted runtime environment. This capability has already been integrated into Android, but never implemented by manufacturers because Android developers sometimes build custom boot ROMs to extend Android with cool features, such as CyanogenMod, or add a critical OS component, which was necessary for the SPAN project. But to weaken Apple’s hold on the enterprise market and outflank Windows 8, it is a necessary addition if Samsung is going to win over customers in the IT department.
It is unclear at this time which Samsung devices can be secured because Knox requires specific on-chip read-only-memory (ROM) hardware. Using well-understood cryptography techniques, trusted onboard code verifies the very first operating system component that does not reside in ROM called the boot loader. Using public key encryption, each operating system component is verified against its signature, created with a secure hash algorithm (SHA) until all Android components are loaded and operational.
To convert this known runtime environment into a “trusted” runtime environment, Samsung turned to its partner General Dynamics, whose C4 Division has decades of experience building trusted command and control systems for the military. General Dynamics reviewed the Android code in Knox and verified that it could be trusted. So each module of the Knox version of Android that is loaded is both known and verifiable based on encryption techniques and trusted because of the review by General Dynamics. According to a May 2012 General Dynamics press release, the technology integrated with Samsung is “trusted to protect information classified from the Secret level and below.”
A simple icon on the bottom of the screen lets the user switch between personal and Knox environments with different storage, apps and credentials. The Verge reported that “Switching between environments on the Galaxy SIII test units that Samsung has out at Mobile World Congress is basically instantaneous – there’s no lag, no delay, no boot time.” There is an underlying virtual machine that switches and segregates the two environments. It’s clear that the Knox data and code is encrypted, but it’s not clear how code and data are handled on the private side and whether or not the Android code on the personal side can be different than the Knox side. It would be an added bonus if the user could choose the personal version of Android, such as CyanogenMod or Key Lime Pie.
The IT department can access and wipe the Knox partition and limit the apps loaded to devices that are white-listed.
Knox creates a large enterprise customer segment that won’t need MDM when it becomes available. Unless a smartphone’s intended use is very confidential, or there are limits to Knox in complying with the Sarbanes Oxley regulations governing financial firms or HIPAA regulations in the healthcare industry, it’s likely that Knox on a Samsung SIII is good enough for most enterprises.
Apple should be concerned. iOS has penetrated large corporate accounts where Apple’s other products have failed to make any progress in displacing Microsoft’s desktops and notebooks hold. iOS succeeded because BlackBerry stood still, Microsoft Windows 8 Mobile was late, and Android’s open source model worried some IT executives. Now, IT has a secure, government-approved Android alternative to iOS.
We have not yet heard from the security risk assessment companies, such as Veracode and the many smaller white hat hacker boutiques. Many hackers will look at Knox as a professional challenge and will contribute their opinions as soon as it’s widely available. And these firms will determine if Knox is more secure than iOS.
Knox does not really represent a Bring Your Own Device (BYOD) replacement because it is hardware-dependent, so it won’t run on every Android device. So as long as there are ordinary Android and iOS devices in an enterprise, MDM will be needed for BYOD.
Apple now will have competition in the market for the enterprises that purchase smart devices for employees. The Samsung SIII and Galaxy Note 2, especially when running Knox, are very sexy alternatives to the iPhone. If secure Android becomes a contagious business model for Android device manufacturers, the MDM total available market will shrink significantly as consumers adopt secure multipurpose mobile devices.