MOBILE SECURITY

CHALLENGES &

SOLUTIONS Paweł Śniecikowski

08.09.2017

S A M S U N G M O B I L E B U S I N E S S

Enterprise mobility trends

Mobile devices are widely used in the enterprise

Use of enterprise mobility solutions continues to grow

Enterprise mobility will expand to the Internet of Things (IoT)

>500M devices sold for business use in 20161

324M users are expected to use enterprise mobility solutions in 20162

8.3B endpoint units will be used by enterprises in 20203

4

1 Strategy Analytics : Sept. 2015

2 Strategy Analytics: Oct. 2015

3 Gartner: July 2015

39% 90% of devices in your company have

ever downloaded malware in the past of companies are believed not to

be prepared for cyberattacks

Source: World Economic Forum

„The Global Risks Report 2016,

11th edition”

Source: 2016 Spotlight Report

Cybercrime cost the world economy 2016 £ 335 billion

What about the security?

Źródło: https://www.owasp.org/index.php/Mobile_Top_10_2016-Top_10

Top 10 of most critical security risks

in mobile devices

M1: Improper Platform Usage

M2: Insecure Data Storage

M3: Insecure Communication

M4: Insecure Authentication

M5: Insufficient Cryptography

M6: Insecure Authorization

M7: Poor Code Quality

M8: Code Tampering

M9: Reverse engineering

M10: Extraneous Functionality

Źródło: https://www.nsa.gov/ia/_files/factsheets/mobilerisks.pdf

Typical attacks

From NSA reaport

Attacks vectors How to protect

Malicious software Internal App Store, MDM policies...

Direct access to lost/stolen device Data encryption...

Direct access to found/returned device Staff training...

Malicious e-mails/websites Security patches...

„Man in the middle” Safe communication channels (ie. VPN)...

Exploits Security patches, fast reaction...

Typical attacks RAM scanning

E-mail Browser history

Pictures

Typical attacks RAM scanning

11

Enterprise mobility challenges How can we secure

corporate data?

How can we efficiently

manage mobile devices?

How can we increase

mobile productivity?

How can we ensure privacy of a user

12

Security Protect your company data from malicious attacks

Manageability Manage your devices with sophisticated policies.

Productivity Help employees do more with mobile devices.

Privacy Separate private and work areas

and more...

13

* TrustZone-based Integrity Measurement Architecture (TIMA)

Hardware Root of Trust – Trust Zone

Trusted Boot & Secure Boot

TIMA*

SE for Android

KNOX Container

* TrustZone-based Integrity Measurement Architecture (TIMA)

World-class Samsung KNOX security

14

Best Security Anti-Fraud Product or Solution

Meets stringent government security standards in 26 countries. Common Criteria for MDFPP.

Most Strong Mobile Security Platform in Gartner’s 2016 “Mobile Device Security: A Comparison of Platforms”

http://www.samsungknox.com/en/knox-technology/security-certifications

Android ≠ Samsung Android hardened by KNOX

≠

Comprehensive set of enterprise mobility solutions to address a variety of business needs on top of the secure Knox platform

Knox Solutions

Security & Management Deployment & Customization

Knox Configure

KNOX Workspace

KNOX Solutions

Defense-grade security for applications and data

Security hardened: Secured from hardware to software.

Just plug in: Compatible with major MDMs, any Android app.

Managed by your

MDM solution

Work Personal

Protected phone

17

If the device is ever compromised, KNOX Workspace will permanently lock down

COMPROMISED

ENCRYPTED

19

KNOX Solutions

A cloud-based EMM and on-device

secure containers

Most cost effective: Beats all major EMM competitors in price.

Easy management: Easy-to-use web console helps configure

system and devices.

Security hardened: Secured from hardware to software.

Functional container

(Simple version of

KNOX Workspace) Full EMM

(Cloud-based)

KNOX Premium

Samsung E-FOTA (Firmware Over The Air)

SELECTIVE FOTA

Enterprise FOTA meets the IT manager’s needs on OS version control by offering 3 key features.

Selective FOTA allows IT administrators to specify a specific

OS firmware version to be deployed to their users

Current FOTA does not allow IT admins to specify which

version of firmware is to be deployed

Stabilized

Latest but

Not Tested

Errors on

Biz apps! Selective FOTA (JUMP)

Without Selective FOTA (Sequential)

TIME CONTROL

Set time to update considering work time, schedules

FORCED UPDATE

Manage single mobile OS within enterprise

- YOU ARE YOUR PASSWORD -

Samsung Pass Samsung Pass enables Simple & Secure biometric authentication in fully integrated way.

024

SAMSUNG PASS INTRODUCTION SAMSUNG PASS

Simple

Secure

Integrated

Mobile(App&Web) & PC Integration Integrate Samsung Pass with applications on Mobile or PC

26

• Users can easily log into Mobile or PC services with biometric-based authentication on smartphone.

• For the services requiring enhanced security (e.g. money transfer), authentication can be processed with iris recognition, which can replace typing one-time passwords.

FOR MONEY TRANSFER FOR LOGIN

Push notification

to user’s smartphone

Security

27

Biometric data is templatized

& stored in TrustZone only,

i.e. never identifiable with the actual

biometric & never leaves the device

Templatized Biometric

Data Samsung’s proprietary technology

to manage sensitive data

in TrustZone

Samsung Knox

DEVICE SERVER

TrustZone

TrustZone is hardware-based

security to provide secure

endpoints and a device root

of trust

SERVER

FIDO (Fast Identity Online) protocol with PKI

(Public Key Infrastructure) cryptography

for safer validation of authentication

FIDO Standard

Lost, stolen devices can be

managed remotely

via FindMyMobile

Remote Device Mgmt

Exclusive, dedicated public keys

for each partner,

securely stored in server

Dedicated/Exclusive

Key

Samsung Pass Architecture

Partner Server

Transaction

Authentication

Partner

• Integration of Samsung Pass

SDK in mobile app and web

• Partner server configuration to

adopt Samsung Pass flow

User management

FIDO

authentication

Authority

management

Samsung

• Development of core

components and Samsung

Pass platform

• Support integration for partner Platform

FIDO

Public Key

Partner App

Authentication

Framework

Biometric

Data FIDO

Private Key

Samsung Pass

SDK

Exclusive

Keys

(for partner)

Samsung Pass new feature

Samsung Pass will provide new user experience using a S-Pen to e-Signature companies

Samsung Pass | e-Signature

0. (User A) send request for e-signature of user B

1. (User B) Open the contract document

3. (User B)Review the contract and sign it with a S-pen and confirm

4. (User B) Send the signed document 2. (User B) Samsung pass

biometric authentication

Samsung DeX

35

Transaction

Authentication

User management

FIDO

authentication

Authority management

FIDO

Public Key

Samsung DeX

A desktop experience

from your smartphone

• PC in your pocket

• Supports CITRIX, VMWare, etc.

Virtual Desktop solutions

• Android apps multitasking

36

and more...

http://www.samsungknox.com