s a m s u n g m o b i l e b u s i n e s s mobile security ... · use of enterprise mobility...
TRANSCRIPT
MOBILE SECURITY
CHALLENGES &
SOLUTIONS Paweł Śniecikowski
08.09.2017
S A M S U N G M O B I L E B U S I N E S S
Enterprise mobility trends
Mobile devices are widely used in the enterprise
Use of enterprise mobility solutions continues to grow
Enterprise mobility will expand to the Internet of Things (IoT)
>500M devices sold for business use in 20161
324M users are expected to use enterprise mobility solutions in 20162
8.3B endpoint units will be used by enterprises in 20203
4
1 Strategy Analytics : Sept. 2015
2 Strategy Analytics: Oct. 2015
3 Gartner: July 2015
39% 90% of devices in your company have
ever downloaded malware in the past of companies are believed not to
be prepared for cyberattacks
Source: World Economic Forum
„The Global Risks Report 2016,
11th edition”
Source: 2016 Spotlight Report
Cybercrime cost the world economy 2016 £ 335 billion
What about the security?
Źródło: https://www.owasp.org/index.php/Mobile_Top_10_2016-Top_10
Top 10 of most critical security risks
in mobile devices
M1: Improper Platform Usage
M2: Insecure Data Storage
M3: Insecure Communication
M4: Insecure Authentication
M5: Insufficient Cryptography
M6: Insecure Authorization
M7: Poor Code Quality
M8: Code Tampering
M9: Reverse engineering
M10: Extraneous Functionality
Źródło: https://www.nsa.gov/ia/_files/factsheets/mobilerisks.pdf
Typical attacks
From NSA reaport
Attacks vectors How to protect
Malicious software Internal App Store, MDM policies...
Direct access to lost/stolen device Data encryption...
Direct access to found/returned device Staff training...
Malicious e-mails/websites Security patches...
„Man in the middle” Safe communication channels (ie. VPN)...
Exploits Security patches, fast reaction...
Typical attacks RAM scanning
E-mail Browser history
Pictures
Typical attacks RAM scanning
11
Enterprise mobility challenges How can we secure
corporate data?
How can we efficiently
manage mobile devices?
How can we increase
mobile productivity?
How can we ensure privacy of a user
12
Security Protect your company data from malicious attacks
Manageability Manage your devices with sophisticated policies.
Productivity Help employees do more with mobile devices.
Privacy Separate private and work areas
and more...
13
* TrustZone-based Integrity Measurement Architecture (TIMA)
Hardware Root of Trust – Trust Zone
Trusted Boot & Secure Boot
TIMA*
SE for Android
KNOX Container
* TrustZone-based Integrity Measurement Architecture (TIMA)
World-class Samsung KNOX security
14
Best Security Anti-Fraud Product or Solution
Meets stringent government security standards in 26 countries. Common Criteria for MDFPP.
Most Strong Mobile Security Platform in Gartner’s 2016 “Mobile Device Security: A Comparison of Platforms”
http://www.samsungknox.com/en/knox-technology/security-certifications
Android ≠ Samsung Android hardened by KNOX
≠
Comprehensive set of enterprise mobility solutions to address a variety of business needs on top of the secure Knox platform
Knox Solutions
Security & Management Deployment & Customization
Knox Configure
KNOX Workspace
KNOX Solutions
Defense-grade security for applications and data
Security hardened: Secured from hardware to software.
Just plug in: Compatible with major MDMs, any Android app.
Managed by your
MDM solution
Work Personal
Protected phone
17
If the device is ever compromised, KNOX Workspace will permanently lock down
COMPROMISED
ENCRYPTED
19
KNOX Solutions
A cloud-based EMM and on-device
secure containers
Most cost effective: Beats all major EMM competitors in price.
Easy management: Easy-to-use web console helps configure
system and devices.
Security hardened: Secured from hardware to software.
Functional container
(Simple version of
KNOX Workspace) Full EMM
(Cloud-based)
KNOX Premium
Samsung E-FOTA (Firmware Over The Air)
SELECTIVE FOTA
Enterprise FOTA meets the IT manager’s needs on OS version control by offering 3 key features.
Selective FOTA allows IT administrators to specify a specific
OS firmware version to be deployed to their users
Current FOTA does not allow IT admins to specify which
version of firmware is to be deployed
Stabilized
Latest but
Not Tested
Errors on
Biz apps! Selective FOTA (JUMP)
Without Selective FOTA (Sequential)
TIME CONTROL
Set time to update considering work time, schedules
FORCED UPDATE
Manage single mobile OS within enterprise
- YOU ARE YOUR PASSWORD -
Samsung Pass Samsung Pass enables Simple & Secure biometric authentication in fully integrated way.
024
SAMSUNG PASS INTRODUCTION SAMSUNG PASS
Simple
Secure
Integrated
Mobile(App&Web) & PC Integration Integrate Samsung Pass with applications on Mobile or PC
26
• Users can easily log into Mobile or PC services with biometric-based authentication on smartphone.
• For the services requiring enhanced security (e.g. money transfer), authentication can be processed with iris recognition, which can replace typing one-time passwords.
FOR MONEY TRANSFER FOR LOGIN
Push notification
to user’s smartphone
Security
27
Biometric data is templatized
& stored in TrustZone only,
i.e. never identifiable with the actual
biometric & never leaves the device
Templatized Biometric
Data Samsung’s proprietary technology
to manage sensitive data
in TrustZone
Samsung Knox
DEVICE SERVER
TrustZone
TrustZone is hardware-based
security to provide secure
endpoints and a device root
of trust
SERVER
FIDO (Fast Identity Online) protocol with PKI
(Public Key Infrastructure) cryptography
for safer validation of authentication
FIDO Standard
Lost, stolen devices can be
managed remotely
via FindMyMobile
Remote Device Mgmt
Exclusive, dedicated public keys
for each partner,
securely stored in server
Dedicated/Exclusive
Key
Samsung Pass Architecture
Partner Server
Transaction
Authentication
Partner
• Integration of Samsung Pass
SDK in mobile app and web
• Partner server configuration to
adopt Samsung Pass flow
User management
FIDO
authentication
Authority
management
Samsung
• Development of core
components and Samsung
Pass platform
• Support integration for partner Platform
FIDO
Public Key
Partner App
Authentication
Framework
Biometric
Data FIDO
Private Key
Samsung Pass
SDK
Exclusive
Keys
(for partner)
Samsung Pass new feature
Samsung Pass will provide new user experience using a S-Pen to e-Signature companies
Samsung Pass | e-Signature
0. (User A) send request for e-signature of user B
1. (User B) Open the contract document
3. (User B)Review the contract and sign it with a S-pen and confirm
4. (User B) Send the signed document 2. (User B) Samsung pass
biometric authentication
Samsung DeX
35
Transaction
Authentication
User management
FIDO
authentication
Authority management
FIDO
Public Key
Samsung DeX
A desktop experience
from your smartphone
• PC in your pocket
• Supports CITRIX, VMWare, etc.
Virtual Desktop solutions
• Android apps multitasking
36
and more...
http://www.samsungknox.com