Knox Platform Addresses Security Concerns
As cyber security threats increase due to the spread of the Internet of Things (IoT), artificial intelligence (AI) and 5G telecom services, Samsung Electronics is mobilizing all means available, including AI, social media information and bug bounty programs, to combat smartphone security risks. In particular, the company has started operating a system that automatically defends against all possible cyber attacks with IT technology by applying AI to security threat detection, analysis, and responses.
Ahn Gil-jun, head of the security team at Samsung Research, unveiled Samsung Electronics’ mobile security strategy at the Samsung Security Technology Forum 2019 held on the Seoul R&D Campus in Umyeon-dong, Seoul on Aug. 20.
The forum is Korea's largest security event held with the participation of information security experts, those from the security industry and academia and students. This year’s event was attended by more than 1,400 participants.
Samsung Research has about 10,000 researchers at 14 research labs in 12 countries and study eight themes including AI, 5G and 6G, security, and Tizen. About 5,000 researchers are focusing on future technologies at the R&D Campus in Seoul.
Samsung has developed a mobile security platform that responds to all possible attacks on smartphones. Dubbed Samsung Knox, the platform is built into Samsung smartphones, tablets, and wearables at the manufacturing stage.
The Knox platform consists of overlapping defense and security mechanisms that protect against intrusion, malware, and more malicious threats. It builds a trusted environment in four ways. It establishes a hardware-backed “root of trust,” on which other components rely.
A root of trust is a series of stringent checks and balances based on keys and configuration information which can be relied upon under any security attacks.
The platform also builds trust during boot, through features like “Trusted Boot.” While the device is in use, it maintains trust through features like “Real-Time Kernel Protection.”
In addition to platform security through Knox, Samsung Electronics applied software obfuscation technology to protect apps and software. It also applied network intrusion detection technology to smartphones to block network attacks. In addition, it operates a security threat detection and analysis system using AI and automation technology.
“The system grasps trends in various social networks and the latest security information, automatically analyzes data and make AI study them,” Ahn said. “We have a system that automatically identifies and responds to malicious URLs, IPs, and malware in AI-based threat analysis platforms.” For threat analysis, Samsung introduced the AI Vulnerability Analysis System (AVAS) which analyzes the potential vulnerabilities of open source software from time to time and automatically takes action.
The company operates security policies at all stages of product development and commercialization to prevent security accidents. The key is to run the Samsung Security Management System (SSMS) to eliminate security threats and privacy information risks at all stages of product requirements analysis, architecture, design, implementation, testing, and commercialization. A product developer performs security procedures by working with security officers and other development systems.
Samsung also utilizes external resources. In particular, it takes advantage of a bug bounty program which gives prizes to external experts for product vulnerability analysis. "We introduced a bug bounty program to find out security vulnerabilities faster in 2017," said Lee Jong-hyun, executive director of Samsung Electronics Wireless Business Division. “The highest amount of money paid through the program was US$230,000, and the highest prize money for a single vulnerability was US$120,000.” Samsung has received more than 2000 vulnerability reports through the bug bounty program.