Mobile Security
From MgmtWiki
Full Title or Meme
Mobile Security refers to mobile devices that contain secrets that should not be disclosed even if the mobile device is misplaced.
Context
The canonical Mobile Security devices are:
- a Smart Card with some internal key storage space.
- a smartphone with an ARM processor that contains a Secure Enclave.
Solutions
- Many mobile management solutions like Microsoft or Samsung Knox.
- Android Enterprise Recommended knowledge worker and rugged devices. 174 devices that meet Android 12 requirements.
- The Motorola Solutions LEX11 and related devices.
- LEX L11 KEY FEATURES The LEX L11 is certified to U.S. National Security Agency (NSA) Commercial Solutions for Classified (CSfC) Program standards for accessing sensitive information across national security systems up to and including the top-secret level.
- The LEX L11 is certified to Security Technical Implementation Guide (STIG) provided by the Defense Information Systems Agency (DISA) as part of the Department of Defense (DoD). This means that the LEX L11 complies with the technical testing and hardening frameworks that contain technical guidelines for the standardization of security protocols in order to enhance overall security and reduce vulnerabilities.
- Trusted Boot Process - The LEX L11 checks the authenticity and integrity of the firmware during the device boot processes. If during this process the firmware fails integrity or authenticity checks, the firmware is prevented from being executed.
- LEX 11 specs
- Lex 11 Compliance document prepared for the National Information Assurance Partnership - Common Criteria Evaluation and Validation Scheme
- Knox Vault is an EAL5+ certified, tamper-resistant environment that holds the data that matters most on your device. It physically isolates PINs, passwords, biometrics and security-critical keys away from the rest and stores them in the secure memory. This is only available on high-end devices.
- Auditing / Logging - Security and operational event logging is done by the operating system and applications to produce retrievable audit trails for troubleshooting, security monitoring and forensics.
- Knox Vault on devices with Samsung Exynos processors is EAL5+ certified.
- Knox Vault on devices with Qualcomm processors is EAL4+ certified.
- In the case of a device hijacking, the self-destruct sequence is initiated without user consent or additional backup of the security data stored in Knox Vault.