Back to top
Home / Samsung Knox / Samsung Knox white papers / Samsung Knox Mobile Security / System Security /

Knox Device Health Attestation

Last updated March 7th, 2025

This feature is only available on managed devices, and requires the use of an EMM or UEM.

Maintaining device trust requires methods to reliably check and attest the current security state of the device. Enterprise devices can be compromised by malicious actors, which can put mobile apps and enterprise data sent to the endpoint at risk. To ensure unauthorized actors don’t receive controls or data that could impact your enterprise, it’s important to take a zero-trust approach to monitoring the health of the endpoint. Unauthorized actors might include:

  • A malicious user deliberately accessing a device they’re not authorized to, for example, while the user is away.
  • A bad actor who manipulates the software or hardware of the device, or its firmware in transit.

As captured in the threat model for Samsung Knox, advanced actors can—through a robust attack chain—gain full control over the device firmware, files, user interface (UI), and apps. Such malicious actors can exploit these scenarios to:

  • Install malicious applications.
  • Steal passwords and credentials.
  • Extort user and enterprise data on the device.
  • Laterally move to other assets in the enterprise.

Enterprises with Bring Your Own Device (BYOD) programs are especially at risk, as employees may potentially use compromised Android devices in the workplace. Unlike managed corporate devices, personally owned devices may be compromised prior to enrollment. Once enterprise applications are enrolled, admins are unable to limit applications and device policies on these devices.

To help address these concerns, Knox Device Health Attestation provides a fail-safe way to detect if a device or its firmware is compromised before allowing the device to be used the workplace.

Knox Device Health Attestation provides the following security benefits for enterprises:

  • Prevention of replay attacks: Health measurements guaranteed per request through a nonce, a unique number randomly generated by the Knox Device Health Attestation Server.
  • Prevention of device ID falsification:  Knox Device Health Attestation forms a chain of trust using the Samsung Root Key, Knox Device Health Attestation Key, and Attestation Key. It signs attestation results using the Attestation Key and appends the Attestation Key certificate and Knox Device Health Attestation Key certificate.
  • Detection of systemless rooting: Rooting methods like Magisk store system file modifications in the boot partition, which can go undetected by tamper detection methods other than Knox Device Health Attestation.
  • Correlation of results per device: Health results that easily map to device identifiers like IMEIs. Unlike other solutions on the market, with Knox Device Health Attestation, IT admins can correlate attestation results with a device without having to painstakingly map IDs manually. When results are returned for separate devices, IT admins can’t differentiate between devices. Consequently, the results are not actionable. In contrast, Knox Device Health Attestation returns a single device ID, enabling IT admins to prevent or contain issues promptly.
  • Historical tamper record: Knox Device Health Attestation guarantees not only the current health of the device, but also a record of whether the device ever ran a non-approved configuration in the past, through the Knox Warranty Bit.

Reliable detection of compromised devices

Malware can potentially intercept and forge the results of a device health check, making a compromised device seem secure. To guard against these types of scenarios, Knox Device Health Attestation provides the following:

  1. The Knox platform leverages its hardware-backed trusted environment to reliably detect and report compromised devices. Knox Device Health Attestation verifies the integrity of devices during deployment, bootup, and operation using the following:

    • Root of Trust: Starts in our factories, when devices are manufactured, with device-unique hardware keys providing a foundation of trust.
    • Trusted Boot: Detects unauthorized and out-of-date boot loaders before they compromise devices using bootloader measurements recorded in secure TrustZone memory.
    • Knox Vault: Stores sensitive data such as the Knox Device Health Attestation Key in tamper-proof storage that resists both hardware and software attacks.

  2. Through our secure hardware supply chain, Samsung provisions a device-unique Elliptic Curve Digital Signature Algorithm (ECDSA) asymmetric key pair—the Knox Device Health Attestation Key—in the device hardware during the initial manufacturing of the device.

    • The public key is signed by a Knox Device Health Attestation Root Key to generate an X.509 certificate, and this certificate is also provisioned on the device.
    • The private key is directly available to only either the Knox Vault (on supported devices) or the TrustZone Secure world.

  3. On request, trusted Knox Device Health Attestation software signs the current device health data and a challenge nonce (to prevent replay attacks) with the SAK to prove that the health data originated from the TrustZone Secure world or Knox Vault on a Samsung Knox device.

  4. The signed health data is sent to the Knox Device Health Attestation server. To protect data-in-transit, Knox Device Health Attestation uses Transport Layer Security (TLS) encryption. To validate device health data, the Knox Device Health Attestation server verifies the Knox Device Health Attestation Key certificate, Attestation Key certificate, challenge nonce, and signatures to ensure the integrity of the attestation result.

  5. Highly secure or firewalled operations that don’t want to access the web-based Knox Device Health Attestation server can install an Attestation Validator tool onto a local server to parse the Attestation Result and keep device verdicts within the firewall.

Security-sensitive Samsung systems like Knox services, Samsung Pay, and Samsung Pass, have trusted components that use the result of health attestation locally to disable themselves if device health is compromised.

On devices enrolled in Microsoft Intune Mobile Application Management (MAM), applications can leverage the on-device components of Knox Device Health Attestation to validate that the device is in a good state. Knox Device Health Attestation provides the conditional launch and access features of Intune MAM with the Knox Device Health Attestation payload to ensure device health is good. We highly recommend any enterprise leveraging Intune MAM for Managed/BYOD scenarios to turn this feature on to apply Zero Trust principles to your mobile deployment. For more information on this joint integration, see the Microsoft Intune Blog.

Knox devices that aren’t enrolled in Intune or any other UEM/EMM can still use MAM to validate devices are in a good state before launching specific apps. To learn more about using MAM with unenrolled devices, see the Intune MAM documentation.

How Knox Device Health Attestation works

Samsung Knox partners such as Enterprise Mobility Management (EMM) vendors or Independent Software Vendors (ISV) can use our Knox APIs to deploy attestation checks. Admins can enable device checks manually using a web console or automatically through a regularly scheduled process. With Knox Asset Intelligence’s Security center, Knox Device Health Attestation is automatically turned on and ran daily for all enrolled devices.

  1. The web server that initiated the check requests a nonce from the Knox Device Health Attestation server and instructs the device to begin a check, passing the nonce as a check identifier.
  2. The Device’s Keymaster Trusted Application (TA) in the Secure world gathers:
    • The requesting app’s package name, version code, and developer key.
    • Signed info about the device’s current state and expected environment.
    • Hardware fuse readings indicating if untrusted firmware was ever loaded onto the device.
  3. The TA compiles this information into an Attestation Result and signs it with a key that can be verified using the Samsung Root Certificate.
  4. The device communicates with the Knox Device Health Attestation Server using TLS encryption to protect data-in-transit.
  5. The Knox Device Health Attestation Server validates the Attestation Result’s signature to ensure that it was generated on Samsung hardware and by Samsung’s TA.
  6. The Knox Device Health Attestation Server analyzes the Attestation Result to determine if the returned nonce matches the one sent out and whether the data within it can be trusted.

Managing compromised devices

On detecting a compromised device, the Knox platform fuses a one-time programmable warranty bit that signifies whether or not the device has ever booted into an unapproved state. Once this bit is fused, the work profile and Keymaster no longer operates, preventing access to the secured enterprise apps and data.

The original requestor of the device check can take further action based on how Knox Device Health Attestation is integrated into your enterprise. We recommend the following actions:

  • Report the verdict to the device user.
  • Immediately prevent the device from accessing other enterprise systems.
  • Uninstall any enterprise apps or assets already on the device.

If the device is enrolled into Knox Asset Intelligence and has security events and log enabled, we highly recommend reviewing the telemetry and triaging the incident. After a device is compromised and the Warranty Bit is blown, the work profile becomes unavailable and Knox Asset Intelligence is unenrolled as a result. For this reason, you will be unable to get any additional telemetry (for example, dump the log remotely) once the device is compromised without physical access to the device.

On this page

Is this page helpful?