Forensics and Security Research Group Forensics and Security UCD and SETU research group

Inproceedings

A Digital Forensic Methodology for Encryption Key Recovery from Black-Box IoT Devices

Muhammad Rusyaidi Zunaidi; Asanka Sayakkara; Mark Scanlon

April 2024 Proceedings of the 12th International Symposium on Digital Forensics and Security
PDF BibTeX DOI

Contribution Summary

This paper introduces a novel digital forensic methodology for recovering encryption keys from black-box IoT devices using electromagnetic side-channel analysis (EM-SCA). The proposed approach leverages machine learning techniques to enhance the digital forensic process, reducing the key space necessary for brute-force decryption and mitigating investigative roadblocks. This automated, adaptable system preserves the integrity of forensic evidence and ensures wide applicability within the evolving IoT landscape. The methodology is designed to be efficient, accurate, and non-invasive, making it a valuable tool for investigators facing the complexities of encrypted device analysis. By leveraging EM-SCA, the proposed approach can recover encryption keys from black-box IoT devices, providing a significant breakthrough in digital forensic investigations. The methodology is tailored to adapt to the diverse range of IoT device architectures, ensuring broad applicability and efficiency in processing and accuracy in key extraction. The design incorporates cross-device portability, drawing insights from studies that have demonstrated the potential of EM-SCA in gathering forensically useful insights from IoT devices.

Keywords: Digital Forensics; Internet of Things (IoT); Electromagnetic Side-Channel Analysis (EM-SCA); Encryption Key Recovery; Machine Learning; Black-Box IoT Devices; Digital Forensic Methodology; Encryption Key Recovery from IoT Devices

Abstract

In an era where digital data security is becoming all-pervasive, and data encryption is baked in by default on many consumer-level and commercial-level devices, the encryption of Internet of Things (IoT) devices presents a significant obstacle for lawful digital forensic investigation. Towards addressing this issue, this paper introduces a novel digital forensic methodology that leverages electromagnetic side-channel analysis (EM-SCA) for the non-invasive recovery of encryption keys from emphblack-box IoT devices, i.e., where little/nothing is known about the device's encryption in advance. By reducing the key space necessary for brute-force decryption and employing machine-learning techniques, the proposed approach enhances the digital forensic process - helping to mitigate investigative roadblocks and case backlogs. This automated, adaptable system not only preserves the integrity of forensic evidence, but also ensures wide applicability within the evolving IoT landscape. This practical methodology could prove invaluable for investigators facing the complexities of encrypted device analysis encountered during their cases.

BibTeX

@inproceedings{zunaidi2024BlackBoxKeyRecovery,
	author={Zunaidi, Muhammad Rusyaidi and Sayakkara, Asanka and Scanlon, Mark},
	title="{A Digital Forensic Methodology for Encryption Key Recovery from Black-Box IoT Devices}",
	booktitle="{Proceedings of the 12th International Symposium on Digital Forensics and Security}",
	year=2024,
	pages = {},
	month=04,
	publisher={IEEE},
	abstract={In an era where digital data security is becoming all-pervasive, and data encryption is baked in by default on many consumer-level and commercial-level devices, the encryption of Internet of Things (IoT) devices presents a significant obstacle for lawful digital forensic investigation. Towards addressing this issue, this paper introduces a novel digital forensic methodology that leverages electromagnetic side-channel analysis (EM-SCA) for the non-invasive recovery of encryption keys from \emph{black-box} IoT devices, i.e., where little/nothing is known about the device's encryption in advance. By reducing the key space necessary for brute-force decryption and employing machine-learning techniques, the proposed approach enhances the digital forensic process -- helping to mitigate investigative roadblocks and case backlogs. This automated, adaptable system not only preserves the integrity of forensic evidence, but also ensures wide applicability within the evolving IoT landscape. This practical methodology could prove invaluable for investigators facing the complexities of encrypted device analysis encountered during their cases.},
  doi={10.1109/ISDFS60797.2024.10527284},
}