Article
EMvidence: A Framework for Digital Evidence Acquisition from IoT Devices through Electromagnetic Side-Channel Analysis
Contribution Summary
This paper introduces EMvidence, a software framework designed to facilitate the acquisition of digital evidence from Internet of Things (IoT) devices through electromagnetic side-channel analysis (EM-SCA). The framework automates and performs EM-SCA evidence collection, addressing the challenge of making EM-SCA a practical reality for digital forensic investigators. EMvidence enables the extraction of valuable information from IoT devices, which is essential for digital forensic investigations. The framework's extensibility through an EM plug-in model allows for the addition of new functionalities, keeping up with the dynamism of IoT devices. Experimental demonstrations prove that machine learning classifiers can be used to gain useful insights in IoT investigative scenarios, such as identifying internal software states of IoT devices. The framework's ability to reduce the amount of EM data that needs to be stored and processed, with the assistance of machine learning, makes it a valuable tool for digital forensic investigators.
Keywords: Digital forensics; Electromagnetic side-channels; Software framework; Internet-of-things (IoT); Machine learning; Electromagnetic side-channel analysis (EM-SCA); IoT device analysis; Digital evidence acquisition
Abstract
Internet of Things (IoT) have opened up new opportunities to digital forensics by providing new evidence sources that were not available previously. However, acquiring data from IoT is not a straightforward task due to multiple reasons such as the diversity of manufacturers, lack of standard interfaces, and the use of light-weight data encryption, such as elliptic curve cryptography (ECC). Electromagnetic side-channel analysis (EM-SCA) has been proposed as a new approach to acquire forensically useful data in IoT devices. However, performing successful EM-SCA attacks on IoT devices require domain knowledge and specialised equipment that are not available to most digital forensic investigators.This work presents a methodology that enable forensic investigators to acquire evidence from IoT devices through EM-SCA. Implementing the methodology, a software framework is introduced called EMvidence that helps to automate and perform electromagnetic side-channel evidence collection. Evaluation of the framework is performed by applying it to multiple real-world digital investigation scenarios. In the case of attacking ECC cryptographic operations, the evaluation show that the amount of EM data that needs to be stored and processed can be significantly reduced with the assistance from machine learning.
BibTeX
@article{sayakkara2020EMvidence,
author={Sayakkara, Asanka and Le-Khac, Nhien-An and Scanlon, Mark},
title="{EMvidence: A Framework for Digital Evidence Acquisition from IoT Devices through Electromagnetic Side-Channel Analysis}",
journal="{Forensic Science International: Digital Investigation}",
year="2020",
month="04",
volume = "32",
pages = "300907",
issn = "2666-2817",
doi = "https://doi.org/10.1016/j.fsidi.2020.300907",
url = "http://www.sciencedirect.com/science/article/pii/S2666281720300020",
publisher={Elsevier},
keywords = "Digital forensics, Electromagnetic side-channels, software framework, Internet-of-things (IoT), Machine learning",
abstract={Internet of Things (IoT) have opened up new opportunities to digital forensics by providing new evidence sources that were not available previously. However, acquiring data from IoT is not a straightforward task due to multiple reasons such as the diversity of manufacturers, lack of standard interfaces, and the use of light-weight data encryption, such as elliptic curve cryptography (ECC). Electromagnetic side-channel analysis (EM-SCA) has been proposed as a new approach to acquire forensically useful data in IoT devices. However, performing successful EM-SCA attacks on IoT devices require domain knowledge and specialised equipment that are not available to most digital forensic investigators.This work presents a methodology that enable forensic investigators to acquire evidence from IoT devices through EM-SCA. Implementing the methodology, a software framework is introduced called EMvidence that helps to automate and perform electromagnetic side-channel evidence collection. Evaluation of the framework is performed by applying it to multiple real-world digital investigation scenarios. In the case of attacking ECC cryptographic operations, the evaluation show that the amount of EM data that needs to be stored and processed can be significantly reduced with the assistance from machine learning.}
}