Article
Facilitating Electromagnetic Side-Channel Analysis for IoT Investigation: Evaluating the EMvidence Framework
Contribution Summary
The EMvidence framework is a software tool designed to facilitate electromagnetic side-channel analysis (EM-SCA) for IoT investigation. It automates and simplifies the process of acquiring and analyzing electromagnetic signals from IoT devices, making it accessible to digital forensic investigators without specialized equipment or expertise. The framework is evaluated through multiple realistic digital investigation scenarios, demonstrating its effectiveness in acquiring forensically useful data from IoT devices. The evaluation also shows that the framework's machine learning-based approach can significantly reduce the volume of EM data that needs to be stored and processed. The EMvidence framework is designed to be extensible, allowing digital investigators to enable and use extended capabilities in practical cases, making a sustainable ecosystem. The framework's contributions include presenting a methodology to extract forensically useful insights from IoT devices through EM-SCA, demonstrating and evaluating multiple IoT device investigation scenarios, outlining an investigator-friendly open-source software framework that incorporates EM side-channel analysis capability for digital forensic purposes, and implementing and evaluating a methodology to automatically separate EM traces of elliptic curve cryptography (ECC) being performed on IoT devices.
Keywords: Digital forensics; Electromagnetic side-channels; Elliptic curve cryptography; Internet-of-things (IoT); Machine learning; EM-SCA; IoT investigation; Forensic analysis
Abstract
The Internet of Things (IoT) has opened up new opportunities for digital forensics by providing new sources of evidence. However, acquiring data from IoT is not a straightforward task for multiple reasons including the diversity of manufacturers, the lack of standard interfaces, the use of light-weight data encryption, e.g. elliptic curve cryptography (ECC), etc. Electromagnetic side-channel analysis (EM-SCA) has been proposed as a new approach to acquire forensically useful data from IoT devices. However, performing successful EM-SCA attacks on IoT devices requires domain knowledge and specialised equipment that are not available to most digital forensic investigators. This work presents the methodology behind and an evaluation of a framework, EMvidence, that enables forensic investigators to acquire evidence from IoT devices through EM-SCA. This framework helps to automate and perform electromagnetic side-channel evidence collection for forensic purposes. An evaluation of the framework is performed by applying it to multiple realistic digital investigation scenarios. In the case of attacking ECC cryptographic operations, the evaluation demonstrates that the volume of EM data that needs to be stored and processed can be significantly reduced using the framework's machine learning based approach.
BibTeX
@article{sayakkara2020EvaluatingEMvidence,
author={Sayakkara, Asanka and Le-Khac, Nhien-An and Scanlon, Mark},
title="{Facilitating Electromagnetic Side-Channel Analysis for IoT Investigation: Evaluating the EMvidence Framework}",
journal="{Forensic Science International: Digital Investigation}",
year=2020,
month=07,
publisher={Elsevier},
abstract={The Internet of Things (IoT) has opened up new opportunities for digital forensics by providing new sources of evidence. However, acquiring data from IoT is not a straightforward task for multiple reasons including the diversity of manufacturers, the lack of standard interfaces, the use of light-weight data encryption, e.g. elliptic curve cryptography (ECC), etc. Electromagnetic side-channel analysis (EM-SCA) has been proposed as a new approach to acquire forensically useful data from IoT devices. However, performing successful EM-SCA attacks on IoT devices requires domain knowledge and specialised equipment that are not available to most digital forensic investigators. This work presents the methodology behind and an evaluation of a framework, EMvidence, that enables forensic investigators to acquire evidence from IoT devices through EM-SCA. This framework helps to automate and perform electromagnetic side-channel evidence collection for forensic purposes. An evaluation of the framework is performed by applying it to multiple realistic digital investigation scenarios. In the case of attacking ECC cryptographic operations, the evaluation demonstrates that the volume of EM data that needs to be stored and processed can be significantly reduced using the framework's machine learning based approach.},
doi={10.1016/j.fsidi.2020.301003},
}