A Digital Forensic Methodology for Encryption Key Recovery from Black-Box IoT Devices

Zunaidi, Muhammad Rusyaidi; Sayakkara, Asanka; Scanlon, Mark

Publication Date:  April 2024

Publication Name:  Proceedings of the 12th International Symposium on Digital Forensics and Security

Abstract:   In an era where digital data security is becoming all-pervasive, and data encryption is baked in by default on many consumer-level and commercial-level devices, the encryption of Internet of Things (IoT) devices presents a significant obstacle for lawful digital forensic investigation. Towards addressing this issue, this paper introduces a novel digital forensic methodology that leverages electromagnetic side-channel analysis (EM-SCA) for the non-invasive recovery of encryption keys from \emphblack-box IoT devices, i.e., where little/nothing is known about the device's encryption in advance. By reducing the key space necessary for brute-force decryption and employing machine-learning techniques, the proposed approach enhances the digital forensic process -- helping to mitigate investigative roadblocks and case backlogs. This automated, adaptable system not only preserves the integrity of forensic evidence, but also ensures wide applicability within the evolving IoT landscape. This practical methodology could prove invaluable for investigators facing the complexities of encrypted device analysis encountered during their cases.

Download Paper:

Download Paper as PDF

BibTeX Entry:


      @inproceedings{zunaidi2024BlackBoxKeyRecovery,
author={Zunaidi, Muhammad Rusyaidi and Sayakkara, Asanka and Scanlon, Mark},
title="{A Digital Forensic Methodology for Encryption Key Recovery from Black-Box IoT Devices}",
booktitle="{Proceedings of the 12th International Symposium on Digital Forensics and Security}",
year=2024,
pages = {},
month=04,
publisher={IEEE},
abstract={In an era where digital data security is becoming all-pervasive, and data encryption is baked in by default on many consumer-level and commercial-level devices, the encryption of Internet of Things (IoT) devices presents a significant obstacle for lawful digital forensic investigation. Towards addressing this issue, this paper introduces a novel digital forensic methodology that leverages electromagnetic side-channel analysis (EM-SCA) for the non-invasive recovery of encryption keys from \emph{black-box} IoT devices, i.e., where little/nothing is known about the device's encryption in advance. By reducing the key space necessary for brute-force decryption and employing machine-learning techniques, the proposed approach enhances the digital forensic process -- helping to mitigate investigative roadblocks and case backlogs. This automated, adaptable system not only preserves the integrity of forensic evidence, but also ensures wide applicability within the evolving IoT landscape. This practical methodology could prove invaluable for investigators facing the complexities of encrypted device analysis encountered during their cases.}
}