EMvidence: A Framework for Digital Evidence Acquisition from IoT Devices through Electromagnetic Side-Channel Analysis

Sayakkara, Asanka; Le-Khac, Nhien-An; Scanlon, Mark

Publication Date:  March 2020

Publication Name:  Forensic Science International: Digital Investigation

Abstract:   Internet of Things (IoT) have opened up new opportunities to digital forensics by providing new evidence sources that were not available previously. However, acquiring data from IoT is not a straightforward task due to multiple reasons such as the diversity of manufacturers, lack of standard interfaces, and the use of light-weight data encryption, such as elliptic curve cryptography (ECC). Electromagnetic side-channel analysis (EM-SCA) has been proposed as a new approach to acquire forensically useful data in IoT devices. However, performing successful EM-SCA attacks on IoT devices require domain knowledge and specialised equipment that are not available to most digital forensic investigators.This work presents a methodology that enable forensic investigators to acquire evidence from IoT devices through EM-SCA. Implementing the methodology, a software framework is introduced called EMvidence that helps to automate and perform electromagnetic side-channel evidence collection. Evaluation of the framework is performed by applying it to multiple real-world digital investigation scenarios. In the case of attacking ECC cryptographic operations, the evaluation show that the amount of EM data that needs to be stored and processed can be significantly reduced with the assistance from machine learning.

BibTeX Entry:


      @article{sayakkara2020EMvidence,
author={Sayakkara, Asanka and Le-Khac, Nhien-An and Scanlon, Mark},
title="{EMvidence: A Framework for Digital Evidence Acquisition from IoT Devices through Electromagnetic Side-Channel Analysis}",
journal="{Forensic Science International: Digital Investigation}",
year="2020",
month="03",
publisher={Elsevier},
abstract={Internet of Things (IoT) have opened up new opportunities to digital forensics by providing new evidence sources that were not available previously. However, acquiring data from IoT is not a straightforward task due to multiple reasons such as the diversity of manufacturers, lack of standard interfaces, and the use of light-weight data encryption, such as elliptic curve cryptography (ECC). Electromagnetic side-channel analysis (EM-SCA) has been proposed as a new approach to acquire forensically useful data in IoT devices. However, performing successful EM-SCA attacks on IoT devices require domain knowledge and specialised equipment that are not available to most digital forensic investigators.This work presents a methodology that enable forensic investigators to acquire evidence from IoT devices through EM-SCA. Implementing the methodology, a software framework is introduced called EMvidence that helps to automate and perform electromagnetic side-channel evidence collection. Evaluation of the framework is performed by applying it to multiple real-world digital investigation scenarios. In the case of attacking ECC cryptographic operations, the evaluation show that the amount of EM data that needs to be stored and processed can be significantly reduced with the assistance from machine learning.}
}