Facilitating Electromagnetic Side-Channel Analysis for IoT Investigation: Evaluating the EMvidence Framework

Sayakkara, Asanka; Le-Khac, Nhien-An; Scanlon, Mark

Publication Date:  July 2020

Publication Name:  Forensic Science International: Digital Investigation

Abstract:   The Internet of Things (IoT) has opened up new opportunities for digital forensics by providing new sources of evidence. However, acquiring data from IoT is not a straightforward task for multiple reasons including the diversity of manufacturers, the lack of standard interfaces, the use of light-weight data encryption, e.g. elliptic curve cryptography (ECC), etc. Electromagnetic side-channel analysis (EM-SCA) has been proposed as a new approach to acquire forensically useful data from IoT devices. However, performing successful EM-SCA attacks on IoT devices requires domain knowledge and specialised equipment that are not available to most digital forensic investigators. This work presents the methodology behind and an evaluation of a framework, EMvidence, that enables forensic investigators to acquire evidence from IoT devices through EM-SCA. This framework helps to automate and perform electromagnetic side-channel evidence collection for forensic purposes. An evaluation of the framework is performed by applying it to multiple realistic digital investigation scenarios. In the case of attacking ECC cryptographic operations, the evaluation demonstrates that the volume of EM data that needs to be stored and processed can be significantly reduced using the framework's machine learning based approach.

BibTeX Entry:


      @article{sayakkara2020EvaluatingEMvidence,
author={Sayakkara, Asanka and Le-Khac, Nhien-An and Scanlon, Mark},
title="{Facilitating Electromagnetic Side-Channel Analysis for IoT Investigation: Evaluating the EMvidence Framework}",
journal="{Forensic Science International: Digital Investigation}",
year=2020,
month=07,
publisher={Elsevier},
abstract={The Internet of Things (IoT) has opened up new opportunities for digital forensics by providing new sources of evidence. However, acquiring data from IoT is not a straightforward task for multiple reasons including the diversity of manufacturers, the lack of standard interfaces, the use of light-weight data encryption, e.g. elliptic curve cryptography (ECC), etc. Electromagnetic side-channel analysis (EM-SCA) has been proposed as a new approach to acquire forensically useful data from IoT devices. However, performing successful EM-SCA attacks on IoT devices requires domain knowledge and specialised equipment that are not available to most digital forensic investigators. This work presents the methodology behind and an evaluation of a framework, EMvidence, that enables forensic investigators to acquire evidence from IoT devices through EM-SCA. This framework helps to automate and perform electromagnetic side-channel evidence collection for forensic purposes. An evaluation of the framework is performed by applying it to multiple realistic digital investigation scenarios. In the case of attacking ECC cryptographic operations, the evaluation demonstrates that the volume of EM data that needs to be stored and processed can be significantly reduced using the framework's machine learning based approach.}
}