Title: Insights from Waves: Gathering Forensically-useful Insights from IoT Devices with Electromagnetic Side-Channel Analysis
Presenter(s): Asanka Sayakkara, Nhien-An Le-Khac, Mark Scanlon (University College Dublin)
Time: 09:30-12:30
Github: https://github.com/dfrws/dfrws2020-EU-workshops-EM
Target Audience Skill Level:
Some basic computer skills are sufficient to attend this workshop. Some prior experience with Python programming and Linux operating systems can be useful, but not a prerequisite.
Learning Outcomes:
At the end of this workshop you should be able to:
● Understand how to observe electromagnetic side-channel emissions from IoT devices through software defined radio tools.
● Use EMvidence open-source software framework to inspect IoT devices for digital forensic use cases.
● Develop new plug-ins to EMvidence open-source software framework using its API.
Abstract:
Computer processors generate electromagnetic (EM) radiation as a result of their internal operations. The patterns of these EM signals have been proven to correlate with the software instructions and program variables being manipulated at the processor. EM side-channel analysis (EM-SCA) is the study of exploiting EM emissions from computer processors to eavesdrop on software running on them. EM-SCA has various applications in the discipline of information security such as software reverse engineering, malicious code execution detection, and retrieval of cryptographic keys.
Lately, it has been shown that EM-SCA techniques can be leveraged for digital forensic applications with Internet of Things (IoT) devices. Due to custom hardware designs and lack of standard interfaces, forensic inspection of IoT devices is a challenging task. Therefore, current approach to inspect IoT devices involves potentially destructive techniques such as wiretapping internal circuitry of a device or performing chip-off operations to retrieve data storage chips. In contrast, EM-SCA can be performed entirely passively on an IoT device without requiring any physical contact. As a result, tampering of devices under investigation can be minimised to a considerable extent.
EMvidence is an open-source software framework designed to assist EM-SCA operations on IoT devices in digital forensic scenarios. It is designed to be easy to use and easy to extend with additional capabilities by forensic investigators by themselves. Traditional EM-SCA techniques require specialised hardware tools and expertise with domain knowledge that the digital forensic investigators lack of. EMvidence framework hides the lower level technical complexities and provides a simplified interface to carry out investigative process by non-experts. It is written using the Python programming language with open-source libraries, enabling it to run across different operating system platforms. EMvidence supports a large spectrum of EM signal acquisition devices and facilitates further addition through an API.
This workshop aims to educate forensic investigators, researchers, and any other interested parties on how to use EM-SCA techniques in forensic inspection of IoT devices. The EMvidence framework will be used at the workshop with testing IoT devices and previously acquired datasets to provide hands-on experience. Workshop content is designed in a way that participants do not require to have any previous experience on the domain in order to carry out the activities. By attending this workshop, the participants will gain a set of skills to use EM-SCA in their day-to-day digital forensic work or perform further academic research on the subject.