Now showing 1 - 1 of 1
  • Publication
    Electromagnetic Side-Channel Analysis Methods for Digital Forensics on Internet of Things
    (University College Dublin. School of Computer Science, 2020) ;
    Modern legal and corporate investigations heavily rely on the field of digital forensics to uncover vital evidence. The dawn of the Internet of Things (IoT) devices has expanded this horizon by providing new kinds of evidence sources that were not available in traditional digital forensics. However, unlike desktop and laptop computers, the bespoke hardware and software employed on most IoT devices obstructs the use of classical digital forensic evidence acquisition methods. This situation demands alternative approaches to forensically inspect IoT devices. Electromagnetic Side-Channel Analysis (EM-SCA) is a branch in information security that exploits Electromagnetic (EM) radiation of computers to eavesdrop and exfiltrate sensitive information. A multitude of EM-SCA methods have been demonstrated to be effective in attacking computing systems under various circumstances. The objective of this thesis is to explore the potential of leveraging EM-SCA as a forensic evidence acquisition method for IoT devices. Towards this objective, this thesis formulates a model for IoT forensics that uses EM-SCA methods. The design of the proposed model enables the investigators to perform complex forensic insight gathering procedures without having expertise in the field of EM-SCA. In order to demonstrate the function of the proposed model, a proof-of-concept was implemented as an open-source software framework called EMvidence. This framework utilises a modular architecture following a Unix philosophy; where each module is kept minimalist and focused on extracting a specific forensic insight from a specific IoT device. By doing so, the burden of dealing with the diversity of the IoT ecosystem is distributed from a central point into individual modules. Under the proposed model, this thesis presents the design, the implementation, and the evaluation of a collection of methods that can be used to acquire forensic insights from IoT devices using their EM radiation patterns. These forensic insights include detecting cryptography-related events, firmware version, malicious modifications to the firmware, and internal forensic state of the IoT devices. The designed methods utilise supervised Machine Learning(ML) algorithms at their core to automatically identify known patterns of EM radiation with over 90% accuracy. In practice, the forensic inspection of IoT devices using EM-SCA methods may often be conducted during triage examination phase using moderately-resourced computers, such as a laptops carried by the investigator. However, the scale of the EM data generation with fast sample rates and the dimensionality of EM data due to large bandwidths necessitate rich computational resources to process EM datasets. This thesis explores two approaches to reduce such overheads. Firstly, a careful reduction of the sample rate is found to be reducing the generated EM data up to 80%. Secondly, an intelligent channel selection method is presented that drastically reduces the dimensionality of EM data by selecting 500 dimensions out of 20,000. The findings of this thesis paves the way to the noninvasive forensic insight acquisition from IoT devices. With IoT systems increasingly blending into the day-to-day life, the proposed methodology has the potential to become the lifeline of future digital forensic investigations. A multitude of research directions are outlined, which can strengthen this novel approach in the future.