Now showing 1 - 6 of 6
  • Publication
    EMvidence: A Framework for Digital Evidence Acquisition from IoT Devices through Electromagnetic Side-Channel Analysis
    EM side-channel analysis (EM-SCA) is a branch in information security where the unintentional electromagnetic (EM) emissions from computing devices. This has been used for various purposes including software behaviour detection, software modification detection, malicious software identification, and data extraction. The possibility of applying EM-SCA in digital forensic investigation scenarios involving IoT devices has been proposed recently. When it is difficult or impossible to acquire forensic evidence from an IoT device, observing EM emissions of the device can provide valuable information to an investigator. This work addresses the challenge of making EM-SCA a practical reality to digital forensic investigators by introducing a software framework called EMvidence. The framework is designed to facilitate extensibility through an EM plug-in model.
  • Publication
    Cutting Through the Emissions: Feature Selection from Electromagnetic Side-Channel Data for Activity Detection
    Electromagnetic side-channel analysis (EM-SCA) has been used as a window to eavesdrop on computing devices for information security purposes. It has recently been proposed to use as a digital evidence acquisition method in forensic investigation scenarios as well. The massive amount of data produced by EM signal acquisition devices makes it difficult to process in real-time making on-site EM-SCA infeasible. Uncertainty surrounds the precise information leaking frequency channel demanding the acquisition of signals over a wide bandwidth. As a consequence, investigators are left with a large number of potential frequency channels to be inspected; with many not containing any useful information leakages. The identification of a small subset of frequency channels that leak a sufficient amount of information can significantly boost the performance enabling real-time analysis. This work presents a systematic methodology to identify information leaking frequency channels from high dimensional EM data with the help of multiple filtering techniques and machine learning algorithms. The evaluations show that it is possible to narrow down the number of frequency channels from over 20,000 to less than a hundred (81 channels). The experiments presented show an accuracy of 0.9315 when all the 20,000 channels are used, an accuracy of 0.9395 with the highest 500 channels after calculating the variance between the average value of each class, and an accuracy of 0.9047 when the best 81 channels according to Recursive Feature Elimination are considered.
      25Scopus© Citations 8
  • Publication
    SoK: Exploring the State of the Art and the Future Potential of Artificial Intelligence in Digital Forensic Investigation
    Multi-year digital forensic backlogs have become commonplace in law enforcement agencies throughout the globe. Digital forensic investigators are overloaded with the volume of cases requiring their expertise compounded by the volume of data to be processed. Artificial intelligence is often seen as the solution to many big data problems. This paper summarises existing artificial intelligence based tools and approaches in digital forensics. Automated evidence processing leveraging artificial intelligence based techniques shows great promise in expediting the digital forensic analysis process while increasing case processing capacities. For each application of artificial intelligence highlighted, a number of current challenges and future potential impact is discussed.
      53Scopus© Citations 33
  • Publication
    Accuracy Enhancement of Electromagnetic Side-Channel Attacks on Computer Monitors
    Electromagnetic noise emitted from running computer displays modulates information about the picture frames being displayed on screen. Attacks have been demonstrated on eavesdropping computer displays by utilising these emissions as a side-channel vector. The accuracy of reconstructing a screen image depends on the emission sampling rate and bandwidth of the attackers signal acquisition hardware. The cost of radio frequency acquisition hardware increases with increased supported frequency range and bandwidth. A number of enthusiast-level, affordable software defined radio equipment solutions are currently available facilitating a number of radio-focused attacks at a more reasonable price point. This work investigates three accuracy influencing factors, other than the sample rate and bandwidth, namely noise removal, image blending, and image quality adjustments, that affect the accuracy of monitor image reconstruction through electromagnetic side-channel attacks.
      24Scopus© Citations 7
  • Publication
    Electromagnetic side-channel attacks: Potential for progressing hindered digital forensic analysis
    Digital forensics is fast-growing field involving the discovery and analysis of digital evidence acquired from electronic devices to assist investigations for law enforcement. Traditional digital forensic investigative approaches are often hampered by the data contained on these devices being encrypted. Furthermore, the increasing use of IoT devices with limited standardisation makes it difficult to analyse them with traditional techniques. This paper argues that electromagnetic side-channel analysis has significant potential to progress investigations obstructed by data encryption. Several potential avenues towards this goal are discussed.
      22Scopus© Citations 14
  • Publication
    Electromagnetic Side-Channel Analysis Methods for Digital Forensics on Internet of Things
    (University College Dublin. School of Computer Science, 2020) ;
    Modern legal and corporate investigations heavily rely on the field of digital forensics to uncover vital evidence. The dawn of the Internet of Things (IoT) devices has expanded this horizon by providing new kinds of evidence sources that were not available in traditional digital forensics. However, unlike desktop and laptop computers, the bespoke hardware and software employed on most IoT devices obstructs the use of classical digital forensic evidence acquisition methods. This situation demands alternative approaches to forensically inspect IoT devices. Electromagnetic Side-Channel Analysis (EM-SCA) is a branch in information security that exploits Electromagnetic (EM) radiation of computers to eavesdrop and exfiltrate sensitive information. A multitude of EM-SCA methods have been demonstrated to be effective in attacking computing systems under various circumstances. The objective of this thesis is to explore the potential of leveraging EM-SCA as a forensic evidence acquisition method for IoT devices. Towards this objective, this thesis formulates a model for IoT forensics that uses EM-SCA methods. The design of the proposed model enables the investigators to perform complex forensic insight gathering procedures without having expertise in the field of EM-SCA. In order to demonstrate the function of the proposed model, a proof-of-concept was implemented as an open-source software framework called EMvidence. This framework utilises a modular architecture following a Unix philosophy; where each module is kept minimalist and focused on extracting a specific forensic insight from a specific IoT device. By doing so, the burden of dealing with the diversity of the IoT ecosystem is distributed from a central point into individual modules. Under the proposed model, this thesis presents the design, the implementation, and the evaluation of a collection of methods that can be used to acquire forensic insights from IoT devices using their EM radiation patterns. These forensic insights include detecting cryptography-related events, firmware version, malicious modifications to the firmware, and internal forensic state of the IoT devices. The designed methods utilise supervised Machine Learning(ML) algorithms at their core to automatically identify known patterns of EM radiation with over 90% accuracy. In practice, the forensic inspection of IoT devices using EM-SCA methods may often be conducted during triage examination phase using moderately-resourced computers, such as a laptops carried by the investigator. However, the scale of the EM data generation with fast sample rates and the dimensionality of EM data due to large bandwidths necessitate rich computational resources to process EM datasets. This thesis explores two approaches to reduce such overheads. Firstly, a careful reduction of the sample rate is found to be reducing the generated EM data up to 80%. Secondly, an intelligent channel selection method is presented that drastically reduces the dimensionality of EM data by selecting 500 dimensions out of 20,000. The findings of this thesis paves the way to the noninvasive forensic insight acquisition from IoT devices. With IoT systems increasingly blending into the day-to-day life, the proposed methodology has the potential to become the lifeline of future digital forensic investigations. A multitude of research directions are outlined, which can strengthen this novel approach in the future.