Leveraging Electromagnetic Side-Channel Analysis for the Investigation of IoT Devices

Authors: Sayakkara, Asanka; Le-Khac, Nhien-An and Scanlon, Mark

Publication Date: July 2019

Publication Name: Digital Investigation

Abstract:

Internet of Things (IoT) devices have expanded the horizon of digital forensic investigations by providing a rich set of new evidence sources. IoT devices includes health implants, sports wearables, smart burglary alarms, smart thermostats, smart electrical appliances, and many more. Digital evidence from these IoT devices is often extracted from third party sources, e.g., paired smartphone applications or the devices' back-end cloud services. However vital digital evidence can still reside solely on the IoT device itself. The specifics of the IoT device's hardware is a black-box in many cases due to the lack of proven, established techniques to inspect IoT devices. This paper presents a novel methodology to inspect the internal software activities of IoT devices through their electromagnetic radiation emissions during live device investigation. When a running IoT device is identified at a crime scene, forensically important software activities can be revealed through an electromagnetic side-channel analysis (EM-SCA) attack. By using two representative IoT hardware platforms, this work demonstrates that cryptographic algorithms running on high-end IoT devices can be detected with over $82$\% accuracy, while minor software code differences in low-end IoT devices could be detected over $90$\% accuracy using a neural network-based classifier. Furthermore, it was experimentally demonstrated that malicious modification of the stock firmware of an IoT device can be detected through machine learning-assisted EM-SCA techniques. These techniques provide a new investigative vector for digital forensic investigators to inspect IoT devices.

Download:

Download Paper as PDF

BibTeX Entry:

@article{sayakkara2019EMIoT,
author={Sayakkara, Asanka and Le-Khac, Nhien-An and Scanlon, Mark},
title="{Leveraging Electromagnetic Side-Channel Analysis for the Investigation of IoT Devices}",
journal="{Digital Investigation}",
year="2019",
month="07",
publisher={Elsevier},
keywords = "Electromagnetic Side-channel Attacks, Software Defined Radio (SDR), Digital Forensics, Internet of Things (IoT)",
abstract="Internet of Things (IoT) devices have expanded the horizon of digital forensic investigations by providing a rich set of new evidence sources. IoT devices includes health implants, sports wearables, smart burglary alarms, smart thermostats, smart electrical appliances, and many more. Digital evidence from these IoT devices is often extracted from third party sources, e.g., paired smartphone applications or the devices' back-end cloud services. However vital digital evidence can still reside solely on the IoT device itself. The specifics of the IoT device's hardware is a black-box in many cases due to the lack of proven, established techniques to inspect IoT devices. This paper presents a novel methodology to inspect the internal software activities of IoT devices through their electromagnetic radiation emissions during live device investigation. When a running IoT device is identified at a crime scene, forensically important software activities can be revealed through an electromagnetic side-channel analysis (EM-SCA) attack. By using two representative IoT hardware platforms, this work demonstrates that cryptographic algorithms running on high-end IoT devices can be detected with over $82$\% accuracy, while minor software code differences in low-end IoT devices could be detected over $90$\% accuracy using a neural network-based classifier. Furthermore, it was experimentally demonstrated that malicious modification of the stock firmware of an IoT device can be detected through machine learning-assisted EM-SCA techniques. These techniques provide a new investigative vector for digital forensic investigators to inspect IoT devices."
}