A survey of electromagnetic side-channel attacks and discussion on their case-progressing potential for digital forensics
Introduction
Digital forensics is the field where legal investigations are assisted by analysing digital sources of evidence. In contrast, cybersecurity is the domain where the concern is to ensure the security of digital data and the privacy of their owners. In today's modern world, technology is becoming increasingly prevalent in everyday life and many people stay almost always connected to the Internet (Nie and Erbring, 2000). While various social networks facilitate their users to share their life events to the rest of the world intentionally, every computer-based device they interact with in everyday life leaves unintentional traces of their activities. Such sources of forensic information include computer hard disks, network activity logs, removable media, internal storage of mobile phones and many others (Soltani and Seno, 2017).
Internet of Things (IoT) is an emerging trend started as a narrow research domain called wireless sensor networks, which evolved into Internet-connected everyday objects. IoT ecosystem includes a wide variety of devices, such as smart-watches, smart TVs, CCTV cameras, medical implants, fitness wearables, etc. The increasing availability of IoT devices across society makes it inevitable to find them in modern crime scenes and digital forensic investigations. Most of these devices comes with limited data processing and storage capabilities and they usually possess limited standard interfaces to the outside world, such as USB ports or WiFi/Bluetooth wireless interfaces, unlike their PC counterparts (Stojkoska and Trivodaliev, 2017).
Due to the increasing concerns regarding security and privacy among communities, modern digital devices, such as computer systems, mobile devices, etc., are designed and shipped with built-in security. Popular smartphones, such as iOS and Android based devices, encrypt their internal storage in order to protect user data from third parties (Ahmad et al., 2013). Each of the mainstream PC operating systems, such as Mac OS, Windows, and Linux, provide built-in hard disk encryption. Meanwhile, network communications, both wired and wireless, commonly employ strong packet encryption mechanisms (van de Wiel et al., 2018). Modern computer hardware has made the automated handling of encrypted data an everyday possibility in consumer, industrial and military applications (Fritzke, 2012). Computer devices seized at a crime scene containing encrypted data poses a significant challenge to the investigation (Lillis et al., 2016; Sayakkara et al., 2018a). The IoT device ecosystem is no exception for this data encryption trend making the challenge of digital forensic investigations on IoT devices even more complex.
Side-channel analysis attacks have been proven to be useful to breach security on computer systems when standard interfaces, e.g., network interfaces and data storage devices, are sufficiently protected (Spreitzer et al., 2018; Dhem et al., 1998; Zhang et al., 2014; O'Malley and Choo, 2014). In order for a side-channel attack to be effective in practical scenarios for a security breach, it has to be executable without having physical access to the device being attacked (Wakabayashi et al., 2017). In the case of digital investigation, the investigator has the freedom to handle the device, and ideally, any investigative activity must not affect or change the digital information in the device (Du et al., 2017). Electromagnetic (EM) Side-channel Attacks is one approach that has shown promising results. It requires minimum physical manipulations to the device being inspected (Hayashi et al., 2013). EM emissions of a device can be passively observed to infer both the internal operations being performed and the data being handled (Sayakkara et al., 2018a). This condition is ideal for a digital investigator who attempts to ensure that the device does not go though any physical changes due to its investigation. It is worth noting that hardware manufacturers are continuously trying to circumvent EM side-channel attack vulnerabilities through EM shielding and operation obfuscating enabled firmware.
This paper discusses the possibility for EM side-channel analysis as a potential case-advancing possibility for digital forensic analysis of IoT devices. A comprehensive analysis of the literature is provided identifying some promising avenues for research and their future potential. EM side-channel attacks for the recovery of cryptographic keys and other forms of important information are evaluated for potentially overcoming the encryption problem in digital forensics on IoT devices. Since the nature of EM emission phenomena is associated with the power consumption of computing devices (Callan et al., 2015a), the literature that focuses on power analysis attacks are also discussed where appropriate.
The contribution of this work can be summarised as follows:
- •
A comprehensive literature review and a comparative study of the research that has been carried out in EM side-channel analysis is provided and recent advances are summarised.
- •
The scenarios where different EM side-channel attacks in the literature are relevant and applicable in digital forensic investigations are identified.
- •
Light is shined on several new avenues of research that are possible to achieve in digital forensic investigations and cybersecurity through the adoption of EM side-channel analysis techniques.
- •
The shortage of reliable tools and frameworks available to utilise EM side-channel analysis for digital forensic investigations on IoT devices is identified and the recommendations are made to overcome it.
The rest of this paper is organised as follows. Section 2 presents an overview of side-channel attacks. Sections Unintentional electromagnetic emissions, Electromagnetic emissions as a signature, Information leaking electromagnetic emissions explores approaches for acquisition, unique identification, and information leakage EM emissions relevant to digital forensics. In Section 6, the advancements in wireless communication technologies and standardisation, and the legal background relevant to EM side-channels are discussed. Section 7 provides insights of possible future ethical directions of this technique. Finally, Section 8 concludes the paper.
Section snippets
Side-channel attacks
The topic of side-channel attacks spans a wide variety of techniques. Each side-channel attack on a computer system focuses on one specific unintentional leakage of information from either hardware or software (Spreitzer et al., 2018). Some of such information leaking side-channels are listed below.
- •
The memory and cache spaces shared between different software.
- •
The amount of time a program takes to respond to different inputs.
- •
The sounds different components of computer hardware make.
- •
The amount of
Unintentional electromagnetic emissions
EM radiation is the underlying technology for numerous of wireless communication. Meanwhile, it is a well documented fact that electronic devices generate EM radiation on unintended frequencies as a side effect of their internal operations (Getz and Moeckel). Such unintended EM radiation are regulated by government agencies, such as Federal Communications Commission (FCC) in the USA, due to the possible interference they can make on legitimate wireless communication and the potential health
Electromagnetic emissions as a signature
When a computing device running a program generates EM emissions, the patterns observable depend on the precise settings of the device. In the EM emission spectrum of the Arduino device in Fig. 1, it is clearly evident that both the hardware and software settings have influenced the EM emission patterns. The signal captured at the first harmonic frequency of the Arduino device's system clock, i.e., 32 MHz, is showing a varying patterns in the spectrogram view according to the changes made to
Information leaking electromagnetic emissions
This section dives into the question of what information is contained in an EM emission trace of a particular computing system. From a digital forensic perspective, both the kind of software running on IoT devices and the data being handled by each software application are potentially of significant interest. Even if EM side-channel analysis cannot reveal all of data being handled by an IoT device platform, extracting critical information, e.g., cryptographic keys, can help progress forensic
Standards and tools
EM side-channel attacks are not currently commonly being used for digital forensics purposes. Therefore, it can be too early to find any existing standards or tools on EM side-channel analysis for digital forensics. However, in order for future establishment of standards and tools, it is important to review the relevant standards and tools in both hardware and software security domains.
The concerns of electromagnetic wave emissions from IoT devices from the software perspective are mostly
Discussion
Having discussed the scientific literature related to EM side-channel analysis attacks, it is important to identify the future impact it may cause in the domain of digital forensics on IoT devices. This section highlights some of the potential ways this impact may occur in the future under different themes. Fig. 4 illustrates the avenues for future research in this direction. Many of these future potentials are already starting to be realised and others are ambitious predictions that can prove
Conclusions
Traditionally, digital forensics focuses on analysing traces left behind by suspects on digital devices by inspecting file storage, log files, network traces, etc. Live data forensics can also be performed on systems that require more sophisticated investigative techniques and skills. As computing systems transform from less privacy and security concerned platforms into hardened platforms that are designed with security in mind from their inception, the typical work conducted by digital
Conflicts of interest
None.
References (125)
- et al.
Remote timing attacks are practical
Comput. Network.
(2005) - et al.
Digital image steganography: survey and analysis of current methods
Signal Process.
(2010) - et al.
Recognition of electro-magnetic leakage information from computer radiation with svm
Comput. Secur.
(2009) - et al.
Power and electromagnetic analysis: improved model, consequences and comparisons, Integration
the VLSI Journal
(2007) - et al.
Differential power analysis as a digital forensic tool
Forensic Sci. Int.
(2013) - et al.
Multi-channel attacks
- et al.
Comparison between android and ios operating system in terms of security
- et al.
Radiated electromagnetic emission for integrated circuit authentication, IEEE Microw
Wirel. Compon. Lett.
(2017) Creating consumer confidence or confusion? the role of product certification in the market today
Marquette Intellect. Prop. Law Rev.
(2007)- et al.
Test vector leakage assessment (tvla) methodology in practice
side-Channel analysis of weierstrass and koblitz curve ECDSA on android smartphones
BackFi: high throughput WiFi backscatter
Comput. Commun. Rev.
Wearable authentication: trends and opportunities
IT Inf. Technol.
A framework for acquiring and analyzing traces from cryptographic devices
GNU radio: tools for exploring the radio frequency spectrum
Linux J.
Fast and memory-efficient key recovery in side-channel attacks
Analyzing Software Using Unintentional Electromagnetic Emanations from Computing Devices
A practical methodology for measuring the side-channel signal available to the attacker for instruction-level events
Comparison of electromagnetic side-channel energy available to the attacker from different computer systems
FASE: finding amplitude-modulated side-channel emanations
Zero-overhead profiling via em emanations
Screaming channels: when electromagnetic side channels meet radio transceivers
A $40 software-defined radio
IEEE Spectrum
Template attacks
ChipWhisperer Embedded Hardware Security Toolchain
Current events: identifying webpages by tapping the electrical outlet
Network forensics analysis
IEEE Internet Computing
On physical-layer identification of wireless devices
ACM Comput. Surv.
Optimized fingerprint generation using unintentional emission radio-frequency distinct native attributes (rf-dna)
A practical implementation of the timing attack
Evaluation of digital forensic process models with respect to digital forensics as a service
Using RF-DNA Fingerprints to Discriminate ZigBee Devices in an Operational Environment
The impact of full disk encryption on digital forensics
ACM SIGOPS - Oper. Syst. Rev.
Realistic eavesdropping attacks on computer displays with low-cost and mobile receiver system
System Bus Radio
Side-channel attacks on bliss lattice-based signatures: exploiting branch tracing against strongswan and electromagnetic emanations in microcontrollers
The Universal Software Radio Peripheral (Usrp) Family of Low-Cost Sdrd, Opportunistic Spectrum Sharing and White Space Access
Rethinking SSL development in an appified world
Obfuscating against Side-Channel Power Analysis Using Hiding Techniques for Aes
Electromagnetic analysis: concrete results
RSA key extraction via low-bandwidth acoustic cryptanalysis
Stealing keys from PCs using a radio: cheap electromagnetic attacks on windowed exponentiation
Get your hands off my laptop: physical side-channel key-extraction attacks on pcs
Journal of Cryptographic Engineering
ECDH key-extraction via low-bandwidth electromagnetic attacks on PCs
ECDSA key extraction from mobile devices via nonintrusive physical side channels
Bluetooth adaptive frequency hopping and scheduling
A refined power-analysis attack on elliptic curve cryptosystems
EMI reduction and ICs optimal arrangement inside high-speed networking equipment using particle swarm optimization
IEEE Trans. Electromagn Compat.
Cited by (68)
Interpol review of digital evidence for 2019–2022
2023, Forensic Science International: SynergyIoT forensics in ambient intelligence environments: Legal issues, research challenges and future directions
2024, Journal of Ambient Intelligence and Smart Environments