Electromagnetic Side-Channel A‚ttacks: Potential For Progressing Hindered Digital Forensic Analysis

by Asanka Sayakkara, Nhien-An Le-Khac & Mark Scanlon


Digital forensics is a fast-growing €field involving the discovery and analysis of digital evidence acquired from electronic devices to assist investigations for law enforcement. Traditional digital forensic investigative approaches are o‰ften hampered by the data contained on these devices being encrypted. Furthermore, the increasing use of IoT devices with limited standardisation makes it difficult to analyse them with traditional techniques. ŒThis paper argues that electromagnetic side-channel analysis has signi€ficant potential to progress investigations obstructed by data encryption. Several potential avenues towards this goal are discussed.

1 Introduction

ŒThe increasing consumer reliance on electronic devices has risen to a level where it is easier for aŠttackers to compromise the privacy and security of an individual’s digital information than by any other means. Private information is stored in a wide variety of digital platforms including mobile phones, personal computers, social media pro€files, cloud storage, etc. [28] ThŒe recent emergence of Internet of ThŒings (IoT) devices, which integrates into the fabric of everyday life, enables the digital recording of even more personal information. ŒThe €field of information security deals with the challenge of keeping this sensitive data from falling into the hands of unauthorized parties. However, when criminal and illegal activities involve electronic and computing devices, law enforcement authorities require access to each suspect’s private data, under warrant, in order to collect potentially pertinent evidence [30]. In this regard, the fi€elds of information security and digital forensics are juxtaposed with each other.

Modern personal computers and mobile devices provide a facility to encrypt the hard disks and other non-volatile data storage. While this functionality was fi€rst o‚ffered as an option to users on initial setup of these devices, it is increasingly the default behaviour, especially on mobile environments, such as iOS and Android [2]. While IoT devices have limited data processing power and storage capabilities, lightweight cryptographic mechanisms are utilized in many platforms. Encrypted data has long been identi€fied as a potentially rich source of evidence. Many cases have been hampered when encrypted data was encountered [17]. With respect to IoT devices, even if encryption is not employed, the lack of standardised interfaces to access the stored data can still pose a challenge.

Side-channel analysis has been proven to be e‚ffective against many security mechanisms on computing systems. Accessing unauthorized regions of volatile and non-volatile storage, intercepting regular operations of applications and processes, and many other useful possibilities exist [24]. Among various side-channel aŠttacks, electromagnetic (EM) side-channel analysis is an important class of aŠttacks which does not require an aŠttacker to have physical access to the target device. ŒThis means that passive observation of unintentional EM wave emissions from a target device opens up a window to an aŠttacker to infer the activities being performed and the data being handled on the target [35]. Without running any specifi€c so‰ftware on the target device or without tapping into its internal hardware, EM side-channel aŠttacks can provide a seamless access point for the aŠttacker. Recent advances in the domain shows that such aŠttacks are capable of retrieving sensitive data, such as encryption keys [26].

Most mobile devices and IoT devices seized for forensic investigations tend to be powered on when they are found. However, legal requirements for digital forensic investigation demand that, ideally, investigations should be performed without inadvertently, or intentionally, modifying any information. Meeting this requirement o‰ften prevents an investigator from compromising the so‰ftware and hardware while acquiring evidence [9]. Due to the nature of EM side-channel analysis, it has a desirable hands-o‚ff quality from a forensic perspective and has the potential to act as a manner to unobtrusively access the internal information from a device. A variety of avenues ranging from simple activity recognition to breaking encryption could be bene€ficial to a digital forensic investigator. In this work, various potential applications for EM side-channel analysis in the domain of digital forensics are discussed.

2 Digital Forensic Analysis

A typical digital forensic investigation starts when law enforcement encounters an electronic device in a crime scene or seize it from a person under investigation. ThŒese devices can vary from traditional personal computers and mobile devices to IoT devices, such as smart home devices and wearables. The seized devices are usually handed over to a digital forensic laboratory where specialists perform the investigation on the device [9]. Initially, pictures and notes were taken about the physical conditions of the device. For personal computers, the investigation mainly focuses on the data stored in the non-volatile memory, i.e., the hard disk or solid state drive. A forensically-sound disk image is acquired, which is analysed using specialised so‰ftware tools to identify pertinent information.

ŒThe sole purpose of acquiring a disk image from the device under investigation is to prevent the investigative procedure from inadvertently making changes to the device. Popular tools such as EnCase and ŠThe Sleuth Kit are designed to extract information from disk images. In contrast to personal computers, the forensic analysis of mobile devices typically requires specialised hardware tools due to the fact that di‚fferent makes and models of mobile devices have di‚fferent internal structures. Even though there are various commercial tools available for mobile devices, they need to be updated each time a new device model comes into the market. ŒThe maintainers of commercial tools for forensic evidence acquisition on mobile devices are struggling to keep up with the highly dynamic ecosystem of mobile devices [2].

IoT devices have become ubiquitous in everyday life and collect a large volume of information that can be useful in a forensic investigation [21]. For example, a €fitness wearable can contain highly precise information regarding the movements of the owner, which can assist in identifying where the person was at a particular point in time. Similarly, a smart TV or a smart light bulb may contain information regarding the usage paŠtterns of the owner and might hint at the presence of the owner in a premises at a particular time. However, IoT focused digital forensic tools are extremely limited. In fact, many IoT devices are not usable in investigations due to unavailability of support from commercial vendors or open-source projects. ThŒe large variety of IoT devices in the market makes it virtually impossible to support all of them within a limited tool set.

Whenever encryption is involved in the storage of a device being investigated, forensic tools are unable to extract information [17]. From the investigator’s perspective, a very limited number of workarounds are potentially viable. ŒThe obvious approach can be asking the device owner for the decryption key or password. However, if the device owner is not cooperative, this approach is not viable. Another possible approach can involve seeking the assistance of the device vendor to unlock the access to data using whatever the capabilities the vendor holds. However, many recent cases indicate that even the device vendors do not have access to the encrypted data storage on devices they produce. Under these circumstances, forensic investigations may end up unable to collect the required evidence from the devices they have seized [34].

Figure 1 illustrates the workƒow of actions taken in a typical digital forensic analysis of a device. ThŒe usual sequence of actions to analyse non-volatile storage has to be altered if the device uses encryption to protect data. If the device is turned on at the time it was seized, there’s an opportunity to use EM side-channel analysis as a live data forensic technique on the device.

3 Electromagnetic Side-Channels

Passing time varying electric currents through conductors cause EM waves to radiate into the environment. As computing devices consist of electronic circuits, they unintentionally generate EM emissions during their internal operations [11]. Depending on the exact component on a device that contributes, the resulting EM emission can unintentionally contain information about the activities associated with that component. For example, computer displays are a strong EM wave source that are known to leak information about the images being displayed on screen [33]. Similarly, central processing units (CPUs) of computers are known to provide hints on the CPU activities being performed [5]. From a digital forensic perspective, EM emissions associated with the CPU operations are of speci€fic interest.

In order to use EM emissions as a side-channel information source for an aŠttacker, it is necessary to capture the signals with sufficient accuracy. Professionals in radio frequency (RF) engineering and related €fields use oscilloscopes and spectrum analysers as the typical tools to measure EM emissions from electronic devices for purposes such as electromagnetic compatibility (EMC) testing. However, cheap and o‚ff-the-shelf devices, so‰ftware de€fined radios (SDR), are geŠtting increasingly popular among EM side-channel security researchers due to their lower cost and ease of use with con€figurable so‰ftware components [32].

When an acquired EM signal from a target device, i.e., EM trace, is illustrated as a waveform or as a spectrogram, it is possible to visually distinguish individual operations of the CPU. Using these illustrations straightforwardly to eavesdrop on the the CPU activities is called simple electromagnetic analysis (SEMA). ŒThis has been widely used to demonstrate aŠttacks to computer systems [14]. By monitoring instructions being executed on the CPU, an aŠttacker gains several capabilities including reverse engineering unknown so‰ftware, monitoring the control ƒflow of known so‰ftware, etc.

Di‚fferential electromagnetic analysis (DEMA) is an advanced technique to eavesdrop on critical variables being handled by algorithms running on a CPU [14, 15]. For example, when a cryptographic algorithm performs data encryption continuously over a time period using a single encryption key, the observed EM traces have a strong correlation to that specifi€c reused encryption key. DEMA aŠttacks utilise this correlation between the secret key and the EM traces to reduce the number of bruteforce guesses an aŠttacker has to make in order to determine the secret key’s bit paŠttern. It has been shown that DEMA is successful against many cryptographic algorithms including AES, RSA and many others [25, 37].

Recognising the threat of EM side-channel aŠttacks to computer systems, various countermeasures have been proposed that involve both hardware and so‰ftware modi€cations [25, 27, 36]. Among various so‰ftware based countermeasures, two important methods are masking variables and randomizing the operations of algorithms in order to make it difficult for an external observer to identify them. Similarly, major hardware countermeasures include minimizing the EM emission intensity by employing obfuscation techniques and the use of dual line logic. Even though proper implementation of such countermeasures can place a barrier to the aŠttackers, many computing devices do not implement these techniques – leaving the window for EM side-channel aŠttacks open. Furthermore, it has been shown that even when such countermeasures are implemented on devices, it does not completely prevent EM side-channel aŠttacks. ŒThey simply increase the difficulty for the aŠttacker by requiring more observations and a larger number of EM traces to carry out the same aŠttack procedure.

Figure 2 illustrates a forensic investigative seŠtting for EM sidechannel analysis. ŒThe device under investigation (DUI) is placed inside an EMC/Anechoic chamber to prevent external EM interference and vibrations from a‚ffecting the accuracy of the EM measurement. ŒThe signals are captured using a magnetic loop antenna and converted to an Inphase and ‹Quadrature (I/Q) data stream that is subsequently analysed on a computer system.

4 Electromagnetic Side-Channels for Forensics

With the current challenges in digital forensics and the state-of-the-art of EM side-channel analysis, it is important to identify the future potential impact for digital forensics from these aŠttacks. ThŒis section highlights some of the potential ways this impact may occur in the future under several key themes. Many of these approaches are already starting to be realised and others are ambitious predictions that can prove signi€ficantly bene€ficial.

4.1 More Frequent Cryptographic Operations

EM side-channel aŠttacks require a large number of traces acquired from a target device while the device is performing cryptographic operations using a single key. It has been demonstrated that such aŠttacks are viable under laboratory conditions. However in most PC operating systems, it is rare to fi€nd practical situations where an aŠttacker can observe EM emissions from a device for an extended period of time (since cryptographic operations typically occur less o‰ften than in the laboratory experimental conditions). ŒThe most common encryption occurring on many personal devices is secure socket layer (SSL) based web traffic.

Encrypted storage is becoming commonplace in both desktop and mobile devices. Access to encrypted €file systems causes an increased number of cryptographic CPU operations. Live data forensic techniques can help to perform investigations on such devices [13]. However, forensic investigators o‰ften encounter powered on but locked devices. As long as the device is reading and writing to the encrypted storage, EM emissions should reƒflect the cryptographic operations on the device. ŒTherefore, an aŠttacker can straightforwardly force the victim device to perform cryptographic operations in order to acquire side-channel traces for key extraction.

4.2 Combined Side-Channel Attacks

Instead of using a single side-channel aŠttack in isolation, combinations of multiple side-channel aŠttacks directed towards a single computer system can prove more fruitful. It has been proven that power and EM side-channel analysis can be combined to achieve beŠtter results [1]. ThŒere can be some operations of the CPU that are more clearly reƒected in the device’s power consumption than in the EM emission and vice versa.

Sometimes, combining conventional aŠttacks, e.g., spyware and worms, with EM side-channel aŠttacks can provide new kinds of compound aŠttacks that are difficult to counteract. For example, a malware running on a victim computer can aid an EM side-channel aŠttacker to extract additional information over the EM side-channel alone. ŒThis can be achieved through running specially selected instruction sequences on the CPU to intentionally emit encoded EM signals. Yang et al. [38] illustrated a mechanism to intentionally modulate EM emissions of electronic and electromechanical devices to ex€filtrate data from the device to an external receiver. ThŒis hints at the potential for employing these unintentional EM side-channels to intentionally and covertly transmit data wherever necessary.

ThŒere are two potential avenues for malware assisted EM sidechannel aŠttacks. Firstly, malicious JavaScript can be embedded in a website, using cross-site scripting (XSS) or otherwise, and read the contents of a user’s screen and encode that information into deliberate CPU EM emissions. Furthermore, TEMPEST style aŠttacks on computer monitors can be combined with other aŠttacks to increase the aŠttack surface for air-gapped computer equipment [12]. For example, malware running on a target computer could read local fi€les and encode that information into the computer’s video output. Image steganographic techniques can be used to hide the encoded data from the human user’s view [6]. Meanwhile, a TEMPEST style aŠttack can be performed on the computer’s monitor in order to extract the video frames ultimately leaking data to the aŠttacker.

4.3 Backscatter Side-Channels

RFID tags communicate a unique identi€fication number by changing the impedance of the antenna that result in amplitude modulation (AM) on the carrier wave while using the the same carrier wave as the power source to run the tag’s electronic components. While the primary purpose of RFID is to communicate a hard-coded tag ID, aŠttempts have been made to transmit dynamic sensor data by modulating them in the same way from the tag to the RFID reader [23].

Traditional RFID technology relies on the carrier wave provided by the reader device for power and communication, various ambient RF signals can be used as the carrier wave for communication between two devices. If one device can modulate the ambient RF signal, the other device can recognize this modulation. ŒThis approach of using ambient RF signals for wireless communication is called backscattˆer communication technology, which has received a signi€ficant aŠttention from the IoT research community recently [20]. ThŒere are various carrier wave sources that have been tested in the literature, such as TV transmission stations and WiFi access points [19, 39].

It is important to study this ambient backscaŠtter communication phenomena in the context of EM side-channel analysis. Internal operations of electronic circuits (including CPUs) could demonstrate the backscaŠtter e‚ffect on ambient RF sources during their operation. ŒThe potential of using externally generated RF signals near a target CPU and whether internal CPU operations modulate the RF signal in some predictable manner requires further exploration. Laptop computers have been shown to modulate signals from commercial AM radio stations, which hints at the possibility of this phenomenon [10]. Instead of scanning the RF spectrum for potential EM emissions, such a backscaŠtter technique could enable the aŠttacker to provide both the external RF source and the RF receiver on a speci€fic frequency. Such a frequency can be selected avoiding external interference increasing the accuracy of side-channel information leakage. One advantage of this approach is that instead of blindly looking for the EM emission frequency of the CPU by scanning through the entire spectrum for suspected paŠtterns, the frequency is decided €first and as a result, targeted monitoring for speci€fic modulation paŠtterns becomes viable. ThŒis targeted monitoring helps to reduce, or even eliminate, issues such as signal interference and false positives.

4.4 File Signatures

Many types of digital multimedia content including images, audio, and video fi€les are stored in a compressed format for efficient storage and distribution [3]. As a result, when a computer starts playing an audio/video fi€le in a specifi€c format, e.g., MPEG-2 Audio Layer III, AAC, MPEG-4, etc., or aŠttempts to display a compressed image format, e.g., JPEG, GIF, etc., corresponding decompression so‰ftware has to process the content. Since the so‰ftware’s execution path will be governed by the media €file content, the instruction execution sequence will also depend on the media fi€le. ThŒerefore, it is possible that the CPU might emit EM paŠtterns unique to a speci€fic fi€le being handled. ThŒis could potentially lead to the ability to identify the fi€les being handled by a device.

While there have been aŠttempts to make EM emission signatures for hardware devices and speci€fic so‰ftware running on them for pro€filing purposes, such as RF-DNA technique [8], the possibility of pro€filing speci€fic media fi€les using the EM emission caused by them is a potential avenue for future exploration. Searching for a known fi€le, such as known illegal content, in a target device is a challenge that the digital forensics community has been aŠttempting to solve in efficient and e‚ffective ways as manual comparison is o‰ften overly arduous for the expert investigators [18]. When a device is handling a €file, passive observations of EM emissions can help to pro€file the €file being handled by the device. ThŒis can be later be compared with a known set of fi€le signatures to con€firm the access or processing of a speci€fic fi€le on the target device.

4.5 Packet Analysis at Network Devices

ŒThere are a wide variety of special purpose computers being used in various specialised application environments including network routers and switches. ŒThere can o‰ften be an operational need to investigate a live network. ŒThis focuses on the data-link and IP layers in the networking stack. In such cases, it is necessary to run network analysis so‰ftware tools on speci€fic interfaces at host computers [7]. Analysing the network purely based on the traffic going through routers and switches in order to observe live events is a challenging task. In situations like this, the EM emissions of routers and switches might be able to provide an approximate picture of the workload and traffic on the network. It has been shown that EM emissions observed from Ethernet cables can lead to identify the MAC addresses of frames being handled by networking devices [29]. In that demonstration, aŠttackers have used a technique similar to SEMA.

When IP packets are being switched at routers, the router has to update certain €fields in the packet including time-to-live (TTL) and the header checksum. A‰fter updating these €fields, the router forwards the packet to the relevant network interface. If the EM emission paŠtterns of the router forwarding a packet to an interface and processing a packet are distinguishable, there are opportunities to perform interesting analysis on routers by observing their EM emissions. Packets that contain a speci€fic payload, such as malware that comes from or is addressed to a speci€fic host, and network based aŠttacks, e.g., DoS aŠttacks, might be identi€fiable. Similarly, an aŠttacker could gather EM emissions from a router to eavesdrop on the data being delivered through a wired network. Such possibilities are important from a digital forensic perspective when network analysis tools cannot be aŠttached to a live system for analysis.

4.6 Easy Access to Electromagnetic Spectrum

EM side-channel analysis aŠttacks traditionally involve expensive hardware including RF probes, oscilloscopes, spectrum analysers, and data acquisition modules. Such devices are mostly used in EM insulated laboratory environments. Moreover the con€figuration and operation of these devices requires specialized domain knowledge. Information security specialists and digital forensic analysts might now have access to such hardware and might not possess the specialized knowledge required for their operation. While DIY enthusiast aŠttempts have been made to build such tools for lower costs, such e‚fforts come with a penalty of lower precision and accuracy. ThŒis situation places a signi€ficant barrier to the wide adoption of EM side-channel analysis.

Recent advancements in SDR hardware enable new opportunities for accessing radio spectrum for non-specialists. A‚ffordable SDR hardware and freely available so‰ftware libraries can be used to process and decode various wireless communication protocols. ŒThe ever-increasing processing power and memory capacity on personal computers supports the use of SDR so‰ftware tools at high sampling rates. EM side-channel analysis aŠttackers have recently started to use SDR tools as a more a‚ffordable alternative to the expensive RF signal acquisition hardware. Following this trend, digital forensic analysis should be possible through the leveraging of EM side-channels detected on SDR based hardware and so‰ftware platforms.

4.7 Advancements in Machine Learning

Recent advances that have been made in the area of arti€cial intelligence (AI) have demonstrated promising applications to many other domains across computer science. Various tasks where human intuition was required to perform decision making are now being replaced with machine learning and deep learning based algorithms. So‰ftware libraries and frameworks are becoming increasingly available in order to assist the building of applications that have intelligent capabilities. Examples include the automated detection of malicious programs, image manipulation, and network anomaly detection.

EM side-channel analysis techniques, such as SEMA and spectrogram paŠttern observations, that previously required human intervention, can be automated through the development of AI techniques. It is possible to extract beŠtter information from EM traces than the current manual observations are capable of achieving. ŒThere are several examples of existing work that has already leveraged AI techniques to recognize EM trace paŠtterns, which strongly hints the future role that can be played by AI algorithms in EM side-channel analysis for digital forensics [4, 16, 22, 31].

5 Discussion and Future Work

When digital evidence is presented to a court of law as a part of an investigation, the evidence acquisition procedure can get thoroughly questioned and challenged. ThŒis is due to the fact that legal processes follow strict procedures to ensure fairness to all parties involved. As a result, digital forensic evidence acquisition procedures are demanded to be documented and auditable. Current digital evidence acquisition procedures, practices and tools in use are time-tested to be resilient against such legal challenges. ThŒerefore, whenever a completely new way of acquiring digital evidence is introduced, it has to be thoroughly scrutinized to face reliability challenges in a court of law.

Many of the EM side-channel aŠttacks that have been demonstrated in the literature are performed in controlled laboratory conditions where the aŠttacker had the choice of target device selection. ŒTherefore, the aŠttackers had the freedom to avoid potential pitfalls that could a‚ffect the end result. In order to make such aŠttacks realistic and reliable enough to perform on any arbitrary device encountered, further research is necessary. Sometimes, a successful execution of an EM side-channel aŠttack can be easier for a malicious objective while the same aŠttack can be unreliable and insufficiently trustworthy for a digital forensic investigation. ThŒis situation hints that for EM side-channel analysis to be leveraged for digital forensic purposes, well tested tools and frameworks need to be developed so that the digital forensic community can gradually build trust with the technique.

Our future work is towards this goal of leveraging EM sidechannel analysis as a reliable digital forensic practice to overcome the currently faced challenges. Due to the lack of realistic and reliable aŠttack demonstrations, further evaluations are necessary to con€firm that various published aŠttacks are applicable on a wide variety of devices on the market. ŒThe manner to increase the reliability of these aŠttacks needs to be explored. Many digital forensic specialists working for law enforcement and industry may not be experienced in operating radio frequency data acquisition devices. ŒTherefore, easily operable tools are necessary.

6 Conclusion

ThŒis work discussed the challenges faced by digital forensic investigators due to encrypted storage on computing devices and IoT devices with non-uniform internal designs. EM side-channel analysis techniques which have been successfully demonstrated to leak critical information from computing devices is considered as a potential solution. Various applicable scenarios of the technique in the context of digital forensic domain are identi€fied. While the EM side-channel analysis domain is still in its infancy to address the demanding encryption issue in digital forensics, the aforementioned application scenarios indicate that the combination can produce promising results in the future.


[1] Dakshi Agrawal, Josyula R Rao, and Pankaj Rohatgi. 2003. Multi-channel aŠttacks. In International Workshop on Cryptographic Hardware and Embedded Systems (CHES). Springer, 2–16.
[2] Mohd Shahdi Ahmad, Nur Emyra Musa, Rathidevi Nadarajah, Rosilah Hassan, and Nor E‚endy Othman. 2013. Comparison between android and iOS Operating System in terms of security. In 8th International Conference on Information Technology in Asia (CITA). IEEE, 1–4.
[3] Vasudev Bhaskaran and Konstantinos Konstantinides. 1997. Image and video compression standards: algorithms and architectures. Vol. 408. Springer Science & Business Media.
[4] Robert Callan, Farnaz Behrang, Alenka Zajic, Milos Prvulovic, and Alessandro Orso. 2016. Zero-overhead pro€filing via em emanations. In Proceedings of the 25th International Symposium on So‡ftware Testing and Analysis. ACM, 401–412.
[5] Robert Callan, Alenka Zajic, and Milos Prvulovic. 2014. A practical methodology for measuring the side-channel signal available to the aŠttacker for instructionlevel events. In 47th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO). IEEE, 242–254.
[6] Abbas Cheddad, Joan Condell, Kevin Curran, and Paul Mc KeviŠ. 2010. Digital image steganography: Survey and analysis of current methods. Signal Processing 90, 3 (2010), 727–752.
[7] Vicka Corey, Charles Peterman, Sybil Shearin, Michael S Greenberg, and James Van Bokkelen. 2002. Network forensics analysis. IEEE Internet Computing 6, 6 (2002), 60–66.
[8] Randall D Deppensmith and Samuel J Stone. 2014. Optimized fi€ngerprint generation using unintentional emission radio-frequency distinct native aŠttributes (RF-DNA). In Aerospace and Electronics Conference, NAECON 2014-IEEE National. IEEE, 327–330.
[9] Xiaoyu Du, Nhien-An Le-Khac, and Mark Scanlon. 2017. Evaluation of Digital Forensic Process Models with Respect to Digital Forensics as a Service. In Proceedings of the 16th European Conference on Cyber Warfare and Security (ECCWS 2017). ACPI, Dublin, Ireland, 573–581.
[10] William Entriken. System Bus Radio. hŠps:// system-bus-radio. Accessed: 2018-01-26.
[11] Robin Getz and Bob Moeckel. 1996. Understanding and eliminating EMI in Microcontroller Applications. National Semiconductor (1996).
[12] Mordechai Guri, Assaf Kachlon, Ofer Hasson, Gabi Kedma, Yisroel Mirsky, and Yuval Elovici. 2015. GSMem: Data Ex€filtration from Air-Gapped Computers over GSM Frequencies. In USENIX Security Symposium. 849–864.
[13] Brian Hay, MaŠ Bishop, and Kara Nance. 2009. Live analysis: Progress and challenges. IEEE Security & Privacy 7, 2 (2009).
[14] Paul Kocher, Joshua Ja‚e, and Benjamin Jun. 1999. Di‚fferential power analysis. In Advances in Cryptology (CRYPTO ‘99). Springer, 789–789.
[15] Paul Kocher, Joshua Ja‚e, Benjamin Jun, and Pankaj Rohatgi. 2011. Introduction to di‚fferential power analysis. Journal of Cryptographic Engineering 1, 1 (2011), 5–27.
[16] Liran Lerman, Gianluca Bontempi, and Olivier Markowitch. 2011. Side channel aŠttack: an approach based on machine learning. In Proceedings of 2nd International Workshop on Constructive Side-Channel Analysis and Security Design (COSADE). Schindler and Huss, 29–41.
[17] David Lillis, BreŠ Becker, Tadhg O’Sullivan, and Mark Scanlon. 2016. Current Challenges and Future Research Areas for Digital Forensic Investigation. In Šthe 11th ADFSL Conference on Digital Forensics, Security and Law (CDFSL 2016). ADFSL, Daytona Beach, FL, USA, 9–20.
[18] David Lillis, Frank Breitinger, and Mark Scanlon. 2018. Hierarchical Bloom Filter Trees for Approximate Matching. Journal of Digital Forensics, Security and Law 13, 1 (01 2018).
[19] Vincent Liu, Aaron Parks, Vamsi Talla, Shyamnath Gollakota, David Wetherall, and Joshua R Smith. 2013. Ambient backscaŠtter: wireless communication out of thin air. ACM SIGCOMM Computer Communication Review 43, 4 (2013), 39–50.
[20] W. Liu, K. Huang, X. Zhou, and S. Durrani. 2017. Full-Duplex Backscatter Interference Networks Based on Time-Hopping Spread Spectrum. IEEE Transactions on Wireless Communications 16, 7 (July 2017), 4361–4377. DOI: hŠp://
[21] Aine MacDermoŠ, Œar Baker, and Qi Shi. 2018. IoT Forensics: Challenges For thŒe IoA Era. In New Technologies, Mobility and Security (NTMS), 2018 9th IFIP International Conference on. IEEE, 1–5.
[22] Alireza Nazari, Nader Sehatbakhsh, Monjur Alam, Alenka Zajic, and Milos Prvulovic. 2017. EDDIE: EM-Based Detection of Deviations in Program Execution. In Proceedings of the 44th Annual International Symposium on Computer Architecture. ACM, 333–346.
[23] Sheshidher Nyalamadugu, Naveen Soodini, Madhurima Maddela, Subramanian Nambi, and Stuart M Wentworth. 2004. Radio frequency identi€fication sensors. In ASEE Southeast Section Conference. 1–9.
[24] Romain Poussier, Vincent Grosso, and François-Xavier Standaert. 2015. Comparing approaches to rank estimation for side-channel security evaluations. In International Conference on Smart Card Research and Advanced Applications. Springer, 125–142.
[25] Jean-Jacques Qu‹isquater and David Samyde. 2001. Electromagnetic Analysis (EMA): Measures and counter-measures for smart cards. Smart Card Programming and Security (2001), 200–210.
[26] C. Ramsay and J. Lohuis. White Paper: TEMPEST aˆttacks against AES covertly stealing keys for 200 euros. Technical Report. Fox-IT, Netherlands. 10 pages. hŠttps://Šttacks_against_AES.pdf
[27] Hendra Saputra, Narayanan Vijaykrishnan, M Kandemir, Mary Jane Irwin, R Brooks, Soontae Kim, and Wei Zhang. 2003. Masking the energy behavior of DES encryption. In Proceedings of the conference on Design, Automation and Test in Europe-Volume 1. IEEE Computer Society, 10084.
[28] Mark Scanlon, Jason Farina, and M-Tahar Kechadi. 2015. Network Investigation Methodology for BitTorrent Sync: A Peer-to-Peer Based File Synchronisation Service. Computers & Security 54 (10 2015), 27 – 43. DOI:hŠp:// 1016/j.cose.2015.05.003
[29] MaŠhias Schulz, Patrick Klapper, MaŠhias Hollick, Erik Tews, and Stefan Katzenbeisser. 2016. Trust the wire, they always told me!: On practical non-destructive wire-tap aŠttacks against Ethernet. In Proceedings of the 9th ACM Conference on Security & Privacy in Wireless and Mobile Networks. ACM, 43–48.
[30] Somayeh Soltani and Seyed Amin Hosseini Seno. 2017. A survey on digital evidence collection and analysis. In 7th International Conference on Computer and Knowledge Engineering (ICCKE). IEEE, 247–253.
[31] Barron Stone and Samuel Stone. 2016. Comparison of Radio Frequency Based Techniques for Device Discrimination and Operation Identi€cation. In 11th International Conference on Cyber Warfare and Security: ICCWS2016. Academic Conferences and Publishing Limited, 475.
[32] Walter HW TuŠlebee. 2003. So‡ftware de€fined radio: enabling technologies. John Wiley & Sons.
[33] Wim Van Eck. 1985. Electromagnetic radiation from video display units: An eavesdropping risk? Computers & Security 4, 4 (1985), 269–286.
[34] Eva A Vincze. 2016. Challenges in digital forensics. Police Practice and Research 17, 2 (2016), 183–194.
[35] Satohiro Wakabayashi, Seita Maruyama, Tatsuya Mori, Shigeki Goto, Masahiro Kinugawa, and Yu-ichi Hayashi. 2017. POSTER: Is Active Electromagnetic Sidechannel AŠttack Practical? In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. ACM, 2587–2589.
[36] Marc WiŠeman and Martijn Oostdijk. 2008. Secure application programming in the presence of side channel aŠttacks. In RSA Conference, Vol. 2008.
[37] Marc F WiŠeman, Jasper GJ van Woudenberg, and Federico Menarini. 2011. Defeating RSA Multiply-Always and Message Blinding Countermeasures. In Cryptographers€ Track at the RSA Conference (CT-RSA), Vol. 6558. Springer, 77– 88.
[38] Chouchang Jack Yang and Alanson P Sample. 2017. EM-Comm: Touch-based Communication via Modulated Electromagnetic Emissions. Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies 1, 3 (2017), 118.
[39] Pengyu Zhang, Dinesh Bharadia, Kiran Joshi, and Sachin KaŠi. 2016. Hitchhike: Practical backscaŠtter using commodity wifi€. In Proceedings of the 14th ACM Conference on Embedded Network Sensor Systems. ACM, 259–271.

Download the paper here.

About scar

Scar de Courcier is an assistant editor at Forensic Focus.


No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 1,112 other followers

%d bloggers like this: