Electromagnetic Side-Channel Analysis For Iot Forensics: Challenges, Framework, And Datasets

Electromagnetic (EM) side-channel radiation from Internet of Things (IoT) devices are shown to be effective at acquiring forensic insights during digital investigations. These EM radiation patterns can be analysed with the help of machine learning algorithms to detect internal behaviours of IoT devices, which can be relevant to an investigation. However, the real-world application of EM side-channel analysis for digital forensic purposes is obstructed by the lack of suitable tools and the technical expertise among law-enforcement communities. Although certain frameworks, such as EMvidence, exist to cater this requirement, the sheer diversity of the IoT ecosystem makes it difficult to support a sufficiently large collection of devices that are commonly encountered in forensic investigations. The work presented in this paper makes multiple contributions towards addressing this problem. Initially, a detailed discussion on the challenges of applying EM side-channel analysis in practical digital forensic purposes is provided, where the practical difficulties are illustrated. Then, it was shown that the existing EM side-channel analysis frameworks, such as EMvidence, can be used to overcome the diversity of IoT devices in forensics by equipping them with extensible plug-ins targeting the internal system-on-chips (SoC) of each device type. These plug-ins are expected to incorporate trained machine learning models, which are capable of recognising patterns of specific IoT device SoCs. However, the development of such plug-ins requires sufficiently diverse EM datasets from IoT devices. Facilitating this requirement, this work presents a comprehensive EM side-channel dataset representing a diverse collection of popular IoT devices and smartphones. The presented dataset is used to demonstrate the potential usage of machine learning models to recognise device behaviour.