Law Enforcement Agencies Requirements and Use Cases
WP1 generates the LEAs (=Law Enforcement Agency) requirements. There is a wide variety of devices available in the market for the general population, each one using diverse software and hardware platforms. Those include different operating systems, software versions and hardware components. The majority of them have encryption capabilities. In addition, devices used by OCGs (Organized Crime Groups) typically have another layer of complexity added to secure the devices.
Legal, Ethical and Societal Issues
The primary objective of this work package is to provide EXFILES with the support required to understand the legal constraints imposed by European and domestic laws with respect to encryption, the methods used by the judicial system to counter its use as an anti-forensic tool, and the ethical and societal consequences due to the use of those methods by LEAs. Firstly, this work package defines the legal framework surrounding encryption and forensic work, and contextualise the project in the debate on encryption techniques through an analysis of substantive and future European law. Secondly, it explores the ethical frameworks related to the digital forensics research and making informed decisions regarding the disclosure of any vulnerability discovery. Thirdly, it provides a practical overview regarding the use of the project’s outcomes, for instance, how evidence provided by the EXFILES developed methods stand up in court, and to what extent these methods can be kept confidential.
Software Toolbox for Data Extraction
Secure phones, high-end consumer devices or specifically secured ones, use a combination of hardware and software security mechanisms which prevents legal forensic. In this WP we focus on the software part to provide new technologies in order to improve LEAs capabilities. Even if the hardware is completely secure, vulnerabilities in software allow access to encrypted data. However, critical operations, such as authentication or integrity verifications, are now handled in a secure subsystem which is composed of an isolated or emulated hardware known as Trusted Execution Environment (TEE). This work package provides state of the art tools to enhance vulnerabilities and exploits finding in TEE such as TrustZone (TZ) or Secure Enclave. Such access can enable retrieving or use of hardware keys and bypassing of secure boot to be able to brute force passwords and access user data.
Hardware Approach to Extract Essential Information for Decryption
WP4 deals with physical techniques over the microprocessors present in the target systems. The goal is to use Reverse-Engineering (RE) and physical techniques to find out about secrets such as encryption schemes involving secure element and boot ROMs from SoCs. Evaluating invasive techniques including Reverse Engineering as part of the process could also bring useful knowledge such as functional mapping information and / or localised targets, which allows for RE based semi-invasive techniques evaluation.
Combination of HW & SW Approaches to propose Novel Forensics Methods
As described in its title, the main objective of this work package, consists in a combination of HW & SW approaches to propose novel forensics methods. Indeed, in the case of a criminal investigation, LEAs may be able to extract data from the target, but all or part of data can be encrypted. However, almost cryptographies technologies used in modern smartphones are based on standard algorithms, such as AES, RSA, etc. These algorithms are considered as mathematically secure. For example, by using a modern, high-performance computer to perform a brute force attack, still billions of years are needed to retrieve an AES secret key. In this context, the task of LEAs to obtain an exploited data will become a real challenge that requires new tools and methodologies for decryption. Therefore, this WP delivers tools and techniques based on Side Channel Analysis (SCA) and Fault Injection (FI) attacks, which are part of physical attacks family. In the practice, this WP consists in transforming existing tools and methods from lower-tech and non-forensic white-box environments into forensic contexts where black-box testing is far more common than in other areas and were the latest high-end consumer devices are encountered. This significantly broaden the market for companies with business in the area of physical attacks.
Knowledge Distribution & Tool Deployment
As LEAs are at the core of this project, the Bundeskriminalamt Germany develop their skills and enhance their laboratories to carry their paramount importance research, development and forensic analysis’s tasks long after the end of the project. This work package strengthen the collaboration between EU LEAs which is often the most efficient, and in many cases the only way, to obtain crucial data and analysis techniques for the investigations. By working together on a common problem, LEAs involved in this project, including other EU LEAs, strengthen their existing collaboration relationships or even build new ones. They also share common knowledge and methods, which will remain active after the end of the project This community, using the same technology can then share results and solutions more effectively.
Dissemination, Communication, Exploitation and Training
In line with the Grant Agreement, this work package is dedicated to the communication, dissemination and exploitation aspects of the project and its developments. The main objectives refer to the targeted communication of project results, the dissemination and contribution to a European Research Union as well as the exploitation of the scientific results to create competitive advantage with innovative products.
Project, Risk and Innovation Management
Work package 8 is responsible for the operational management and technical vitality of the EXFILES project, encompassing management components on contractual, financial, legal, technical, administrative and ethical levels. The main objective is the establishment of a sound and flexible project management structure and an efficient management process as well as the provision of an effective risk management strategy, so as to avoid deviations from the work plan. Another focus of work package 8 is to respond to opportunities, which are addressed by active innovation management. These activities will help to maximize the benefit to participants, project stakeholders and the overall impact of the project.
The objective is to ensure compliance with the 'ethics requirements' set out in this work package. Project Partners TECHNIKON (TEC) is a private independent Austrian SME with a highly specialized multinational team of 20+ engineers and scientists. It is dedicated towards engineering services as well as the planning, assessment and coordination of large industry driven international research projects. Technikon contributes in WP2 leading the task related to the project data management. TEC will coordinate the Data Management Plan and contribute to the implementation of the central platform. TEC will establish, maintain and handle the communication tools and further develop the target audiences / the communication plan, and create dissemination material to support dissemination events. TEC performs administrative tasks, oversee risk management activities, enable risk mitigation when needed, and monitor innovation activities.