Public Deliverables

This deliverable includes information on the dissemination, communication and exploitation activities, as well as on internal and external training activities of the EXFILES project. It is the first report on the communication and dissemination activities of the first 18 project months. It thus contains relevant information about all executed activities up to M18, as well as an updated plan of future activities. The deliverable will be updated and finalized within “D7.6 Final report on dissemination & communication activities” at the project end. 

This document describes deliverable D7.2 “Hands-on training for contributors”. As part of this deliverable, RISCURE has made available (and will continue to enable access for the entire duration of the project) two standard, hands-on online training courses to all EXFILES contributors. 

This deliverable is the first legal analysis of the EXFILES project. It is the result of the study of numerous national and European documents from various sources – institutional, academic, legal, technical, law enforcement, and NGO – as well as contributions from the project partners on the legal framework applicable in their country. It assesses the legal and soft-law provisions regarding fundamental rights and the use of encryption, in the context of collection of evidence from encrypted devices.

This report presents the state of the art in physical fault injection and side-channel attacks on mobile devices. It surveys over 40 research papers from which 15 attack scenarios are sourced and compared.

This report describes mobile TEEs and their common security mechanisms. An open-source, whitebox testbed is then presented for conducting security research on TEE-equipped mobile systems.

The project quality plan (the project handbook) constitutes a set of project templates, explanations on the project management process, review process, quality checks, meeting organisation, which is communicated to all partners.

The external IT communication infrastructure constitutes a guideline for communication of the EXFILES project to external target groups including conferences, marketing measures and communication channels. Furthermore, this deliverable constitutes the launch of the internal EXFILES communication infrastructure including the establishment of mailing lists, a subversion repository server and the EXFILES website.

In the current smartphone market, Android and iOS are the dominant operating systems where Samsung, Huawei and Apple are the major smartphone developers, all using state-of-the-art ARM based chip technology. Traditional data acquisition methods are less effective against modern smartphones, without proper user authentication, due to strong cryptographic security mechanisms at the operating system level. Future forensic techniques need to focus on the exploitation of hardware and software vulnerabilities to escalate privileges to the level where an examiner can directly acquire decrypted user data from a running device, or extract key material that can be used to decrypt extracted user data afterwards. This results in new business models for forensic tools vendors but also raises legal issues related to network based data acquisition and responsible disclosure.