Results & Downloads
D7.3 “Updated plan and initial report on dissemination and communication activities”
This deliverable includes information on the dissemination, communication and exploitation activities, as well as on internal and external training activities of the EXFILES project. It is the first report on the communication and dissemination activities of the first 18 project months. It thus contains relevant information about all executed activities up to M18, as well as an updated plan of future activities. The deliverable will be updated and finalized within “D7.6 Final report on dissemination & communication activities” at the project end.
D7.2 “Hands-on trainings for contributors”
This document describes deliverable D7.2 “Hands-on training for contributors”. As part of this deliverable, RISCURE has made available (and will continue to enable access for the entire duration of the project) two standard, hands-on online training courses to all EXFILES contributors.
Journal Paper in ‘ScienceDirect’
Julien Maillard, Thomas Hiscock, Maxime Lecomte, Christophe Clavier: “Side-Channel Disassembly on a System-on-Chip: A Practical Feasibility Study”
Paper in ‘CARDIS 2022’
FANJAS, Clément, GAINE, Clément, ABOULKASSIMI, Driss, PONTIÉ, Simon, POTIN, Olivier: “Combined Fault Injection and Real-Time Side-Channel Analysis for Android Secure-Boot Bypassing”
Paper in ‘Cryptology ePrint Archive’
Clément Fanjas , Clément Gaine , Driss Aboulkassimi, Simon Pontié and Olivier Potin: “Real-Time Frequency Detection to Synchronize Fault Injection on System-on-Chip”
Paper in ‘IEEE Xplore’
SHEPHERD, Carlton, SEMAL Benjamin, MARKANTONAKIS: “Investigating Black-Box Function Recognition Using Hardware Performance Counters”
Paper in ‘arXiv’
SHEPHERD, Carlton, KALBANTNER, Jan, SEMAL, Benjamin, MARKANTONAKIS, Konstantinos: “A Side-channel Analysis of Sensor Multiplexing for Covert Channels and Application Fingerprinting on Mobile Devices”
Paper in ‘IEEE Security and Privacy Workshops (SPW)’
SHEPHERD, Carlton, MARKANTONAKIS, Konstantinos, et JALOYAN, Georges-Axel: “LIRA-V: Lightweight remote attestation for constrained RISC-V devices”
Paper in ‘Computers & Security’
SHEPHERD, Carlton, MARKANTONAKIS, Konstantinos, VAN HEIJNINGEN, Nico, et al: “Physical fault injection and side-channel attacks on mobile devices: A comprehensive analysis”
D2.1 “Fundamental support study on Encryption and Fundamental Rights”
This deliverable is the first legal analysis of the EXFILES project. It is the result of the study of numerous national and European documents from various sources – institutional, academic, legal, technical, law enforcement, and NGO – as well as contributions from the project partners on the legal framework applicable in their country. It assesses the legal and soft-law provisions regarding fundamental rights and the use of encryption, in the context of collection of evidence from encrypted devices.
Paper in ‘Forensic Science International: Digital Investigation’
FUKAMI, Aya, STOYKOVA, Radina, et GERADTS, Zeno: A new model for forensic data extraction from encrypted mobile devices
EXFILES newsletter #1
D5.1 “Vulnerabilities analysis and attack scenarios description”
This report presents the state of the art in physical fault injection and side-channel attacks on mobile devices. It surveys over 40 research papers from which 15 attack scenarios are sourced and compared.
D3.1 “TEE security study”
This report describes mobile TEEs and their common security mechanisms. An open-source, whitebox testbed is then presented for conducting security research on TEE-equipped mobile systems.
D8.1 “Project quality plan”
The project quality plan (the project handbook) constitutes a set of project templates, explanations on the project management process, review process, quality checks, meeting organisation, which is communicated to all partners.
D7.1 “Internal and external IT communication infrastructure and project website”
The external IT communication infrastructure constitutes a guideline for communication of the EXFILES project to external target groups including conferences, marketing measures and communication channels. Furthermore, this deliverable constitutes the launch of the internal EXFILES communication infrastructure including the establishment of mailing lists, a subversion repository server and the EXFILES website.
D1.1 “State of the art in mobile forensics”
In the current smartphone market, Android and iOS are the dominant operating systems where Samsung, Huawei and Apple are the major smartphone developers, all using state-of-the-art ARM based chip technology. Traditional data acquisition methods are less effective against modern smartphones, without proper user authentication, due to strong cryptographic security mechanisms at the operating system level. Future forensic techniques need to focus on the exploitation of hardware and software vulnerabilities to escalate privileges to the level where an examiner can directly acquire decrypted user data from a running device, or extract key material that can be used to decrypt extracted user data afterwards. This results in new business models for forensic tools vendors but also raises legal issues related to network based data acquisition and responsible disclosure.