Results & Downloads

SHEPHERD, Carlton, MARKANTONAKIS, Konstantinos, et JALOYAN, Georges-Axel: “LIRA-V: Lightweight remote attestation for constrained RISC-V devices”

SHEPHERD, Carlton, MARKANTONAKIS, Konstantinos, VAN HEIJNINGEN, Nico, et al: “Physical fault injection and side-channel attacks on mobile devices: A comprehensive analysis”

This deliverable is the first legal analysis of the EXFILES project. It is the result of the study of numerous national and European documents from various sources – institutional, academic, legal, technical, law enforcement, and NGO – as well as contributions from the project partners on the legal framework applicable in their country. It assesses the legal and soft-law provisions regarding fundamental rights and the use of encryption, in the context of collection of evidence from encrypted devices.

FUKAMI, Aya, STOYKOVA, Radina, et GERADTS, Zeno: A new model for forensic data extraction from encrypted mobile devices

This report presents the state of the art in physical fault injection and side-channel attacks on mobile devices. It surveys over 40 research papers from which 15 attack scenarios are sourced and compared.

This report describes mobile TEEs and their common security mechanisms. An open-source, whitebox testbed is then presented for conducting security research on TEE-equipped mobile systems.

The project quality plan (the project handbook) constitutes a set of project templates, explanations on the project management process, review process, quality checks, meeting organisation, which is communicated to all partners.

The external IT communication infrastructure constitutes a guideline for communication of the EXFILES project to external target groups including conferences, marketing measures and communication channels. Furthermore, this deliverable constitutes the launch of the internal EXFILES communication infrastructure including the establishment of mailing lists, a subversion repository server and the EXFILES website.

In the current smartphone market, Android and iOS are the dominant operating systems where Samsung, Huawei and Apple are the major smartphone developers, all using state-of-the-art ARM based chip technology. Traditional data acquisition methods are less effective against modern smartphones, without proper user authentication, due to strong cryptographic security mechanisms at the operating system level. Future forensic techniques need to focus on the exploitation of hardware and software vulnerabilities to escalate privileges to the level where an examiner can directly acquire decrypted user data from a running device, or extract key material that can be used to decrypt extracted user data afterwards. This results in new business models for forensic tools vendors but also raises legal issues related to network based data acquisition and responsible disclosure.