Memory Carving in Embedded Devices: Separate the Wheat from the Chaff
Résumé
Embedded devices usually gather and store personal data about the behaviours of their holders. For example, a public transportation card may record the last trips of the passenger, or a car ignition key may store the fuel consumption and the average engine speed of the vehicle. Being able to interpret these raw data without the knowledge of the specifications can be useful to establish digital evidence, for example in connection with criminal investigations. This paper investigates memory carving techniques for embedded devices. Given that cryptographic material in memory dumps makes carving techniques inefficient, we introduce a methodology to distinguish meaningful information from cryptographic material in small-sized memory dumps. The proposed methodology uses an adaptive boosting technique with statistical tests. Experimented on EMV cards, the methodology reaches a successful recognition rate greater than 99.8%.
Domaines
Cryptographie et sécurité [cs.CR]
Origine : Fichiers produits par l'(les) auteur(s)