Top

Published in:

2016 | OriginalPaper | Chapter

Memory Carving in Embedded Devices: Separate the Wheat from the Chaff

Authors : Thomas Gougeon, Morgan Barbier, Patrick Lacharme, Gildas Avoine, Christophe Rosenberger

Published in: Applied Cryptography and Network Security

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

This paper investigates memory carving techniques for embedded devices. Given that cryptographic material in memory dumps makes carving techniques inefficient, we introduce a methodology to distinguish meaningful information from cryptographic material in small-sized memory dumps. The proposed methodology uses an adaptive boosting technique with statistical tests. Experimented on EMV cards, the methodology recognized 92% of meaningful information and \(98\,\%\) of cryptographic material.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter Parallel Implementation of BDD Enumeration for LWE

next chapter CAPTCHaStar! A Novel CAPTCHA Based on Interactive Shape Discovery

Alcover, P.M., Guillamón, A., del Ruiz, M.C.: A new randomness test for bit sequences. Informatica 24(3), 339–356 (2013)MathSciNet

Avoine, G., Kalach, K., Quisquater, J.-J.: ePassport: securing international contacts with contactless chips. In: Tsudik, G. (ed.) FC 2008. LNCS, vol. 5143, pp. 141–155. Springer, Heidelberg (2008)CrossRef

Burdach, M.: Physical memory forensics (2006). https://www.blackhat.com/presentations/bh-usa-06/BH-US-06-Burdach.pdf

Calypso CNA: Calypso. http://www.calypsostandard.net/

Cohen, M.I.: Advanced carving techniques. Digital Invest. 4(3), 119–128 (2007)CrossRef

Coisel, I., Sanchez, I., Shaw, D.: Physical attacks against the lack of perfect forward secrecy in dect encrypted communications and possible countermeasures. In: International Wireless Communications and Mobile Computing Conference (IWCMC). pp. 594–599 (2015)

Doğanaksoy, A., Çalık, C., Sulak, F., Turan, M.S.: New randomness tests using random walk. In: National Cryptology Symposium II (2006)

EMVCo: EMV integrated circuit card specifications for payment systems, June 2008

Freund, Y., Schapire, R., Abe, N.: A short introduction to boosting. J. Jpn. Soc. Artif. Intell. 14(5), 771–780 (1999)

10.

Friedman, W.F.: The Index of Coincidence and its Applications in Cryptanalysis. Aegean Park Press, California (1987)

11.

Hastie, T., Rosset, S., Zhu, J., Zou, H.: Multi-class adaboost. Stat. Interface 2(3), 349–360 (2009)MathSciNetCrossRefMATH

12.

Kajdanowicz, T., Kazienko, P.: Boosting-based sequential output prediction. New Gener. Comput. 29(3), 293–307 (2011)CrossRefMATH

13.

Knuth, D.E.: The Art of Computer Programming: Seminumerical Algorithms, vol. 2. Addison-Wesley, Reading (1997)MATH

14.

Lanet, J.L., Bouffard, G., Lamrani, R., Chakra, R., Mestiri, A., Monsif, M., Fandi, A.: Memory forensics of a java card dump. Smart Card Research and Advanced Applications. LNCS, vol. 8968, pp. 3–17. Springer, Heidelberg (2014)

15.

Laurie, A.: Rfidiot. http://rfidiot.org/

16.

Pannetrat, A.: Cardpeek. http://pannetrat.com/Cardpeek/

17.

Pedregosa, F., Varoquaux, G., Gramfort, A., Michel, V., Thirion, B., Grisel, O., Blondel, M., Prettenhofer, P., Weiss, R., Dubourg, V., et al.: Scikit-learn: machine learning in python. J. Mach. Learn. Res. 12, 2825–2830 (2011)MathSciNetMATH

18.

Poisel, R., Tjoa, S.: A comprehensive literature review of file carving. In: 2013 Eighth International Conference on Availability, Reliability and Security (ARES), pp. 475–484. IEEE (2013)

19.

Rukhin, A., Soto, J., Nechvatal, J., Smid, M., Barker, E., Leigh, S., Levenson, M., Vangel, M., Banks, D., Heckert, A., Dray, J., Vo, S.: A statistical test suite for random and pseudorandom number generators for cryptographic applications. Technical report, DTIC Document April 2010

20.

Shamir, A., van Someren, N.: Playing hide and seek with stored keys. In: Franklin, M.K. (ed.) FC 1999. LNCS, vol. 1648, pp. 118–124. Springer, Heidelberg (1999)CrossRef

21.

SKIDATA AG: Skidata. http://www.skidata.com/en.html

22.

Su, J., Zhang, H.: A fast decision tree learning algorithm. AAAI 6, 500–505 (2006)

23.

Sulak, F.: A new statistical randomness test: saturation point test. Int. J. Inf. Secur. Sci. 2(3), 81–85 (2013)

24.

Sulak, F., Doğanaksoy, A., Ege, B., Koçak, O.: Evaluation of randomness test results for short sequences. In: Carlet, C., Pott, A. (eds.) SETA 2010. LNCS, vol. 6338, pp. 309–319. Springer, Heidelberg (2010)CrossRef

25.

Van Deursen, T., Mauw, S., Radomirovic, S.: mCarve: carving attributed dump sets. In: USENIX Security Symposium. pp. 107–121 (2011)

26.

Yoo, B., Park, J., Lim, S., Bang, J., Lee, S.: A study on multimedia file carving method. Multimedia Tools Appl. 61(1), 243–261 (2012)CrossRef

Title: Memory Carving in Embedded Devices: Separate the Wheat from the Chaff
Authors: Thomas Gougeon
Morgan Barbier
Patrick Lacharme
Gildas Avoine
Christophe Rosenberger
Publisher: Springer International Publishing
Book: Applied Cryptography and Network Security
Print ISBN: 978-3-319-39554-8

Electronic ISBN: 978-3-319-39555-5

Copyright Year: 2016
DOI: https://doi.org/10.1007/978-3-319-39555-5_32

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner