hh.sePublications
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Forensics acquisition – Analysis and circumvention of samsung secure boot enforced common criteria mode
NTNU, Gjøvik, Norway.
NTNU, Gjøvik, Norway & Norwegian Defence Cyber Academy (NDCA), Jørstadmoen, Norway.
Halmstad University, School of Information Technology, Halmstad Embedded and Intelligent Systems Research (EIS).
2018 (English)In: Digital Investigation. The International Journal of Digital Forensics and Incident Response, ISSN 1742-2876, E-ISSN 1873-202X, Vol. 24, no Suppl., p. S60-S67Article in journal (Refereed) Published
Abstract [en]

The acquisition of data from mobile phones have been a mainstay of criminal digital forensics for a number of years now. However, this forensic acquisition is getting more and more difficult with the increasing security level and complexity of mobile phones (and other embedded devices). In addition, it is often difficult or impossible to get access to design specifications, documentation and source code. As a result, the forensic acquisition methods are also increasing in complexity, requiring an ever deeper understanding of the underlying technology and its security mechanisms. Forensic acquisition techniques are turning to more offensive solutions to bypass security mechanisms, through security vulnerabilities. Common Criteria mode is a security feature that increases the security level of Samsung devices, and thus make forensic acquisition more difficult for law enforcement. With no access to design documents or source code, we have reverse engineered how the Common Criteria mode is actually implemented and protected by Samsung's secure bootloader. We present how this security mode is enforced, security vulnerabilities therein, and how the discovered security vulnerabilities can be used to circumvent Common Criteria mode for further forensic acquisition. © 2018 The Author(s). Published by Elsevier Ltd on behalf of DFRWS.

Place, publisher, year, edition, pages
Kidlington: Elsevier, 2018. Vol. 24, no Suppl., p. S60-S67
Keywords [en]
Common criteria, CC mode, Mobile security, Mobile device management, Forensic acquisition, Smart phone, Samsung secure boot
National Category
Computer Sciences Embedded Systems Computer Systems Telecommunications
Identifiers
URN: urn:nbn:se:hh:diva-36642DOI: 10.1016/j.diin.2018.01.008ISI: 000428307900008Scopus ID: 2-s2.0-85068649293OAI: oai:DiVA.org:hh-36642DiVA, id: diva2:1199082
Projects
Ars Forensica
Note

Funding: Research Council of Norway programme IKTPLUSS, under the R&D project Ars Forensica grant agreement 248094/O70.

Available from: 2018-04-19 Created: 2018-04-19 Last updated: 2020-02-03Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full textScopus

Authority records

Axelsson, Stefan

Search in DiVA

By author/editor
Axelsson, Stefan
By organisation
Halmstad Embedded and Intelligent Systems Research (EIS)
In the same journal
Digital Investigation. The International Journal of Digital Forensics and Incident Response
Computer SciencesEmbedded SystemsComputer SystemsTelecommunications

Search outside of DiVA

GoogleGoogle Scholar

doi
urn-nbn

Altmetric score

doi
urn-nbn
Total: 2084 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf