Forensics Acquisition — Analysis and Circumvention of Samsung Secure Boot enforced Common Criteria Mode
| dc.contributor.author | Alendal, Gunnar | |
| dc.contributor.author | Dyrkolbotn, Geir Olav | |
| dc.contributor.author | Axelsson, Stefan | |
| dc.date.accessioned | 2019-02-14T13:16:54Z | |
| dc.date.available | 2019-02-14T13:16:54Z | |
| dc.date.created | 2018-06-14T13:10:13Z | |
| dc.date.issued | 2018 | |
| dc.identifier.citation | Digital Investigation. The International Journal of Digital Forensics and Incident Response. 2018, 24 S60-S67. | nb_NO |
| dc.identifier.issn | 1742-2876 | |
| dc.identifier.uri | http://hdl.handle.net/11250/2585527 | |
| dc.description.abstract | The acquisition of data from mobile phones have been a mainstay of criminal digital forensics for a number of years now. However, this forensic acquisition is getting more and more difficult with the increasing security level and complexity of mobile phones (and other embedded devices). In addition, it is often difficult or impossible to get access to design specifications, documentation and source code. As a result, the forensic acquisition methods are also increasing in complexity, requiring an ever deeper understanding of the underlying technology and its security mechanisms. Forensic acquisition techniques are turning to more offensive solutions to bypass security mechanisms, through security vulnerabilities. Common Criteria mode is a security feature that increases the security level of Samsung devices, and thus make forensic acquisition more difficult for law enforcement. With no access to design documents or source code, we have reverse engineered how the Common Criteria mode is actually implemented and protected by Samsung's secure bootloader. We present how this security mode is enforced, security vulnerabilities therein, and how the discovered security vulnerabilities can be used to circumvent Common Criteria mode for further forensic acquisition. | nb_NO |
| dc.language.iso | eng | nb_NO |
| dc.publisher | Elsevier | nb_NO |
| dc.relation.uri | https://doi.org/10.1016/j.diin.2018.01.008 | |
| dc.rights | Attribution-NonCommercial-NoDerivatives 4.0 Internasjonal | * |
| dc.rights.uri | http://creativecommons.org/licenses/by-nc-nd/4.0/deed.no | * |
| dc.title | Forensics Acquisition — Analysis and Circumvention of Samsung Secure Boot enforced Common Criteria Mode | nb_NO |
| dc.title.alternative | Forensics Acquisition — Analysis and Circumvention of Samsung Secure Boot enforced Common Criteria Mode | nb_NO |
| dc.type | Journal article | nb_NO |
| dc.type | Peer reviewed | nb_NO |
| dc.description.version | publishedVersion | nb_NO |
| dc.source.pagenumber | S60-S67 | nb_NO |
| dc.source.volume | 24 | nb_NO |
| dc.source.journal | Digital Investigation. The International Journal of Digital Forensics and Incident Response | nb_NO |
| dc.identifier.doi | 10.1016/j.diin.2018.01.008 | |
| dc.identifier.cristin | 1591211 | |
| dc.relation.project | Norges forskningsråd: 248094 | nb_NO |
| dc.description.localcode | © 2018 The Author(s). Published by Elsevier Ltd on behalf of DFRWS. This is an open access article under the CC BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/). | nb_NO |
| cristin.unitcode | 194,63,30,0 | |
| cristin.unitname | Institutt for informasjonssikkerhet og kommunikasjonsteknologi | |
| cristin.ispublished | true | |
| cristin.fulltext | original | |
| cristin.qualitycode | 1 |
Tilhørende fil(er)
Denne innførselen finnes i følgende samling(er)
Med mindre annet er angitt, så er denne innførselen lisensiert som Attribution-NonCommercial-NoDerivatives 4.0 Internasjonal