Key extraction-based lawful access to encrypted data: Taxonomy and survey

The rise of end-to-end encryption has enabled end-users to protect their data to a point that classical techniques of lawful access (seizure of devices, wiretaps) are futile. While there is a heated discussion about regulating the access primitive to end-user devices for law enforcement, little attention is given to the technical design of how evidence should be collected. This is especially critical during remote surveillance, as law enforcement may have unrestricted access to end-user devices over longer periods of time. In this paper, we propose the novel category of key extraction-based lawful interception (KEX-LI), meaning that instead of directly accessing plaintext data, law enforcement only extracts the necessary key material from end-user devices, thus minimizing the requirements of data extraction on end-user devices. When subsequently collecting encrypted data (e.g., via wiretapping), law enforcement can use these keys for decryption. We structure and survey the state-of-the-art of key extraction techniques, thus embedding KEX-LI in the broader context of device forensics. Furthermore, we describe specific requirements for a practical solution to conduct KEX-LI and evaluate currently available technical implementations. Our results are intended to help practitioners select the most suitable techniques as well as to identify research gaps.