by Heinrich Riebler, Tobias Kenter, Christoph Sorge and Christian Plessl
Abstract:
Cold-boot attacks exploit the fact that DRAM contents are not immediately lost when a PC is powered off. Instead the contents decay rather slowly, in particular if the DRAM chips are cooled to low temperatures. This effect opens an attack vector on cryptographic applications that keep decrypted keys in DRAM. An attacker with access to the target computer can reboot it or remove the RAM modules and quickly copy the RAM contents to non-volatile memory. By exploiting the known cryptographic structure of the cipher and layout of the key data in memory, in our application an AES key schedule with redundancy, the resulting memory image can be searched for sections that could correspond to decayed cryptographic keys; then, the attacker can attempt to reconstruct the original key. However, the runtime of these algorithms grows rapidly with increasing memory image size, error rate and complexity of the bit error model, which limits the practicability of the approach.In this work, we study how the algorithm for key search can be accelerated with custom computing machines. We present an FPGA-based architecture on a Maxeler dataflow computing system that outperforms a software implementation up to 205x, which significantly improves the practicability of cold-attacks against AES.
Reference:
Heinrich Riebler, Tobias Kenter, Christoph Sorge and Christian Plessl: FPGA-accelerated Key Search for Cold-Boot Attacks against AES, In Proceedings of the 2013 International Conference on Field-Programmable Technology, FPT 2013, Kyoto, Japan, December 9-11, 2013, pp. 386–389, 2013.
Bibtex Entry:
@InProceedings{ riebler2013coldboot,
title = {{FPGA-accelerated Key Search for Cold-Boot Attacks against
AES}},
author = {Heinrich Riebler AND Tobias Kenter AND Christoph Sorge AND
Christian Plessl},
booktitle = {{Proceedings of the 2013 International Conference on
Field-Programmable Technology, FPT 2013, Kyoto, Japan,
December 9-11, 2013}},
year = {2013},
pages = {386--389},
abstract = {Cold-boot attacks exploit the fact that DRAM contents are
not immediately lost when a PC is powered off. Instead the
contents decay rather slowly, in particular if the DRAM
chips are cooled to low temperatures. This effect opens an
attack vector on cryptographic applications that keep
decrypted keys in DRAM. An attacker with access to the
target computer can reboot it or remove the RAM modules and
quickly copy the RAM contents to non-volatile memory. By
exploiting the known cryptographic structure of the cipher
and layout of the key data in memory, in our application an
AES key schedule with redundancy, the resulting memory
image can be searched for sections that could correspond to
decayed cryptographic keys; then, the attacker can attempt
to reconstruct the original key. However, the runtime of
these algorithms grows rapidly with increasing memory image
size, error rate and complexity of the bit error model,
which limits the practicability of the approach.In this
work, we study how the algorithm for key search can be
accelerated with custom computing machines. We present an
FPGA-based architecture on a Maxeler dataflow computing
system that outperforms a software implementation up to
205x, which significantly improves the practicability of
cold-attacks against AES.}
}