Recovering AES Keys with a Deep Cold Boot Attack

Itamar Zimerman, Eliya Nachmani, Lior Wolf
Proceedings of the 38th International Conference on Machine Learning, PMLR 139:12955-12966, 2021.

Abstract

Cold boot attacks inspect the corrupted random access memory soon after the power has been shut down. While most of the bits have been corrupted, many bits, at random locations, have not. Since the keys in many encryption schemes are being expanded in memory into longer keys with fixed redundancies, the keys can often be restored. In this work we combine a deep error correcting code technique together with a modified SAT solver scheme in order to apply the attack to AES keys. Even though AES consists Rijndael SBOX elements, that are specifically designed to be resistant to linear and differential cryptanalysis, our method provides a novel formalization of the AES key scheduling as a computational graph, which is implemented by neural message passing network. Our results show that our methods outperform the state of the art attack methods by a very large gap.

Cite this Paper


BibTeX
@InProceedings{pmlr-v139-zimerman21a, title = {Recovering AES Keys with a Deep Cold Boot Attack}, author = {Zimerman, Itamar and Nachmani, Eliya and Wolf, Lior}, booktitle = {Proceedings of the 38th International Conference on Machine Learning}, pages = {12955--12966}, year = {2021}, editor = {Meila, Marina and Zhang, Tong}, volume = {139}, series = {Proceedings of Machine Learning Research}, month = {18--24 Jul}, publisher = {PMLR}, pdf = {http://proceedings.mlr.press/v139/zimerman21a/zimerman21a.pdf}, url = {https://proceedings.mlr.press/v139/zimerman21a.html}, abstract = {Cold boot attacks inspect the corrupted random access memory soon after the power has been shut down. While most of the bits have been corrupted, many bits, at random locations, have not. Since the keys in many encryption schemes are being expanded in memory into longer keys with fixed redundancies, the keys can often be restored. In this work we combine a deep error correcting code technique together with a modified SAT solver scheme in order to apply the attack to AES keys. Even though AES consists Rijndael SBOX elements, that are specifically designed to be resistant to linear and differential cryptanalysis, our method provides a novel formalization of the AES key scheduling as a computational graph, which is implemented by neural message passing network. Our results show that our methods outperform the state of the art attack methods by a very large gap.} }
Endnote
%0 Conference Paper %T Recovering AES Keys with a Deep Cold Boot Attack %A Itamar Zimerman %A Eliya Nachmani %A Lior Wolf %B Proceedings of the 38th International Conference on Machine Learning %C Proceedings of Machine Learning Research %D 2021 %E Marina Meila %E Tong Zhang %F pmlr-v139-zimerman21a %I PMLR %P 12955--12966 %U https://proceedings.mlr.press/v139/zimerman21a.html %V 139 %X Cold boot attacks inspect the corrupted random access memory soon after the power has been shut down. While most of the bits have been corrupted, many bits, at random locations, have not. Since the keys in many encryption schemes are being expanded in memory into longer keys with fixed redundancies, the keys can often be restored. In this work we combine a deep error correcting code technique together with a modified SAT solver scheme in order to apply the attack to AES keys. Even though AES consists Rijndael SBOX elements, that are specifically designed to be resistant to linear and differential cryptanalysis, our method provides a novel formalization of the AES key scheduling as a computational graph, which is implemented by neural message passing network. Our results show that our methods outperform the state of the art attack methods by a very large gap.
APA
Zimerman, I., Nachmani, E. & Wolf, L.. (2021). Recovering AES Keys with a Deep Cold Boot Attack. Proceedings of the 38th International Conference on Machine Learning, in Proceedings of Machine Learning Research 139:12955-12966 Available from https://proceedings.mlr.press/v139/zimerman21a.html.

Related Material