A Comparison between Two Off-the-Shelf Algebraic Tools for Extraction of Cryptographic Keys from Corrupted Memory Images

Cold boot attack is a class of side channel attacks which exploits the data remanence property of random access memory (RAM) to retrieve its contents which remain readable shortly after its power has been removed. Specialized algorithms have been previously proposed to recover cryptographic keys of several ciphers from decayed memory images. However, these techniques were cipher-dependent and certainly uneasy to develop and fine tune. On the other hand, for symmetric ciphers, the relations that have to be satisfied between the subround key bits in the key schedule always correspond to a set of nonlinear Boolean equations. In this paper, we investigate the use of an off-the-shelf SAT solver (CryptoMiniSat), and an open source Grobner basis tool (PolyBoRi) to solve the resulting system of equations. We also provide the pros and cons of both approaches and present some simulation results for the extraction of AES and Serpent keys from decayed memory images using these tools.

[1]  Stephen A. Cook,et al.  The complexity of theorem-proving procedures , 1971, STOC.

[2]  B. Buchberger,et al.  Grobner Bases : An Algorithmic Method in Polynomial Ideal Theory , 1985 .

[3]  Colin Boyd,et al.  Cryptography and Coding , 1995, Lecture Notes in Computer Science.

[4]  Ross Anderson,et al.  Serpent: A Proposal for the Advanced Encryption Standard , 1998 .

[5]  Brian Kaplan RAM is Key Extracting Disk Encryption Keys From Volatile Memory , 2007 .

[6]  Xiaoyun Wang,et al.  Finding Collisions in the Full SHA-1 , 2005, CRYPTO.

[7]  Gerhard Goos,et al.  Fast Software Encryption , 2001, Lecture Notes in Computer Science.

[8]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[9]  Gregory V. Bard,et al.  Algebraic Cryptanalysis of the Data Encryption Standard , 2007, IMACC.

[10]  N. Bose Gröbner Bases: An Algorithmic Method in Polynomial Ideal Theory , 1995 .

[11]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[12]  Victor Shoup Advances in Cryptology - CRYPTO 2005: 25th Annual International Cryptology Conference, Santa Barbara, California, USA, August 14-18, 2005, Proceedings , 2005, CRYPTO.

[13]  Simon Heron,et al.  Encryption: Advanced Encryption Standard (AES) , 2009 .

[14]  Joao Marques-Silva,et al.  Theory and Applications of Satisfiability Testing - SAT 2007, 10th International Conference, Lisbon, Portugal, May 28-31, 2007, Proceedings , 2007, SAT.

[15]  Hans Kleine Büning,et al.  Theory and Applications of Satisfiability Testing - SAT 2008, 11th International Conference, SAT 2008, Guangzhou, China, May 12-15, 2008. Proceedings , 2008, SAT.

[16]  Ilya Mironov,et al.  Applications of SAT Solvers to Cryptanalysis of Hash Functions , 2006, SAT.

[17]  Armin Biere,et al.  Theory and Applications of Satisfiability Testing - SAT 2006, 9th International Conference, Seattle, WA, USA, August 12-15, 2006, Proceedings , 2006, SAT.

[18]  David Pointcheval Topics in Cryptology - CT-RSA 2006, The Cryptographers' Track at the RSA Conference 2006, San Jose, CA, USA, February 13-17, 2006, Proceedings , 2006, CT-RSA.

[19]  Chris Christensen,et al.  Algebraic Cryptanalysis of SMS4: Gröbner Basis Attack and SAT Attack Compared , 2009, ICISC.

[20]  Abdel Alim Kamal,et al.  Applications of SAT Solvers to AES Key Recovery from Decayed Key Schedule Images , 2010, 2010 Fourth International Conference on Emerging Security Information, Systems and Technologies.

[21]  Hideki Imai,et al.  Algebraic Cryptanalysis of 58-Round SHA-1 , 2007, FSE.

[22]  Vincent Rijmen,et al.  The Design of Rijndael: AES - The Advanced Encryption Standard , 2002 .

[23]  Sergei Skorobogatov Low temperature data remanence in static RAM , 2002 .

[24]  Michael Wiener,et al.  Advances in Cryptology — CRYPTO’ 99 , 1999 .

[25]  Ramarathnam Venkatesan,et al.  Inversion Attacks on Secure Hash Functions Using satSolvers , 2007, SAT.

[26]  Alireza Sharifi,et al.  Algebraic Attacks from a Groebner Basis Perspective , 2010 .

[27]  Michael Brickenstein,et al.  PolyBoRi: A framework for Gröbner-basis computations with Boolean polynomials , 2009, J. Symb. Comput..

[28]  Jean-Jacques Quisquater,et al.  Practical Algebraic Attacks on the Hitag2 Stream Cipher , 2009, ISC.

[29]  Dong Hoon Lee,et al.  Information, Security and Cryptology - ICISC 2009, 12th International Conference, Seoul, Korea, December 2-4, 2009, Revised Selected Papers , 2010, ICISC.

[30]  Martin R. Albrecht,et al.  Cold Boot Key Recovery by Solving Polynomial Systems with Noise , 2011, ACNS.

[31]  Tobias Eibach,et al.  Attacking Bivium Using SAT Solvers , 2008, SAT.

[32]  Vincent Rijmen,et al.  Algebraic cryptanalysis of a small-scale version of stream cipher Lex , 2010, IET Inf. Secur..

[33]  Gregory V. Bard,et al.  Algebraic and Slide Attacks on KeeLoq , 2008, FSE.

[34]  Vincent Rijmen,et al.  The Design of Rijndael , 2002, Information Security and Cryptography.

[35]  Adi Shamir,et al.  Playing "Hide and Seek" with Stored Keys , 1999, Financial Cryptography.

[36]  Nicolas Courtois,et al.  Algebraic Attacks on the Crypto-1 Stream Cipher in MiFare Classic and Oyster Cards , 2008, IACR Cryptol. ePrint Arch..

[37]  Johannes A. Buchmann,et al.  Block Ciphers Sensitive to Gröbner Basis Attacks , 2006, CT-RSA.

[38]  Ariel J. Feldman,et al.  Lest we remember: cold-boot attacks on encryption keys , 2008, CACM.

[39]  Aggelos Kiayias,et al.  Polynomial Reconstruction Based Cryptography , 2001, Selected Areas in Cryptography.

[40]  Hovav Shacham,et al.  Available from the IACR Cryptology ePrint Archive as Report 2008/510. Reconstructing RSA Private Keys from Random Key Bits , 2022 .

[41]  Alex Tsow,et al.  An Improved Recovery Algorithm for Decayed AES Key Schedule Images , 2009, Selected Areas in Cryptography.

[42]  Shai Halevi Advances in Cryptology - CRYPTO 2009, 29th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 16-20, 2009. Proceedings , 2009, CRYPTO.

[43]  Carsten Maartmann-Moe,et al.  The persistence of memory: Forensic identification and extraction of cryptographic keys , 2009, Digit. Investig..