Applications of SAT Solvers to AES Key Recovery from Decayed Key Schedule Images

Cold boot attack is a side channel attack which exploits the data remanence property of random access memory (RAM) to retrieve its contents which remain readable shortly after its power has been removed. Given the nature of the cold boot attack, only a corrupted image of the memory contents will be available to the attacker. In this paper, we investigate the use of an off-the-shelf SAT solver, CryptoMinSat, to improve the key recovery of the AES-128 key schedules from its corresponding decayed memory images. By exploiting the asymmetric decay of the memory images and the redundancy of key material inherent in the AES key schedule, rectifying the faults in the corrupted memory images of the AES-128 key schedule is formulated as a Boolean satisfiability problem which can be solved efficiently for relatively very large decay factors. Our experimental results show that this approach improves upon the previously known results.

[1]  Gregory V. Bard,et al.  Algebraic and Slide Attacks on KeeLoq , 2008, FSE.

[2]  Tobias Eibach,et al.  Attacking Bivium Using SAT Solvers , 2008, SAT.

[3]  Ariel J. Feldman,et al.  Lest we remember: cold-boot attacks on encryption keys , 2008, CACM.

[5]  Chris Christensen,et al.  Algebraic Cryptanalysis of SMS4: Gröbner Basis Attack and SAT Attack Compared , 2009, ICISC.

[6]  Nicolas Courtois,et al.  Algebraic Attacks on the Crypto-1 Stream Cipher in MiFare Classic and Oyster Cards , 2008, IACR Cryptol. ePrint Arch..

[7]  Niklas Sörensson,et al.  An Extensible SAT-solver , 2003, SAT.

[8]  Sharad Malik,et al.  Chaff: engineering an efficient SAT solver , 2001, Proceedings of the 38th Design Automation Conference (IEEE Cat. No.01CH37232).

[9]  Hovav Shacham,et al.  Available from the IACR Cryptology ePrint Archive as Report 2008/510. Reconstructing RSA Private Keys from Random Key Bits , 2022 .

[10]  Ilya Mironov,et al.  Applications of SAT Solvers to Cryptanalysis of Hash Functions , 2006, SAT.

[11]  Eugene Goldberg,et al.  BerkMin: A Fast and Robust Sat-Solver , 2002, Discret. Appl. Math..

[12]  Gregory V. Bard,et al.  Algebraic Cryptanalysis of the Data Encryption Standard , 2007, IMACC.

[13]  N. Bose Gröbner Bases: An Algorithmic Method in Polynomial Ideal Theory , 1995 .

[14]  Vincent Rijmen,et al.  The Design of Rijndael: AES - The Advanced Encryption Standard , 2002 .

[15]  Sergei Skorobogatov Low temperature data remanence in static RAM , 2002 .

[16]  Marijn J. H. Heule,et al.  March_dl: Adding Adaptive Heuristics and a New Branching Strategy , 2006, J. Satisf. Boolean Model. Comput..

[17]  Stephen A. Cook,et al.  The complexity of theorem-proving procedures , 1971, STOC.

[18]  Ramarathnam Venkatesan,et al.  Inversion Attacks on Secure Hash Functions Using satSolvers , 2007, SAT.

[19]  Claude Castelluccia,et al.  Extending SAT Solvers to Cryptographic Problems , 2009, SAT.

[20]  Hilary Putnam,et al.  A Computing Procedure for Quantification Theory , 1960, JACM.

[21]  Alex Tsow,et al.  An Improved Recovery Algorithm for Decayed AES Key Schedule Images , 2009, Selected Areas in Cryptography.