论文信息 - Key Extraction Attack Using Statistical Analysis of Memory Dump Data

Key Extraction Attack Using Statistical Analysis of Memory Dump Data

During the execution of a program the keys for encryption algorithms are in the random access memory (RAM) of the machine. Technically, it is easy to extract the keys from a dumped image of the memory. However, not many examples of such key extractions exist, especially during program execution. In this paper, we present a key extraction technique and confirm its effectiveness by implementing the Process Peeping Tool (PPT) – an analysis tool – that can dump the memory during the execution of a target program and help the attacker deduce the encryption keys through statistical analysis of the memory contents. Utilising this tool, we evaluate the security of two sample programs, which are built on top of the well-known OpenSSL library. Our experiments show that we can extract both the private key of the RSA asymmetric cipher as well as the secret key of the AES block cipher.

Anirban Basu | Shinsaku Kiyomoto | Yutaka Miyake | Yuto Nakano

[1] Michael Tüxen,et al. Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS) Heartbeat Extension , 2012, RFC.

[2] Tim Dierks,et al. The Transport Layer Security (TLS) Protocol Version 1.2 , 2008 .

[3] Alan O. Freier,et al. Internet Engineering Task Force (ietf) the Secure Sockets Layer (ssl) Protocol Version 3.0 , 2022 .

[4] Ariel J. Feldman,et al. Lest we remember: cold-boot attacks on encryption keys , 2008, CACM.

[5] Oded Goldreich,et al. Towards a theory of software protection and simulation by oblivious RAMs , 1987, STOC.

[6] Carsten Maartmann-Moe,et al. The persistence of memory: Forensic identification and extraction of cryptographic keys , 2009, Digit. Investig..

[7] Rafail Ostrovsky,et al. Software protection and simulation on oblivious RAMs , 1996, JACM.

[8] Tilo Müller,et al. FROST - Forensic Recovery of Scrambled Telephones , 2013, ACNS.