Maximum Likelihood-Based Key Recovery Algorithm from Decayed Key Schedules

Abstract

A cold boot attack is a kind of side-channel attack that exploits a property of dynamic random-access memory. Using a cold boot attack, attackers can extract decayed key material from a running computer’s memory, which is a serious threat to computers using disk encryption software. Previously, an algorithm was presented that recovers a secret key from a decayed Advanced Encryption Standard key schedule. However, this method cannot recover a secret key if reverse bit flipping occurs, even in only one position, because this algorithm assumes a perfect asymmetric decay model. To remedy this limitation, we propose an algorithm based on the maximum likelihood approach, which can recover a secret key in an imperfect asymmetric decay model, i.e., where bit flipping occurs in both directions. We also give the theoretical bound of our algorithm and verify the validity thereof.

Appendices

A Proof of Theorem 1

In this appendix, we show the sketch of proof of Theorem 1 in a similar way to the result of Kunihiro and Honda [8]. First, we introduce some notation for the proof.

We denote by \(\mathbf{1}[\cdot ]\) the indicator function and by E[X] the expectation of a random variable X. Instead of \(\log \mathrm{Pr}[D|C]\), we use the score function \(R(x;y) = \log \frac{dF_x}{dG}(y),\ x, y \in \{0,1\}\), where \(F_x\) is the distribution of the imperfect asymmetric decay model, G is the mixture distribution \((F_0 + F_1)/2\) and \(dF_x/dG\) is the Radon-Nikodym’s derivative. Then, \(R(C_{i,j}; D_j)\) is \(\sum ^{i}_{r=1} \sum ^{m_r}_{k=1} R(C_{i,j}[r][k];D_i[r][k])\), where \(C_{i,j}[r][k]\) is the k-th computed byte with depth r and \(R(C_{i,j}[r][k];D_i[r][k])\) is the sum of the score for each bits in \(C_{i,j}[r][k]\). Note that R(x; y) is equivalent to \(\log \mathrm{Pr}[D|C]\) and the performance of our algorithm does not change.

We use Lemmas 1 and 2 in [8]. Lemma 1 shows the Chernoff’s inequality and Lemma 2 evaluates the score of the incorrect candidates. Our algorithm is different from their algorithm in that our algorithm has a structure of 256-ary tree. Thus, we use Assumption 1. (2) and modify Lemma 2 into the following form.

Lemma 2 (modified Lemma 2 [8]). For \(\forall i > d\), \(j \in \{ 256^{d-1}+1, \cdots , 256^d \}\),

$$ E[\exp ((\ln 2) R(X^d_{i,j} ; Y^d_i))] \le 2^{8m_{c}c}. $$

Proof of Theorem 1

(sketch). Let \(l = \lfloor \log _{256} L \rfloor \). We can assume without loss of generality that the index of the correct key schedule is \(j = 1\). By the union bound and some transformation, the error probability of our algorithm can be bounded by

(4)

\({\text {Let} u \in (R, I(X;Y))}\) be arbitrary. Then the probability in (4) is bounded by

(5)

The former and latter probabilities in (5) can be bounded by

where \( \varLambda ^{*}(u) = \sup _{\lambda \le 0}\{ \lambda u - \ln E[\exp (\lambda X)] \}\).

Combining the bounds with (5), we have

$$\begin{aligned}&\frac{256}{255L} \sum ^{r}_{d = l} \sum ^{256^d}_{j = 256^{d-1}+1} \mathrm{Pr}[R(X^d_{r,j} ; Y^d_r ) \ge 8m_d du] + \sum ^{r}_{d = l} \mathrm{Pr}[R(X^d_{r,1} ; Y^d_r ) \le 8m_d du ] \nonumber \\\le & {} \frac{256}{255L} \sum ^{r}_{d = l} 256^{d-1} \cdot 2^{8m_c c - 8m_d du} + \sum ^{r}_{d = l} \exp (-m_d d \varLambda ^{*}(u)) \nonumber \\\le & {} \frac{256^{m_c c}}{255L} \frac{256^{-l(u/R -1)}}{1-256^{-(u/R -1)}} + \frac{\exp (-l\varLambda ^{*}(u)/R)}{1-\exp (-\varLambda ^{*}(u)/R)} \nonumber \\\le & {} \frac{256^{m_c c+u/R-1}}{1-256^{-(u/R-1)}} L^{-u/R} + \frac{\exp (\varLambda ^{*}(u)/R)}{1-\exp (-\varLambda ^{*}(u)/R)} L^{-\frac{\varLambda ^{*}(u)}{R\ln 256}}. \end{aligned}$$

(6)

Note that we can consider \(m_d = 1/R\) for a larger L. We finish the proof with (4) and (6) and obtain

$$ \rho _1 = \frac{256^{m_c c+u/R-1}}{1-256^{-(u/R-1)}} + \frac{\exp (\varLambda ^{*}(u)/R)}{1-\exp (-\varLambda ^{*}(u)/R)}, \rho _2 = \min \left\{ u/R, \frac{\varLambda ^{*}(u)}{R\ln 256 }\right\} . $$

B Experimental Results

Table 6 shows the success rates for different L values and key lengths in details. As mentioned in Sect. 4, the result shows that a lager L raises the success rates. On the other hand, the success rates is independent of key lengths.

Table 6. Success Rates