Recovering AES Keys with a Deep Cold Boot Attack

TL;DR

This paper introduces a novel deep learning and error correction based approach to recover AES encryption keys from corrupted memory in cold boot attacks, significantly outperforming existing methods.

Contribution

It combines a cryptographic error correction technique with a neural message passing network to formalize and solve AES key recovery as a computational graph problem.

Findings

Outperforms state-of-the-art attack methods by a large margin.

Successfully recovers AES keys from heavily corrupted memory.

Introduces a neural network-based formalization of AES key scheduling.

Abstract

Cold boot attacks inspect the corrupted random access memory soon after the power has been shut down. While most of the bits have been corrupted, many bits, at random locations, have not. Since the keys in many encryption schemes are being expanded in memory into longer keys with fixed redundancies, the keys can often be restored. In this work, we combine a novel cryptographic variant of a deep error correcting code technique with a modified SAT solver scheme to apply the attack on AES keys. Even though AES consists of Rijndael S-box elements, that are specifically designed to be resistant to linear and differential cryptanalysis, our method provides a novel formalization of the AES key scheduling as a computational graph, which is implemented by a neural message passing network. Our results show that our methods outperform the state of the art attack methods by a very large margin.