Cold Boot Key Recovery by Solving Polynomial Systems with Noise Martin R. Albrecht 1 & Carlos Cid 2 Team Salsa, LIP6, UPMC Information Security Group, Royal Holloway, University of London DTU, 04. April 2011
Outline Coldboot Attacks Polynomial System Solving with Noise Mixed Integer Programming Application
Outline Coldboot Attacks Polynomial System Solving with Noise Mixed Integer Programming Application
Coldboot Attacks I In [5] a method for extracting cryptographic key material from DRAM used in modern computers was proposed. Contrary to popular belief information in DRAM is not instantly lost when the power is cut, but decays slowly over time. This decay can be further slowed down by cooling the chip. Thus, an attacker can 1. deep-freeze a DRAM module 2. move it to a target machine which dumps the content to disk 3. find the most likely key candidate (which is erroneous due to decay) 4. use some mechanism to correct those errors The technique is called Coldboot attack in literature.
Coldboot Attacks II Definition (The Coldboot Problem) We are given 1. K : F n 2 FN 2 where N > n, 2. two real numbers 0 δ 0, δ 1 1, 3. K = KS(k) and K i the i-th bit of K. 4. K = (K 0, K 1,..., K N 1 ) FN 2 with the following distribution: Pr[K i = 0 K i = 0] = 1 δ 1, Pr[K i = 1 K i = 0] = δ 1, Pr[K i = 1 K i = 1] = 1 δ 0, Pr[K i = 0 K i = 1] = δ 0. 5. and some control function E : F n 2 {True, False}, which returns true for the pre-image of the noise free version of K. The task is to recover k such that E(k) returns True or a noise-free K. The Coldboot problem is equivalent to decoding a (non-)linear code with biased noise.
Coldboot Attacks III A bit K i = 0 of K is correct with probability Pr[K i = 0 K i = 0] = Pr[K i = 0 K i = 0]Pr[K i = 0] Pr[K i = 0] Likewise, a bit K i = 1 of K is correct with probability denote these values by 0 and 1 respectively. = (1 δ 1) (1 δ 1 + δ 0 ). (1 δ 0) (1 δ 0+δ 1). We
Coldboot Attacks IV Results in [5]: Cipher δ 0 δ 1 Success Time DES 0.10 0.001 100% DES 0.50 0.001 98% AES 0.15 0.001 100% 1s AES 0.30 0.001 100% 30s Can we do better and can we recover keys for more complicated key schedules like Serpent?
Outline Coldboot Attacks Polynomial System Solving with Noise Mixed Integer Programming Application
PoSSo We define polynomial system solving (PoSSo) as the problem of finding a solution to a system of polynomial equations over some field. Definition (PoSSo) Consider the set F = {f 0,..., f m 1 } where each f i F[x 0,..., x n 1 ]. A solution to F is any point x F n such that f i F : f i (x) = 0. Note, that we restrict ourselves to solutions in the base field here.
Max-PoSSo I We can define a family of Max-PoSSo problems, analogous to the well known Max-SAT family of problems. http://en.wikipedia.org/wiki/max-sat
Max-PoSSo II Definition (Max-PoSSo) Find a point x F n which satisfies the maximum number of polynomials in F = {f 0,..., f m 1 } F[x 0,..., x n 1 ].
Max-PoSSo III Definition (Partial Max-PoSSo) Find a point x F n such that for two sets of polynomials H and S in F[x 0,..., x n 1 ] f H : f (x) = 0 and the number of polynomials f S with f (x) = 0 is maximised. Max-PoSSo is Partial Max-Posso with H =. H for hard and S for soft. Both terms are borrowed from Partial Max-SAT.
Max-PoSSo IV Definition (Partial Weighted Max-PoSSo) Find a point x F n such that f H : f (x) = 0 and f S C(f, x) is minimized where C : f S, x F n R 0 is a cost function which returns 0 if f (x) = 0 and some value > 0 if f (x) 0. Partial Max-PoSSo is Weighted Partial Max-PoSSo where C(f, x) returns 1 if f (x) 0 for all f S.
Coldboot as Partial Weighted Max-PoSSo Let F K be an equation system corresponding to K. Assume that for each noisy output bit K i there is some f i F K of the form g i + K i where g i is some polynomial. Assume that these are the only polynomials involving output bits. Denote the set of these polynomials S. Denote the set of all remaining polynomials F K as H. Define the cost function C as a function which returns 1 1 0 for K i = 0, f (x) 0, 1 1 1 for K i = 1, f (x) 0, 0 otherwise. Express E as a polynomial system which is satisfiable for k only and add these polynomials to H.
Other Applications RFID authentication protocols often based on the LPN problem which is easily described as a Max-PoSSo problem. Homomorphic Gentry s scheme rests on the LWE problem which is easily described as a Max-PoSSo problem. Side-Channel data leakage is often noisy. Alg. Attacks can be improved by simplifying equation systems using probabilistic equations.
Outline Coldboot Attacks Polynomial System Solving with Noise Mixed Integer Programming Application
Mixed Integer Programming I Integer optimization deals with the problem of minimising (or maximising) a function in several variables subject to linear equality and inequality constraints and integrality restrictions on some or all of the variables. Definition (MIP) A linear mixed-integer programming problem (MIP) is defined as a problem of the form where min x {c T x Ax b, x Z k R l } A is an m n-matrix (n = k + l), b is an m-vector and c is an n-vector.
Mixed Integer Programming II Example Maximise x + 5y, thus c = (1, 5), subject to the constraints x + 0.2y 4 and 1.5x + 3y 4 where x 0 is real valued and y 0 is integer valued. The optimal value for c T x is 5 2 3 for x = 2 3 and y = 1. sage : p = M i x e d I n t e g e r L i n e a r P r o g r a m ( ) sage : x, y = p. n e w v a r i a b l e ( ), p. n e w v a r i a b l e ( ) sage : p. s e t i n t e g e r ( y [ 0 ] ) sage : p. a d d c o n s t r a i n t ( x [ 0 ] + 0. 2 y [ 0 ], max=4) sage : p. a d d c o n s t r a i n t ( 1. 5 x [ 0 ] + 3 y [ 0 ], max=4) sage : p. s e t m i n ( x [ 0 ], 0 ) ; p. s e t m i n ( y [ 0 ], 0 ) sage : p. s e t o b j e c t i v e ( x [ 0 ] + 5 y [ 0 ] ) sage : p. s o l v e ( ) 5. 6666666666666661
PoSSo as MIP I Consider some f F 2 [x 0,..., x n 1 ] and let Z a function that takes a polynomial over F 2 lifts it to the integers. Analogous for elements in F 2. 1. Restrict all x i to binary values. 2. Let l be zero if 1 does not appear in f and one otherwise.them 3. Let w be the number of monomials in f and u = 2 w/2. 4. Introduce some integer variable 0 m u 2. 5. Replace each monomial in f 2m by a new linearised variable, call the result g and add the linear constraint g = 0. 6. For each monomial t = N i=1 x i add a constraint xi t and add a constraint 0 N i=1 x i t N 1. This is the Integer Adapted Standard Conversion [2].
PoSSo as MIP II Example Consider f = ac + a + b + c + 1 u = 2 1. g = M + a + b + c + 1 2m = 0 2. a M 3. c M 4. 0 a + c M 1
PoSSo as MIP III sage : a t t a c h anf2mip. py sage : B.<a, b, c> = B o o l e a n P o l y n o m i a l R i n g ( ) sage : f = a c + a + b sage : bc = B o o l e a n P o l y n o m i a l M I P C o n v e r t e r ( ) sage : p = bc. i n t e g e r a d a p t e d s t a n d a r d c o n v e r s i o n ( [ f ] ) ; p Mixed I n t e g e r Program ( m i n i m i z a t i o n,... sage : p. show ( ) M i n i m i z a t i o n : x 1 +x 2 +x 3 +x 4 C o n s t r a i n t s : 0 <= 2 x 0 +x 1 +x 2 +x 3 <= 0 1 <= x 2 1 x 3 <= 0 1 <= x 2 1 x 4 <= 0 0 <= 1 x 2 +x 3 +x 4 <= 1 V a r i a b l e s : x 0 i s an i n t e g e r v a r i a b l e ( min =0.0, max=1.0) x 1 i s an b o o l e a n v a r i a b l e ( min =0.0, max=1.0) x 2 i s a r e a l v a r i a b l e ( min =0.0, max=1.0) x 3 i s an b o o l e a n v a r i a b l e ( min =0.0, max=1.0) x 4 i s an b o o l e a n v a r i a b l e ( min =0.0, max=1.0)
PoSSo as MIP IV sage : a t t a c h anf2mip. py sage : B.<a, b, c> = B o o l e a n P o l y n o m i a l R i n g ( ) sage : f = a c + a + b + 1 sage : g = a + c + 1 sage : p = bc. i n t e g e r a d a p t e d s t a n d a r d c o n v e r s i o n ( [ f ] ) ; p Mixed I n t e g e r Program (... sage : p. s o l v e ( ) 1. 0 sage : bc. s o l v e ( [ f ] ) CPU Time : 0. 0 0 Wall time : 0. 0 0, Obj : 1. 0 0 {b : 1, c : 0, a : 0} sage : bc. s o l v e ( [ f, g ], s o l v e r= SCIP ) CPU Time : 0. 0 0 Wall time : 0. 0 0, Obj : 1. 0 0 {b : 0, c : 0, a : 1}
Partial Weighted Max-PoSSo as MIP We only need to consider Partial Weighted Max-PoSSo because it is the most general case: Convert each f H to linear constraints as before. For each f i S add a new binary slack variable e i to f i and convert the resulting polynomial as before. The objective function we minimise is c i e i where c i is the value of C(f, x) for some x such that f (x) 0. Any optimal solution x S will be an optimal solution to the Partial Weighted Max-PoSSo problem.
Coldboot as MIP Coldboot Partial Weighted Max-PoSSo MIP This approach is essentially the non-linear generalisation of decoding random linear codes with linear programming [4].
Outline Coldboot Attacks Polynomial System Solving with Noise Mixed Integer Programming Application
Simplifications We do not model E since its representation is often too costly; consequently we have no guarantee that the optimal k returned is indeed the k we are looking for. We do not include all equations available to us but restrict our attention to a subset (e.g. one or two rounds). We may use an aggressive modelling strategy where we assume δ 1 = 0 which allows us to promote some polynomials from S to H. The normal modelling assumes δ 1 = 0 + ɛ.
AES [3] I Core Core
AES [3] II Most of the key schedule is linear. The original key k appears in the output. The S-box size is 8-bit (explicit degree: 7).
AES [3] III N δ 0 aggr limit t r min t avg. t max t 2 0.05 3600.00 59% 50.80 s 2124.90 s 3600.00 s 3 0.15 + 60.0s 63% 1.38 s 8.84 s 41.66 s 4 0.15 + 60.0s 70% 1.78 s 11.77 s 59.16 s 4 0.30 + 600.0s 66% 4.81 s 116.07 s 600.00 s 4 0.30 + 3600.0s 69% 4.86 s 117.68 s 719.99 s 4 0.35 + 600.0s 65% 4.66 s 185.14 s 600.00 s 4 0.35 + 3600.0s 68% 4.45 s 207.07 s 1639.55 s 4 0.40 + 600.0s 47% 4.95 s 284.99 s 600.00 s 4 0.40 + 3600.0s 61% 4.97 s 481.99 s 3600.00 s 5 0.40 + 3600.0s 62% 7.72 s 704.33 s 3600.00 s 4 0.50 + 3600.0s 8% 6.57 s 3074.36 s 3600.00 s 4 0.50 + 7200.0s 13% 6.10 s 5882.66 s 7200.00 s Table: AES considering N rounds of key schedule output.
Serpent [1] I w 8 w 7 w 6 w 5 w 4 w 3 w 2 w 1 φ i w i 8 w i 7 w i 6 w i 5 w i 4 w i 3 w i 2 w i 1 w i 11 w i w i+1 w i+2 w i+3 S k i k i+1 k i+2 k i+3
Serpent [1] II All key schedule output bits depend non-linearly on the input. The original key k does not appear in the output. The S-box size is 4-bit (explicit degree: 3).
Serpent [1] III N δ 0 aggr limit t r min t avg. t max t 12 0.05 600.0s 37% 8.22 s 457.57 s 600.00 s 12 0.15 + 60.0s 84% 0.67 s 11.25 s 60.00 s 16 0.15 + 60.0s 79% 0.88 s 13.49 s 60.00 s 16 8 0.15 + 1800.0s 64% 95.52 s 1089.80 s 1800.00 s 16 0.30 + 600.0s 74% 1.13 s 57.05 s 425.48 s 16 0.50 + 1800.0s 21% 135.41 s 1644.53 s 1800.00 s 16 0.50 + 3600.0s 38% 136.54 s 2763.68 s 3600.00 s Table: Serpent considering 32 N bits of key schedule output
Serpent [1] IV Ad-hoc approach: We wish to recover a 128-bit key, so we need to consider at least 128-bit of output. On average the noise free output should have 64 bits set to zero. In order to consider an error rate up to δ 0, we have to consider δ 0 64 i=0 candidates and test them. If δ 0 = 0.15 we have 2 36.87. If δ 0 = 0.30 we have 2 62. ( ) 64 + δ0 64 i
Thank you for your attention!
Literature I Eli Biham, Ross J. Anderson, and Lars R. Knudsen. Serpent: A new block cipher proposal. In S. Vaudenay, editor, Fast Software Encryption 1998, volume 1372 of Lecture Notes in Computer Science, pages 222 238. Springer Verlag, 1998. Julia Borghoff, Lars R. Knudsen, and Mathias Stolpe. Bivium as a Mixed-Integer Linear programming problem. In Matthew G. Parker, editor, Cryptography and Coding 12th IMA International Conference, volume 5921 of Lecture Notes in Computer Science, pages 133 152, Berlin, Heidelberg, New York, 2009. Springer Verlag. Joan Daemen and Vincent Rijmen. AES Proposal: Rijndael, 9 1999. Available at http://csrc.nist.gov/cryptotoolkit/aes/ rijndael/rijndael-ammended.pdf.
Literature II Jon Feldman. Decoding Error-Correcting Codes via Linear Programming. PhD thesis, Massachusetts Institute of Technology, 2003. J. Alex Halderman, Seth D. Schoen, Nadia Heninger, William Clarkson, William Paul, Joseph A. Calandrino, Ariel J. Feldman, Jacob Appelbaum, and Edward W. Felten. Lest we remember: Cold boot attacks on encryption keys. In Proceedings of 17th USENIX Security Symposium, pages 45 60, 2008.