Hard­ware Ac­cel­er­ated Cold-Boot At­tacks (Open Source Hard­ware and Soft­ware Re­lease)

Computers are nowadays involved in nearly all aspects of our everyday life with the growth of new technology and algorithms. They have brought enormous benefits in various fields, including health care, travel, business or artificial intelligence. However, there is also a downside of the medal: Computer systems are constantly under threats of unintentional errors and criminal activities. Thus, their protection and especially the protection of the information they store gains more and more importance in our modern society. Computer security is not only a highly relevant topic in industry and science, but also attracts the attention of everyday users.

Over the last years, we have worked in the area of hardware accelerated cryptographic attacks. In particular, we have studied so-called cold-boot attacks and how they can be accelerated with the help of field programmable gate arrays (FPGAs).

The key idea of these cold-boot attacks is to break encrypted systems by obtaining remains of the secret key from main memory and to reconstruct the secret key afterwards. If successful, full disk encryption or encrypted communication (e.g. WLAN, HTTPS, SSH or VOIP) can be easily circumvented since the encryption key is revealed. In software, the reconstruction can be performed using a recursive, branch-and-bound tree-search algorithm that exploits redundancies for constraining the search space. However, the runtime of these algorithms grows rapidly with increasing complexity of the problem instance, which limits the practicability of the approach on conventional hardware. Therefore, we investigate how this branch-and bound algorithm can be accelerated with FPGAs.

Full source code now available online

The source code of our software and hardware implementations as well as our evaluation data and a demo application are now available online at github.com/pc2/coldboot. As special features, we

  • explore hardware (FPGA) workers that autonomously cooperate using work stealing to allow parallel execution and full utilization of the target FPGA,
  • show the advantages of instance-specific designs that target a specific problem instance to improve performance, and finally
  • demonstrate how instance-specific designs can be generated just-in-time such that the provided speedups outweigh the additional time required for design synthesis.

All hardware designs are compared against highly optimized parallel software implementations using Intel Cilk Plus. Our evaluation shows that our work stealing approach is scalable with the available FPGA resources and provides speedups proportional to the number of workers. 

Further information 

More information about our work on hardware accelerated cryptographic attacks can be found on the project’s webpage. Details on our work stealing and instance-specific designs are described in more depth in our upcoming publication in the ACM Transactions on Reconfigurable Technology and Systems (TRETS).

Cooling main memory prior to extraction.