FPGA-accelerated Cold boot attacks

In contrast to widespread believe, the contents of DRAM memory decays only rather slowly after the power supply has been removed. If DRAM modules are cooled to low temperature a snapshot of the memory contents can be read where only a fraction of the bits have decayed after seconds or even minutes. This so called remanence effect is exploited cold boot attacks. In these attacks, the attacker gets hold of the decayed memory contents at a moment, when the operating system cannot guarantee protection of memory access, e.g. after a reboot or after physically removing the DRAM modules from the computer.

Once the partially decayed memory dump have been stored to permanent memory, the attacker can try to find sensitive data – in particular secret encryption keys – in the memory dump. The process if of finding possibly cryptographic keys and recovering the errors introduced by the decay in the memory is very time consuming, which makes cold boot attacks hard to infeasible for high decay rates. We implemented an FPGA-accelerated method for  finding an reconstructing decayed AES keys in decayed memory that accelerates cold boot attacks by orders of magnitude over a CPU implementation.

Binary Acceleration at Runtime

BAAR (Binary Acceleration at Runtime) is an LLVM-based framework for transparent acceleration of binary applications using massively parallel accelerators (currently Xeon Phi). To this end, BAAR analyzes an application in LLVM binary format, identifies the computationally expensive functions (hotspots), and generates a parallelized and vectorized implementations of the hotspots on-the-fly targeting the Intel Xeon Phi accelerator. Once the code generation has finished, the application is transparently modified to offload the hotspot to the accelerator.

The architecture of BAAR has been published in the following scientific papers:

  • M. Damschen and C. Plessl. Easy-to-use on-the-fly binary program acceleration on many-cores. In Proc. Int. Workshop on Adaptive Self-tuning Computing Systems, Jan. 2015.
  • M. Damschen, H. Riebler, G. Vaz, and C. Plessl. Transparent offloading of computational hotspots from binary code to Xeon Phi. In Proc. Design, Automation and Test in Europe Conf. (DATE), pages 1078–1083. EDA Consortium, Mar. 2015.