A practical cold boot attack on RSA private keys

In cold boot attacks, attackers attempt to retrieve encryption keys from the memory after the system is powered off. One representative cold boot attack, known as HMM algorithm, can break RSA with success probabilities as high as 82%. However, it, like other cold boot attacks, uses the symmetric memory decay model, which assumes that a bit is equally likely to change from 1 to 0 and from 0 to 1. It also requires that the bit error probability to be relatively small, which means that the attack must be launched within seconds of system power off. In this paper, we first show that under more realistic assumptions, HMM's success probability drops to 2.3%. We then propose a practical improvement of HMM algorithm with a proven lower bound on success probability and low runtime complexity. We conduct simulation and the results confirm that our approach improves HMM's chance of breaking RSA to 49.96%. © 2017 IEEE.