1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
|
AESFix 1.0.1 (2008-07-18)
By Nadia Heninger and J. Alex Halderman
This program illustrates a technique for correcting bit errors in an
AES key schedule, as described in Section 5.2 of the research paper:
J. A. Halderman, S. D. Schoen, N. Heninger, W. Clarkson, W. Paul,
J. A. Calandrino, A. J. Feldman, J. Appelbaum, and E. W. Felten.
"Lest We Remember: Cold-Boot Attacks on Encryption Keys."
Proc. 17th USENIX Security Symposium (Sec '08), San Jose, CA, July 2008.
For more information, see: http://citp.princeton.edu/memory/
This program is a simplified version of our algorithm. It is limited
to AES-128 key schedules, and it can only correct unidirectional 1->0
bit errors. For the most part it has been optimized for readability
rather than performance.
The algorithm has these major steps:
1. Given a key schedule containing bit errors, divide the schedule
into four 7-bit "slices", each of which should be uniquely
determined by its first four bits.
2. For increasing number of errors w to the key (round 0) bytes:
a. List possible "decoded" values that could have suffered w
or fewer unidirectional errors to form the slice.
b. Consider all the key schedules generated by combinations of
these decodings. If one could have decayed into the key
schedule that we're trying to repair, output it and stop.
USAGE:
aesfix SCHEDULE-FILE
Corrects bit errors in an AES key schedule read from the
specified hex-encoded file.
SAMPLES:
The samples/ directory contains example input files. Each is labeled
with the number of bit errors from a correct AES-128 key schedule.
|
