In contrast to widespread believe, the contents of DRAM memory decays only rather slowly after the power supply has been removed. If DRAM modules are cooled to low temperature a snapshot of the memory contents can be read where only a fraction of the bits have decayed after seconds or even minutes. This so called remanence effect is exploited cold boot attacks. In these attacks, the attacker gets hold of the decayed memory contents at a moment, when the operating system cannot guarantee protection of memory access, e.g. after a reboot or after physically removing the DRAM modules from the computer.
Once the partially decayed memory dump have been stored to permanent memory, the attacker can try to find sensitive data – in particular secret encryption keys – in the memory dump. The process if of finding possibly cryptographic keys and recovering the errors introduced by the decay in the memory is very time consuming, which makes cold boot attacks hard to infeasible for high decay rates. We implemented an FPGA-accelerated method for finding an reconstructing decayed AES keys in decayed memory that accelerates cold boot attacks by orders of magnitude over a CPU implementation.