Attack of the Knights: A Non Uniform Cache Side-Channel Attack
This addresses a security vulnerability in multicore CPUs for systems relying on cryptographic operations, representing a novel attack method rather than an incremental improvement.
The paper tackled the problem of distance-based side-channel attacks on distributed last-level caches in multicore chips, successfully extracting part of an AES secret key on an Intel Knights Landing CPU with 100% accuracy for 4 bytes using 4000 trial rounds and achieving a covert channel bandwidth of 205 kbps with a 0.02% error rate.
For a distributed last-level cache (LLC) in a large multicore chip, the access time to one LLC bank can significantly differ from that to another due to the difference in physical distance. In this paper, we successfully demonstrated a new distance-based side-channel attack by timing the AES decryption operation and extracting part of an AES secret key on an Intel Knights Landing CPU. We introduce several techniques to overcome the challenges of the attack, including the use of multiple attack threads to ensure LLC hits, to detect vulnerable memory locations, and to obtain fine-grained timing of the victim operations. While operating as a covert channel, this attack can reach a bandwidth of 205 kbps with an error rate of only 0.02%. We also observed that the side-channel attack can extract 4 bytes of an AES key with 100% accuracy with only 4000 trial rounds of encryption