Attack of the Knights:Non Uniform Cache Side Channel Attack
For a distributed last-level cache (LLC) in a large multicore chip, the access time to one LLC bank can significantly differ from that to another due to difference in physical distance. In this paper, we successfully demonstrated a new distance-based side-channel attack by timing AES decryption operation and extracting part of the AES secret keys on an Intel Knights Landing CPU. We introduce several techniques to overcome the challenges of the attack, including use of multiple attack threads to ensure LLC hits of the vulnerable memory locations and time part of the decryption operation. While operating as a covert channel, this attack can reach a bandwidth of 205 kbps with an error rate of 0.02% only. We also observed that the side-channel attack can extract 4 bytes of an AES key with 100% accuracy with only 4000 trial rounds of encryption.