Attack of the Knights: Distance based Side Channel Attack on Network-on-Chip

For a distributed last-level cache (LLC) in a large multicore chip, the access time to one LLC bank can significantly differ from that to another. The disparity in access time is due to the different physical distances to the target LLC slices. In this paper, we successfully demonstrate a new distance-based side channel attack by timing a vulnerable version of AES decryption and extracting part of the secret keys on an Intel Knights Landing CPU. We introduce several techniques to overcome the challenges of the attack, including using multiple attack threads to ensure LLC hits of the vulnerable memory locations and to time part of the decryption function. We can show that this attack can extract 4 bytes of AES with 100% accuracy with only 4000 encryptions.