A Distance-Based Side-Channel Attack in Non Uniform Cache and Possible Defenses

For a distributed last level cache (LLC) in a large multicore chip, the access time to one LLC bank can significantly differ from that to another. The disparity in access time is due to the different physical distances to the target LLC slices. In this paper, we demonstrate the possibility of exploiting such a distance-based side channel, by timing a vulnerable version of AES decryption and extracting part of the secret keys. We introduce several techniques to overcome the challenges of the attack, including using multiple attack threads to ensure LLC hits of the vulnerable memory locations and to time part of the decryption function. We further propose CAMOUFLAGE , an efficient, architectural defense for the proposed distance-based side-channel attack. At runtime, when a potentially leaking memory instruction is executed by a victim function, CAMOUFLAGE uses a combination of jitter and bypass mechanisms to eliminate any LLC hit time difference due to the distance and thereby, prevent the attack. We evaluate two versions of CAMOUFLAGE - CAMOUFLAGE JITTER and CAMOUFLAGE BYPASS using the Gem5 simulator with PARSEC and Rodinia benchmarks and show that they incur performance overheads of 14.14% or none over the baseline.