Attack of the Knights:Non Uniform Cache Side Channel Attack
Authors: 
Farabi Mahmud, Sungkeun Kim, Harpreet Singh Chawla, Eun Jung Kim, Chia-Che Tsai, and Abdullah MuzahidAuthors Info & Claims
Farabi Mahmud, Sungkeun Kim, Harpreet Singh Chawla, Eun Jung Kim, Chia-Che Tsai, and Abdullah MuzahidAuthors Info & ClaimsDecember 2023
Pages 691 - 703
Abstract
For a distributed last-level cache (LLC) in a large multicore chip, the access time to one LLC bank can significantly differ from that to another due to the difference in physical distance. In this paper, we successfully demonstrate a new distance-based side-channel attack by timing the AES decryption operation and extracting part of an AES secret key on an Intel Knights Landing CPU. We introduce several techniques to overcome the challenges of the attack, including the use of multiple attack threads to ensure LLC hits, to detect vulnerable memory locations, and to obtain fine-grained timing of the victim operations. While operating as a covert channel, this attack can reach a bandwidth of 205 KBPS with an error rate of only 0.02%. We also observed that the side-channel attack can extract 4 bytes of an AES key with 100% accuracy with only 4000 trial rounds of encryption.
References
[1]
[n. d.]. AMD Ryzen. https://www.amd.com/en/products/cpu/amd-epyc-7742. https://www.amd.com/en/processors/ryzen
[2]
[n. d.]. Ampere Altra Review. https://www.anandtech.com/show/16315/the-ampere-altra-review/3. https://www.anandtech.com/show/16315/the-ampere-altra-review/3
[3]
[n. d.]. Intel Xeon PHi. https://ark.intel.com/content/www/us/en/ark/products/series/75557/intel-xeon-phi-processors.html. https://ark.intel.com/content/www/us/en/ark/products/series/75557/intel-xeon-phi-processors.html
[4]
Omar G Abood and Shawkat K Guirguis. 2018. A survey on cryptography algorithms. International Journal of Scientific and Research Publications 8, 7 (2018), 495–516.
[5]
Onur Acıiçmez and Werner Schindler. 2008. A vulnerability in RSA implementations due to instruction cache analysis and its demonstration on OpenSSL. In Cryptographers’ Track at the RSA Conference. Springer, 256–273.
[6]
Hassan Aly and Mohammed ElGayyar. 2013. Attacking aes using bernstein’s attack on modern processors. In Progress in Cryptology–AFRICACRYPT 2013: 6th International Conference on Cryptology in Africa, Cairo, Egypt, June 22-24, 2013. Proceedings 6. Springer, 127–139.
[7]
Mohamed Arafa, Bahaa Fahim, Sailesh Kottapalli, Akhilesh Kumar, Lily P Looi, Sreenivas Mandava, Andy Rudoff, Ian M Steiner, Bob Valentine, Geetha Vedaraman, 2019. Cascade lake: Next generation intel xeon scalable processor. IEEE Micro 39, 2 (2019), 29–36.
[8]
Daniel J. Bernstein. 2005. Cache-timing attacks on AES.
[9]
Nathan Binkert, Bradford Beckmann, Gabriel Black, Steven K Reinhardt, Ali Saidi, Arkaprava Basu, Joel Hestness, Derek R Hower, Tushar Krishna, Somayeh Sardashti, 2011. The gem5 simulator. ACM SIGARCH computer architecture news 39, 2 (2011), 1–7.
[10]
Joseph Bonneau and Ilya Mironov. 2006. Cache-Collision Timing Attacks against AES. In Proceedings of the 8th International Conference on Cryptographic Hardware and Embedded Systems (Yokohama, Japan) (CHES’06). Springer-Verlag, Berlin, Heidelberg, 201–215. https://doi.org/10.1007/11894063_16
[11]
Shekhar Borkar. 1999. Design challenges of technology scaling. IEEE micro 19, 4 (1999), 23–29.
[12]
Ferdinand Brasser, Urs Müller, Alexandra Dmitrienko, Kari Kostiainen, Srdjan Capkun, and Ahmad-Reza Sadeghi. 2017. Software grand exposure:{ SGX} cache attacks are practical. In 11th { USENIX} Workshop on Offensive Technologies ({ WOOT} 17).
[13]
Samira Briongos, Pedro Malagón, José M Moya, and Thomas Eisenbarth. 2020. Reload+ refresh: Abusing cache replacement policies to perform stealthy cache attacks. In Proceedings of the 29th USENIX Conference on Security Symposium. 1967–1984.
[14]
Shuai Che, Michael Boyer, Jiayuan Meng, David Tarjan, Jeremy W Sheaffer, Sang-Ha Lee, and Kevin Skadron. 2009. Rodinia: A benchmark suite for heterogeneous computing. In 2009 IEEE international symposium on workload characterization (IISWC). Ieee, 44–54.
[15]
Intel Corporation. June, 2023. Intel© 64 and IA-32 Architectures Software Developer’s Manual. Accessed on 2023-09-18.
[16]
Joan Daemen and Vincent Rijmen. 1999. AES proposal: Rijndael. (1999).
[17]
Miles Dai, Riccardo Paccagnella, Miguel Gomez-Garcia, John McCalpin, and Mengjia Yan. 2022. Don’t Mesh Around:{ Side-Channel} Attacks and Mitigations on Mesh Interconnects. In 31st USENIX Security Symposium (USENIX Security 22). 2857–2874.
[18]
Douglas Doerfler, Brian Austin, Brandon Cook, Jack Deslippe, Krishna Kandalla, and Peter Mendygral. 2018. Evaluating the networking characteristics of the Cray XC-40 Intel Knights Landing-based Cori supercomputer at NERSC. Concurrency and Computation: Practice and Experience 30, 1 (2018), e4297.
[19]
Michael Godfrey and Mohammad Zulkernine. 2013. A server-side solution to cache-based side-channel attacks in the cloud. In 2013 IEEE Sixth International Conference on Cloud Computing. IEEE, 163–170.
[20]
James Goodman and HHJ Hum. 2004. Mesif: A two-hop cache coherency protocol for point-to-point interconnects (2004). (2004).
[21]
Ben Gras, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, 2018. Translation Leak-aside Buffer: Defeating Cache Side-channel Protections with TLB Attacks. In USENIX Security Symposium, Vol. 216.
[22]
Daniel Gruss, Julian Lettner, Felix Schuster, Olga Ohrimenko, Istvan Haller, and Manuel Costa. 2017. Strong and Efficient Cache Side-Channel Protection using Hardware Transactional Memory. In USENIX Security Symposium. 217–233.
[23]
Daniel Gruss, Clémentine Maurice, Klaus Wagner, and Stefan Mangard. 2016. Flush+ Flush: a fast and stealthy cache attack. In International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment. Springer, 279–299.
[24]
Daniel Gruss, Raphael Spreitzer, and Stefan Mangard. 2015. Cache template attacks: Automating attacks on inclusive last-level caches. In 24th { USENIX} Security Symposium ({ USENIX} Security 15). 897–912.
[25]
Shay Gueron. 2008. Advanced encryption standard (AES) instructions set. Intel, http://softwarecommunity. intel. com/articles/eng/3788. htm, accessed 25 (2008).
[26]
David Gullasch, Endre Bangerter, and Stephan Krenn. 2011. Cache games–bringing access-based cache attacks on AES to practice. In 2011 IEEE Symposium on Security and Privacy. IEEE, 490–505.
[27]
Berk Gülmezoğlu, Mehmet Sinan undefinednci, Gorka Irazoqui, Thomas Eisenbarth, and Berk Sunar. 2015. A Faster and More Realistic Flush+Reload Attack on AES. In Revised Selected Papers of the 6th International Workshop on Constructive Side-Channel Analysis and Secure Design - Volume 9064 (Berlin, Germany) (COSADE 2015). Springer-Verlag, Berlin, Heidelberg, 111–126. https://doi.org/10.1007/978-3-319-21476-4_8
[28]
Yanan Guo, Andrew Zigerelli, Youtao Zhang, and Jun Yang. 2022. Adversarial prefetch: New cross-core cache side channel attacks. In 2022 IEEE Symposium on Security and Privacy (SP). IEEE, 1458–1473.
[29]
Trevor Hastie, Saharon Rosset, Ji Zhu, and Hui Zou. 2009. Multi-class adaboost. Statistics and its Interface 2, 3 (2009), 349–360.
[30]
Andrew Herdrich, Edwin Verplanke, Priya Autee, Ramesh Illikkal, Chris Gianos, Ronak Singhal, and Ravi Iyer. 2016. Cache QoS: From concept to reality in the Intel® Xeon® processor E5-2600 v3 product family. In 2016 IEEE International Symposium on High Performance Computer Architecture (HPCA). IEEE, 657–668.
[31]
Bruce Hoeneisen and Carver A Mead. 1972. Fundamental limitations in microelectronics—I. MOS technology. Solid-State Electronics 15, 7 (1972), 819–829.
[32]
Marcos Horro, Mahmut T Kandemir, Louis-Noël Pouchet, Gabriel Rodríguez, and Juan Touriño. 2019. Effect of distributed directories in mesh interconnects. In Proceedings of the 56th Annual Design Automation Conference 2019. 1–6.
[33]
CAT Intel. 2015. Improving real-time performance by utilizing cache allocation technology. Intel Corporation, April (2015).
[34]
Gorka Irazoqui, Mehmet Sinan Inci, Thomas Eisenbarth, and Berk Sunar. 2014. Wait a minute! A fast, Cross-VM attack on AES. In International Workshop on Recent Advances in Intrusion Detection. Springer, 299–319.
[35]
Gorka Irazoqui, Mehmet Sinan Inci, Thomas Eisenbarth, and Berk Sunar. 2014. Wait a Minute! A fast, Cross-VM Attack on AES. In Research in Attacks, Intrusions and Defenses, Angelos Stavrou, Herbert Bos, and Georgios Portokalidis (Eds.). Springer International Publishing, Cham, 299–319.
[36]
Aamer Jaleel, Matthew Mattina, and Bruce Jacob. 2006. Last level cache (llc) performance of data mining workloads on a cmp-a case study of parallel bioinformatics workloads. In The Twelfth International Symposium on High-Performance Computer Architecture, 2006. IEEE, 88–98.
[37]
Nan Jiang, Daniel U Becker, George Michelogiannakis, James Balfour, Brian Towles, David E Shaw, John Kim, and William J Dally. 2013. A detailed and flexible cycle-accurate network-on-chip simulator. In 2013 IEEE international symposium on performance analysis of systems and software (ISPASS). IEEE, 86–96.
[38]
Ji-Sun Kang, Hunjoo Myung, and Jin-Hee Yuk. 2021. Examination of computational performance and potential applications of a global numerical weather prediction model MPAS using KISTI Supercomputer NURION. Journal of Marine Science and Engineering 9, 10 (2021), 1147.
[39]
Mehmet Kayaalp, Dmitry Ponomarev, Nael Abu-Ghazaleh, and Aamer Jaleel. 2016. A high-resolution side-channel attack on last-level cache. In 2016 53nd ACM/EDAC/IEEE Design Automation Conference (DAC). IEEE, 1–6.
[40]
Richard E Kessler and Mark D Hill. 1992. Page placement algorithms for large real-indexed caches. ACM Transactions on Computer Systems (TOCS) 10, 4 (1992), 338–359.
[41]
Changkyu Kim, Doug Burger, and Stephen W Keckler. 2002. An adaptive, non-uniform cache structure for wire-delay dominated on-chip caches. In Proceedings of the 10th international conference on Architectural support for programming languages and operating systems. 211–222.
[42]
Taesoo Kim, Marcus Peinado, and Gloria Mainar-Ruiz. 2012. { STEALTHMEM} : System-level protection against cache-based side channel attacks in the cloud. In 21st { USENIX} Security Symposium ({ USENIX} Security 12). 189–204.
[43]
Vladimir Kiriansky, Ilia Lebedev, Saman Amarasinghe, Srinivas Devadas, and Joel Emer. 2018. DAWG: A defense against cache timing attacks in speculative execution processors. In 2018 51st Annual IEEE/ACM International Symposium on Microarchitecture (MICRO). IEEE, 974–987.
[44]
Daesung Kwon, Jaesung Kim, Sangwoo Park, Soo Hak Sung, Yaekwon Sohn, Jung Hwan Song, Yongjin Yeom, E-Joong Yoon, Sangjin Lee, Jaewon Lee, 2004. New block cipher: ARIA. In Information Security and Cryptology-ICISC 2003: 6th International Conference, Seoul, Korea, November 27-28, 2003. Revised Papers 6. Springer, 432–445.
[45]
ARM Limited. 2001. ARM© Developer Suite. Accessed on 2023-09-18.
[46]
Fangfei Liu, Qian Ge, Yuval Yarom, Frank Mckeen, Carlos Rozas, Gernot Heiser, and Ruby B Lee. 2016. Catalyst: Defeating last-level cache side channel attacks in cloud computing. In 2016 IEEE international symposium on high performance computer architecture (HPCA). IEEE, 406–418.
[47]
Fangfei Liu, Yuval Yarom, Qian Ge, Gernot Heiser, and Ruby B Lee. 2015. Last-level cache side-channel attacks are practical. In 2015 IEEE symposium on security and privacy. IEEE, 605–622.
[48]
James Lujan, Manuel Vigil, Garrett Kenyon, Karissa Sanbonmatsu, and Brian Albright. 2017. Trinity Supercomputer Now Fully Operational. Technical Report. Los Alamos National Lab.(LANL), Los Alamos, NM (United States).
[49]
Andrew Marshall, Michael Howard, Grant Bugher, Brian Harden, Charlie Kaufman, Martin Rues, and Vittorio Bertocci. 2010. Security best practices for developing windows azure applications. Microsoft Corp 42 (2010), 12–15.
[50]
Shiho Moriai, Akihiro Kato, and Masayuki Kanda. 2005. Addition of Camellia cipher suites to transport layer security (TLS). Technical Report.
[51]
Hassan Mujtaba. [n. d.]. Intel Skylake-X and Skylake-SP Mesh Architecture For XCC “Extreme Core Count" CPUs Detailed – Features Higher Efficiency, Higher Bandwidth and Lower Latency. https://wccftech.com/intel-skylake-x-skylake-sp-mesh-architecture-interconnect/
[52]
Naveen Muralimanohar and Rajeev Balasubramonian. 2007. Interconnect design considerations for large NUCA caches. ACM SIGARCH Computer Architecture News 35, 2 (2007), 369–380.
[53]
Michael Neve and Jean-Pierre Seifert. 2006. Advances on access-driven cache attacks on AES. In International Workshop on Selected Areas in Cryptography. Springer, 147–162.
[54]
Dag Arne Osvik, Adi Shamir, and Eran Tromer. 2006. Cache attacks and countermeasures: the case of AES. In Cryptographers’ track at the RSA conference. Springer, 1–20.
[55]
Riccardo Paccagnella, Licheng Luo, and Christopher W. Fletcher. 2021. Lord of the Ring(s): Side Channel Attacks on the CPU On-Chip Ring Interconnect Are Practical. In 30th USENIX Security Symposium (USENIX Security 21). USENIX Association. https://www.usenix.org/conference/usenixsecurity21/presentation/paccagnella
[56]
Matt Caswell Pauli Dale. Jan 30,2022. aes: make the no-asm constant time code path not the default. https://github.com/openssl/openssl/commit/1f7c5c56c7365fefd9cff9bea4d3d27346ca44d1. Accessed on 2023-09-18.
[57]
Colin Percival. 2005. Cache missing for fun and profit.
[58]
Moinuddin K Qureshi. 2019. New attacks and defense for encrypted-address cache. In Proceedings of the 46th International Symposium on Computer Architecture. 360–371.
[59]
Cezar Reinbrecht, Altamiro Susin, Lilian Bossuet, Georg Sigl, and Johanna Sepúlveda. 2016. Side channel attack on NoC-based MPSoCs are practical: NoC Prime+ Probe attack. In 2016 29th Symposium on Integrated Circuits and Systems Design (SBCCI). IEEE, 1–6.
[60]
TIRIAS Research. 2018. AMD Optimizes EPYC Memory with NUMA. Available at https://www.amd.com/system/files/2018-03/AMD-Optimizes-EPYC-Memory-With-NUMA.pdf (2021/08/12). https://www.amd.com/system/files/2018-03/AMD-Optimizes-EPYC-Memory-With-NUMA.pdf
[61]
Bruce Schneier. 2005. Description of a new variable-length key, 64-bit block cipher (Blowfish). In Fast Software Encryption: Cambridge Security Workshop Cambridge, UK, December 9–11, 1993 Proceedings. Springer, 191–204.
[62]
Michael Schwarz, Samuel Weiser, Daniel Gruss, Clémentine Maurice, and Stefan Mangard. 2017. Malware guard extension: Using SGX to conceal cache attacks. In International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment. Springer, 3–24.
[63]
Avinash Sodani. 2015. Knights landing (knl): 2nd generation intel® xeon phi processor. In 2015 IEEE Hot Chips 27 Symposium (HCS). IEEE, 1–24.
[64]
Dan Stanzione, Bill Barth, Niall Gaffney, Kelly Gaither, Chris Hempel, Tommy Minyard, Susan Mehringer, Eric Wernert, H Tufo, D Panda, 2017. Stampede 2: The evolution of an xsede supercomputer. In Proceedings of the Practice and Experience in Advanced Research Computing 2017 on Sustainability, Success and Impact. 1–8.
[65]
Emil Stefanov, Marten Van Dijk, Elaine Shi, T.-H. Hubert Chan, Christopher Fletcher, Ling Ren, Xiangyao Yu, and Srinivas Devadas. 2018. Path ORAM: An Extremely Simple Oblivious RAM Protocol. J. ACM 65, 4, Article 18 (April 2018), 26 pages. https://doi.org/10.1145/3177872
[66]
Simon M Tam, Harry Muljono, Min Huang, Sitaraman Iyer, Kalapi Royneogi, Nagmohan Satti, Rizwan Qureshi, Wei Chen, Tom Wang, Hubert Hsieh, 2018. SkyLake-SP: A 14nm 28-Core xeon® processor. In 2018 IEEE International Solid-State Circuits Conference-(ISSCC). IEEE, 34–36.
[67]
Eran Tromer, Dag Arne Osvik, and Adi Shamir. 2010. Efficient cache attacks on AES, and countermeasures. Journal of Cryptology 23, 1 (2010), 37–71.
[68]
Joop Van de Pol, Nigel P Smart, and Yuval Yarom. 2015. Just a little bit more. In Cryptographers’ Track at the RSA Conference. Springer, 3–21.
[69]
Zhenghong Wang and Ruby B Lee. 2007. New cache designs for thwarting software cache-based side channel attacks. In Proceedings of the 34th annual international symposium on Computer architecture. 494–505.
[70]
Hassan MG Wassel, Ying Gao, Jason K Oberg, Ted Huffmire, Ryan Kastner, Frederic T Chong, and Timothy Sherwood. 2013. Surfnoc: A low latency and provably non-interfering approach to secure networks-on-chip. ACM SIGARCH Computer Architecture News 41, 3 (2013), 583–594.
[71]
Wenjie Xiong and Jakub Szefer. 2020. Leaking information through cache LRU states. In 2020 IEEE International Symposium on High Performance Computer Architecture (HPCA). IEEE, 139–152.
[72]
Fan Yao, Milos Doroslovacki, and Guru Venkataramani. 2018. Are coherence protocol states vulnerable to information leakage?. In 2018 IEEE International Symposium on High Performance Computer Architecture (HPCA). IEEE, 168–179.
[73]
Yuval Yarom and Naomi Benger. 2014. Recovering OpenSSL ECDSA Nonces Using the FLUSH+ RELOAD Cache Side-channel Attack.IACR Cryptol. ePrint Arch. 2014 (2014), 140.
[74]
Yuval Yarom and Katrina Falkner. 2014. FLUSH+ RELOAD: A high resolution, low noise, L3 cache side-channel attack. In 23rd { USENIX} Security Symposium ({ USENIX} Security 14). 719–732.
[75]
Danfeng Zhang, Aslan Askarov, and Andrew C Myers. 2011. Predictive mitigation of timing channels in interactive systems. In Proceedings of the 18th ACM conference on Computer and communications security. 563–574.
[76]
Yinqian Zhang, Ari Juels, Michael K Reiter, and Thomas Ristenpart. 2012. Cross-VM side channels and their use to extract private keys. In Proceedings of the 2012 ACM conference on Computer and communications security. 305–316.
[77]
Yinqian Zhang, Ari Juels, Michael K Reiter, and Thomas Ristenpart. 2014. Cross-tenant side-channel attacks in PaaS clouds. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security. 990–1003.
Index Terms
- Attack of the Knights:Non Uniform Cache Side Channel Attack
Index terms have been assigned to the content through auto-classification.
Recommendations
Collaborative Client-Side DNS Cache Poisoning Attack
IEEE INFOCOM 2019 - IEEE Conference on Computer CommunicationsDNS poisoning attacks inject malicious entries into the DNS resolution system, allowing an attacker to redirect clients to malicious servers. These attacks typically target a DNS resolver allowing attackers to poison a DNS entry for all machines that use ...
A high-resolution side-channel attack on last-level cache
DAC '16: Proceedings of the 53rd Annual Design Automation ConferenceRecently demonstrated side-channel attacks on shared Last Level Caches (LLCs) work under a number of constraints on both the system and the victim behavior that limit their applicability. This paper demonstrates on a real system a new high-resolution ...
Low-Noise LLC Side-Channel Attack with Perf
Information Security ApplicationsAbstractMany cache side-channel attacks have been proposed, and they threaten sensitive programs in real-world. The success of the attacks depends on how accurately to decide whether a set of cache lines are in cache or not. However, external factors ...
Comments
Information & Contributors
Information
Published In
December 2023
836 pages
ISBN:9798400708862
DOI:10.1145/3627106
Copyright © 2023 Owner/Author.
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike International 4.0 License.
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 04 December 2023
Check for updates
Badges
Qualifiers
- Research-article
- Research
- Refereed limited
Funding Sources
- NSF
Conference
ACSAC '23
Acceptance Rates
Overall Acceptance Rate 104 of 497 submissions, 21%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 349Total Downloads
- Downloads (Last 12 months)349
- Downloads (Last 6 weeks)30
Other Metrics
Citations
View Options
View options
View or Download as a PDF file.
PDFeReader
View online with eReader.
eReaderHTML Format
View this article in HTML Format.
HTML FormatGet Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in