DeepAI AI Chat
Log In Sign Up

Attacks of the Knights: Exploiting Non Uniform Cache Access Time

by   Farabi Mahmud, et al.
Texas A&M University

Intel Knights Landing Processors have shared last level cache (LLC) across all the tiles using MESIF protocol and uses a mesh network of Caching and Homing Agents(CHA)s. Due to the structure of the network, the cache access is non uniform in nature having significant difference in cache hit times. In this paper, we try to exploit this idea to leak secret from a victim process. First, we show a naive implementation of the attack using a gem5 simulator that achieves 100% accuracy of extracting the secret bits. Then we replicate the attack in a Intel Xeon Phi 7290@ 1.50 GHz Knight's Landing CPU to show the efficacy of the attack. In real machine we can leak the secret from a victim process at 85% accuracy and  350 kbps bandwidth. All the attacks were done on a machine without any root or sudo privileges, so this shows the strength of the attack. This can be further extended to leak secrets from different processes given the vulnerable patterns may exist in many libraries. Other processors with similar architecture (last level distributed cache in mesh networks) can also be vulnerable to similar attack strategy.


MemJam: A False Dependency Attack against Constant-Time Crypto Implementations

Cache attacks exploit memory access patterns of cryptographic implementa...

Volcano: Stateless Cache Side-channel Attack by Exploiting Mesh Interconnect

Cache side-channel attacks lead to severe security threats to the settin...

Dragonblood is Still Leaking: Practical Cache-based Side-Channel in the Wild

Recently, the Dragonblood attacks have attracted new interests on the se...

Frontal Attack: Leaking Control-Flow in SGX via the CPU Frontend

We introduce a new timing side-channel attack on Intel CPU processors. O...

RELOAD+REFRESH: Abusing Cache Replacement Policies to Perform Stealthy Cache Attacks

Caches have become the prime method for unintended information extractio...

Detecting time-fragmented cache attacks against AES using Performance Monitoring Counters

Cache timing attacks use shared caches in multi-core processors as side ...

Packet Chasing: Spying on Network Packets over a Cache Side-Channel

This paper presents Packet Chasing, an attack on the network that does n...