For a distributed last-level cache (LLC) in a large multicore chip, the access time to one LLC bank can significantly differ from that to another. The disparity in access time is due to the different physical distances to the target LLC slices. In this paper, we successfully demonstrate a new distance-based side channel attack by timing a vulnerable version of AES decryption and extracting part of the secret keys on an Intel Knights Landing CPU. We introduce several techniques to overcome the challenges of the attack, including using multiple attack threads to ensure LLC hits of the vulnerable memory locations and to time part of the decryption function. We can show that this attack can extract 4 bytes of AES with 100% accuracy with only 4000 encryptions.

翻译：对于大型多核芯片中的分布式末级缓存（LLC），访问不同LLC存储体的时间可能存在显著差异。这种访问时间差异源于目标LLC片段的物理距离不同。本文通过在英特尔Knights Landing CPU上对易受攻击的AES解密版本进行计时攻击，成功验证了一种新型基于距离的侧信道攻击，并提取了部分密钥。我们引入了多种技术来克服攻击挑战，包括使用多个攻击线程确保易受攻击内存位置的LLC命中，以及对解密函数的部分计时。实验表明，该攻击仅需4000次加密即可100%准确提取4字节AES密钥。