For a distributed last-level cache (LLC) in a large multicore chip, the access time to one LLC bank can significantly differ from that to another due to the difference in physical distance. In this paper, we successfully demonstrated a new distance-based side-channel attack by timing the AES decryption operation and extracting part of an AES secret key on an Intel Knights Landing CPU. We introduce several techniques to overcome the challenges of the attack, including the use of multiple attack threads to ensure LLC hits, to detect vulnerable memory locations, and to obtain fine-grained timing of the victim operations. While operating as a covert channel, this attack can reach a bandwidth of 205 kbps with an error rate of only 0.02%. We also observed that the side-channel attack can extract 4 bytes of an AES key with 100% accuracy with only 4000 trial rounds of encryption

翻译：针对大型多核芯片中分布式末级缓存（LLC），由于物理距离差异，不同LLC存储体的访问时间存在显著差异。本文通过计时AES解密操作并在Intel Knights Landing CPU上成功提取部分AES密钥，证明了一种新型基于距离的侧信道攻击。我们引入多项技术以克服攻击挑战，包括使用多攻击线程确保LLC命中、检测易受攻击的内存位置，以及获取受害者操作的细粒度时序。当作为隐蔽信道运行时，该攻击可达205 kbps的带宽，且错误率仅为0.02%。我们还观察到，该侧信道攻击仅需4000次加密试验即可100%准确提取AES密钥中的4个字节。