Lord of the Ring(s): Side Channel Attacks on the CPU On-Chip Ring Interconnect Are Practical

TL;DR

This paper demonstrates practical microarchitectural side channel attacks exploiting contention on the CPU ring interconnect, revealing sensitive information such as cryptographic keys and keystrokes by reverse engineering and analyzing contention patterns.

Contribution

It is the first to perform reverse engineering of the ring interconnect and develop a high-capacity covert channel exploiting this previously unexplored side channel.

Findings

Achieved over 4 Mbps covert channel capacity.

Successfully extracted cryptographic keys from EdDSA and RSA.

Inferred keystrokes with high temporal precision.

Abstract

We introduce the first microarchitectural side channel attacks that leverage contention on the CPU ring interconnect. There are two challenges that make it uniquely difficult to exploit this channel. First, little is known about the ring interconnect's functioning and architecture. Second, information that can be learned by an attacker through ring contention is noisy by nature and has coarse spatial granularity. To address the first challenge, we perform a thorough reverse engineering of the sophisticated protocols that handle communication on the ring interconnect. With this knowledge, we build a cross-core covert channel over the ring interconnect with a capacity of over 4 Mbps from a single thread, the largest to date for a cross-core channel not relying on shared memory. To address the second challenge, we leverage the fine-grained temporal patterns of ring contention to infer a victim program's secrets. We demonstrate our attack by extracting key bits from vulnerable EdDSA and RSA implementations, as well as inferring the precise timing of keystrokes typed by a victim user.