Researchers Discover Intel CPU Ring Interconnects Vulnerable To Side Channel Attack
University of Illinois researchers have discovered that Intel's CPU ring interconnects are vulnerable to exploit by side-channel attacks. This opens a whole new can of worms with the cross-core interconnect now being vulnerable to exploit but so far Intel doesn't appear to be overly concerned and there are some open questions on whether this interconnect exploit would still work with the latest Intel Xeon processors.
The university researchers believe their new side-channel attack vector could lead to encryption keys being leaked among other sensitive information. Existing side channel mitigations don't effectively protect against this "Lord of the Ring(s)" vulnerability.
Intel supported the researchers in their mission while the company found their findings to just be another side channel. The research was also focused on Skylake/Coffeelake era processors and not more recent Intel Xeon CPUs so at this point it isn't clear if the very latest Intel processors remain vulnerable.
As far as whether AMD processors are also vulnerable, the researchers stated: "AMD CPUs utilize other proprietary technologies known as Infinity Fabric/Architecture for their on-chip interconnect. Investigating the feasibility of our attack on these platforms requires future work. However, the techniques we use to build our contention model can be applied on these platforms too."
The researchers published their experimental code on GitHub while the research paper is Lord of the Ring(s): Side Channel Attacks on the CPU On-Chip Ring Interconnect Are Practical ahead of USENIX Security 2021.
The university researchers believe their new side-channel attack vector could lead to encryption keys being leaked among other sensitive information. Existing side channel mitigations don't effectively protect against this "Lord of the Ring(s)" vulnerability.
Intel supported the researchers in their mission while the company found their findings to just be another side channel. The research was also focused on Skylake/Coffeelake era processors and not more recent Intel Xeon CPUs so at this point it isn't clear if the very latest Intel processors remain vulnerable.
As far as whether AMD processors are also vulnerable, the researchers stated: "AMD CPUs utilize other proprietary technologies known as Infinity Fabric/Architecture for their on-chip interconnect. Investigating the feasibility of our attack on these platforms requires future work. However, the techniques we use to build our contention model can be applied on these platforms too."
In this paper, we introduced side channel attacks on the ring interconnect. We reverse engineered the ring interconnect’s protocols to reveal the conditions for two processes to incurring contention. We used these findings to build a covert channel with a capacity of over 4 Mbps, the largest to date for cross-core channels not relying on shared memory. We also showed that the temporal trends of ring contention can be used to leak key bits from vulnerable EdDSA/RSA implementations as well as the timing of keystrokes typed by a user. We have disclosed our results to Intel
The researchers published their experimental code on GitHub while the research paper is Lord of the Ring(s): Side Channel Attacks on the CPU On-Chip Ring Interconnect Are Practical ahead of USENIX Security 2021.
18 Comments