A new vulnerability dubbed as the Lord of the Ring (s) vulnerability has been discovered in Intel CPUs which is related to the ring interconnect that links the various cores on consumer CPUs. Although this is a side-channel vulnerability that is a moderate to trivial security risk, it adds to the growing list of security hazards localized to Intel processors.
It is the first attack that takes advantage of the contention in the interconnection between the cores of Intel CPUs. The attack is not based on memory sharing, cache pools, core-private resources, or any specific uncore structure. As a consequence, it is difficult to mitigate with existing side-channel defenses.
Intel classified our attack as a ‘traditional side channel’ (like TLBleed, Portsmash, etc.),” said Paccagnella. “They treat this class of attacks differently than the class of ‘speculative execution / transient execution attacks’ (such as Specter, Meltdown, etc.). That is, they do not consider traditional side-channel attacks as a significant value for an attacker and already published their suggested guide on how to mitigate them. “Researchers from the University of Illinois
This security risk was discovered by a team of three researchers, namely P.h.D. student Riccardo Paccagnella, Master’s student Licheng Luo, and Professor Christopher Fletcher, all from the University of Illinois. The three investigated the CPU ring bus on Intel consumer CPUs and discovered that it can be abused for side-channel attacks. It can be used to monitor the keystrokes of a user, leading to the possible reconstruction of typed passwords, among other risks. It can also be used to leak cryptographic key bits from RSA and EdDSA which are already known to be vulnerable to side-channel attacks.
However, only a very skilled attacker can pull such an attack which is why it’s listed as a low-security risk. Firstly, you need to know how Intel’s CPU ring bus works which isn’t public knowledge and requires a fair bit of insider info and/or reverse engineering.
Furthermore, Lord of the Ring (s) is a contention-based attack that requires the attacker to monitor the latency of different processes accessing the memory simultaneously. As you can imagine, that is a complicated task as there are a lot of processes leading to significant noise.
The cryptographic attack works with the assumption that Simultaneous Multi-Threading (SMT) is disabled and the L3 cache has been partitioned to defend against multi-core cache-based attacks, while memory sharing between security domains has also been deactivated. It also assumes that the system is configured to clear the target’s cache footprint to prevent cache-based preemptive scheduling attacks.