Door Knock: Reverse Engineering the MPSoC Layout Through Timing Attack on NoC

Multiprocessor systems-on-chip (MPSoC) have emerged as highly versatile and efficient platforms suitable for a wide range of applications like multimedia applications and telecommunication architectures. One of the key components in MPSoC is the network-on-chip (NoC), which facilitates the interconnection of various processing elements (PEs), enabling efficient data communication. Several timing attacks, such as Earthquake attack, P+P Firecracker, and P+P Arrow, have been proposed on NoC that exploit the variations in execution times of operations to infer cryptographic keys. In this letter, we propose to leverage the timing attack on NoC to reverse engineer the mapping of each PE onto the MPSoC architecture. To the best of our knowledge, it is the first work that relies on creating the contention between the requests that are sent to different PEs and reveal the layout by just analyzing the reply latency. In the experimental setup, we are able to map PEs for MPSoC consists of Mesh, Torus, Point-to-Point, Ring, and Flattened Butterfly NoC topology with 100% accuracy that can be extremely useful for the attackers in the reconnaissance phase. Further, as the existing mitigation techniques to counter timing attacks are based on the assumption that the contention is created between the packets of secure-insecure domains, they will not be able to mitigate the proposed reverse engineering attack.