原文传递
Securing Infiniband Networks with End-Point Encryption.
| 题名: | Securing Infiniband Networks with End-Point Encryption. |
| 作者: | Diamond, N. B. |
| 摘要: | InfiniBand is increasingly used in applications outside the high performance com-puting domain, generating interest in securing InfiniBand networks with encryptionand packet inspection. However, the performance benefit realized by the InfiniBandhardware transport protocols is at odds with many kernel, stack-based Internet Pro-tocol (IP) datagram encryption and network monitoring technologies. Kernel bypassapproaches make it necessary for new security applications to be developed.The NVIDIA-Mellanox Bluefield-2 is a 100 Gbps high-performance network inter-face which offers hardware offload and acceleration features that can operate directlyon network traffic without routine involvement from the ARM CPU. This allows theARM multi-core CPU to orchestrate the hardware to perform operations on bothEthernet and Remote Direct Memory Access (RDMA) traffic at high rates ratherthan processing all the traffic directly.A testbed called TNAP was created for performance testing and a Man-in-the-Middle verification process called MiTMVP is used to ensure proper network config-uration. The hardware accelerators of the Bluefield-2 support a throughput of nearly86 Gbps when using IP Security (IPsec) to encrypt and authenticate RDMA overConverged Ethernet Version 2 (RoCEv2) traffic.This research closes by providing operational security recommendations to defendagainst presented vulnerabilities, and secure InfiniBand with the Bluefield-2 and sim-ilar network adapters. Security and performance implications are discussed, and theneed for ongoing evaluation of InfiniBand is emphasized. |
| 总页数: | 111 pages |
相关文献
- Securing Data in Transit Using Two Channel Communication.
- Law Enforcement's Dilemma: Fighting 21st Century Encrypted Communications with 20th Century Legislation.
- Far term visions: The frontiers of the responsibly imaginable
- Participant and Channel Privacy in End-to-End Encrypted VoIP Teleconferencing.
- CVISN Electronic Credentialing for Commerical Vehicles in Washington State. A Case Study. Easier Licensing and Credential Processing for the Motor Carrier Industry.
- CVISN Electronic Credentialing for Commerical Vehicles in Washington State. A Case Study. Easier Licensing and Credential Processing for the Motor Carrier Industry.
检索历史
应用推荐
