Securing Infiniband Networks with End-Point Encryption

Abstract

The NVIDIA-Mellanox BluexC;eld-2 is a 100 Gbps high-performance network interface which offers hardware offload and acceleration features that can operate directly on network traffic without routine involvement from the ARM CPU. This allows the ARM multi-core CPU to orchestrate the hardware to perform operations on both Ethernet and RDMA traffic at high rates rather than processing all the traffic directly. A testbed called TNAP was created for performance testing and a MiTM verixC;fication process called MiTMVMP is used to ensure proper network conxC;figuration. The hardware accelerators of the BluexC;eld-2 support a throughput of nearly 86 Gbps when using IPsec to encrypt and authenticate RoCEv2 traffic. This research closes by providing operational security recommendations to defend against presented vulnerabilities, and secure InxC;finiBand with the BluexC;eld-2 DPU and similar InxC;finiBand channel adapters.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Mar 24, 2022
Accession Number
AD1166855

Entities

People

  • Noah B Diamond

Organizations

  • Air Force Institute of Technology

Tags

Communities of Interest

  • Energy and Power Technologies

DTIC Thesaurus Topics

  • Air Force
  • Application-Specific Integrated Circuits
  • Central Processing Units
  • Communication Channels
  • Computer Network Security
  • Computer Networks
  • Computer Programming
  • Computers
  • Cryptography
  • Data Centers
  • Data Processing
  • Department Of Defense
  • Engineering
  • High Performance Computing
  • Information Operations
  • Kernels (Operating System)
  • Network Architecture
  • Network Protocols
  • Network Topology
  • Operating Systems
  • Performance Tests
  • Security Protocols
  • Statistical Analysis
  • Transport Protocols
  • United States Government

Fields of Study

  • Computer science

Readers

  • Computer Networking
  • Cybersecurity.
  • Parallel and Distributed Computing.