The documents distributed by this server have been provided by the
contributing authors as a means to ensure timely dissemination of
scholarly and technical work on a noncommercial basis. Copyright and all
rights therein are maintained by the authors or by other copyright
holders, notwithstanding that they have offered their works here
electronically. It is understood that all persons copying this
information will adhere to the terms and constraints invoked by each
author's copyright. These works may not be reposted without the explicit
permission of the copyright holder.
Publications of SPCL
K. Taranov, B. Rothenberger, A. Perrig, T. Hoefler:
sRDMA -- Efficient NIC-based Authentication and Encryption for Remote Direct Memory Access
(In Proceedings of the 2020 USENIX Annual Technical Conference, presented in , USENIX, ISBN: , Jul. 2020, )
Abstract
State-of-the-art remote direct memory access (RDMA) technologies have shown to be vulnerable against attacks by innetwork adversaries, as they provide only a weak form of protection by including access tokens in each message. A network eavesdropper can easily obtain sensitive information and modify bypassing packets, affecting not only secrecy but also integrity. Tampering with packets can have drastic consequences. For example, when memory pages with code are changed remotely, altering packet contents enables remote code injection. RDMA is widely used in data center applications. We propose sRDMA, a system that provides efficient authentication and encryption for RDMA to prevent information leakage and message tampering. sRDMA uses symmetric cryptography and employs network interface cards (NIC) to perform cryptographic operations. Additionally, we provide an implementation for our proposed design. Our implementation achieves line rate and introduces less than 9% latency overhead.
Documents
download article:
Recorded talk (best effort)
BibTeX
@inproceedings{taranov-srdma, author={Konstantin Taranov and Benjamin Rothenberger and Adrian Perrig and Torsten Hoefler}, title={{sRDMA -- Efficient NIC-based Authentication and Encryption for Remote Direct Memory Access}}, year={2020}, month={7}, booktitle={Proceedings of the 2020 USENIX Annual Technical Conference}, location={}, publisher={USENIX}, isbn={}, note={}, doi={}, }
