The documents distributed by this server have been provided by the contributing authors as a means to ensure timely dissemination of scholarly and technical work on a noncommercial basis. Copyright and all rights therein are maintained by the authors or by other copyright holders, notwithstanding that they have offered their works here electronically. It is understood that all persons copying this information will adhere to the terms and constraints invoked by each author's copyright. These works may not be reposted without the explicit permission of the copyright holder.
Publications of SPCL
|K. Taranov, B. Rothenberger, A. Perrig, T. Hoefler:|
|sRDMA -- Efficient NIC-based Authentication and Encryption for Remote Direct Memory Access|
(In Proceedings of the 2020 USENIX Annual Technical Conference, presented in , USENIX, ISBN: , Jul. 2020, )
AbstractState-of-the-art remote direct memory access (RDMA) technologies have shown to be vulnerable against attacks by innetwork adversaries, as they provide only a weak form of protection by including access tokens in each message. A network eavesdropper can easily obtain sensitive information and modify bypassing packets, affecting not only secrecy but also integrity. Tampering with packets can have drastic consequences. For example, when memory pages with code are changed remotely, altering packet contents enables remote code injection. RDMA is widely used in data center applications. We propose sRDMA, a system that provides efficient authentication and encryption for RDMA to prevent information leakage and message tampering. sRDMA uses symmetric cryptography and employs network interface cards (NIC) to perform cryptographic operations. Additionally, we provide an implementation for our proposed design. Our implementation achieves line rate and introduces less than 9% latency overhead.