srdma efficient nic based authentication and encryption
play

sRDMA Efficient NICbased Authentication and Encryption for Remote - PowerPoint PPT Presentation

Sep 09, 2022 •2.08k likes •2.47k views

spcl.inf.ethz.ch @spcl_eth Konstantin Taranov, Benjamin Rothenberger, Adrian Perrig, Torsten Hoefler sRDMA Efficient NICbased Authentication and Encryption for Remote Direct Memory Access spcl.inf.ethz.ch @spcl_eth RDMA networking is

  1. spcl.inf.ethz.ch @spcl_eth Konstantin Taranov, Benjamin Rothenberger, Adrian Perrig, Torsten Hoefler sRDMA – Efficient NIC‐based Authentication and Encryption for Remote Direct Memory Access

  2. spcl.inf.ethz.ch @spcl_eth RDMA networking is a new trend in cloud computing 2

  3. spcl.inf.ethz.ch @spcl_eth RDMA security considerations RFC4297 – Remote Direct Memory Access (RDMA) over IP Problem Statement: “The RDMA protocols must permit integration with Internet security standards, such as IPsec and TLS. ” December 2005 March 2017 IPSec does not support RDMA July 2020 3

  4. spcl.inf.ethz.ch @spcl_eth Can application‐level security be used?  One‐sided RDMA requests are completely performed by the NIC  No CPU involvement on the destination machine  Two‐sided communication is also offloaded to the NIC  Packets cannot be discarded by the NIC  Received data consumes resources of the connection  CPU is responsible for verifying the received data negating RDMA advantages 4

  5. spcl.inf.ethz.ch @spcl_eth sRDMA – secure RDMA communication  sRDMA is lightweight security extension to RDMA which uses symmetric key cryptography to provide  Header Authentication  Packet Authentication  Payload encryption  Memory protection  sRDMA effectively prevents:  Eavesdropping  Spoofing attacks  Replay attacks  Man in the middle attacks  sRDMA is back compatible with classical RDMA and can be easily adapted by  native InfiniBand  RoCEv1  RoCEv2 5

  6. spcl.inf.ethz.ch @spcl_eth sRDMA – secure QP connection  sRDMA introduces a new Secure Reliably Connected Queue Pair  The application installs symmetric keys to a QP connection and required level of protection  Supported security codes: 6

  7. spcl.inf.ethz.ch @spcl_eth sRDMA Packet format Routing Base Transport RDMA Payload Checksums Header (RH) Header (BTH) Routing Base Transport IPSec* IPSec Payload Checksums Header (RH) Header (BTH) Routing Base Transport sRDMA sRDMA Payload Checksums Header (RH) Header (BTH) header sRDMA packet format advantages: • Routing and checksums not affected • Secure header is processed after processing of BTH * It does not exist yet, but it is discussed 7

  8. spcl.inf.ethz.ch @spcl_eth Base Transport Header (BTH) Routing Base Transport sRDMA sRDMA Payload Checksums Header (RH) Header (BTH) header • Changes to BTH • We use 3 out of 7 reserved bits from BTH to indicate the presence of the secure header • Secure header size • sRDMA supports 7 different MAC sizes • Value 0 is for back‐compatibility 8

  9. spcl.inf.ethz.ch @spcl_eth Nonce and Packet Sequence Number (PSN)  IPSec uses nonce against replay attacks  Nonce must never be reused  Nonce can be predictable and be transmitted in clear  PSN is a part of BTH  PSN is only 24 bit which get reused after 80 ms on modern network devices  Mellanox ConnectX‐5 can send up to 200 million messages per second!  sRDMA extends InfiniBand PSN counters to 64 bits  Both sender and receiver maintain 64‐bit counters,  But they transmit 24 least significant bits (LSB).  As PSNs are ordered, the endpoints can recover 64 bit sequence number from 24 LSB using sliding window. 9

  10. spcl.inf.ethz.ch @spcl_eth sRDMA ‐ Authentication and Secrecy  Header Authentication  Packet Authentication  Payload authenticated encryption  Nonce, RH, and BTH are passed as Additional Authenticated Data  Payload is encrypted and sent instead of plaintext  Overheads of AES‐128 for N secure QP connections Key overhead Nonce counter Header IPSec 16B * N 16B * N 32B sRDMA 16B * N 10B * N 16B 10

  11. spcl.inf.ethz.ch @spcl_eth Improving memory overhead – Protection Domain (PD) level keys  In RDMA, QP connections are created inside PDs  PD groups IB resources such as QP connections and memory regions that can work together.  sRDMA proposes to install a key ( K PD ) to PD, and use this key to derive QP level keys  We propose to install a single key per PD, and derive QP‐level keys from the PD key.  The key is derived using pseudorandom function (PRF) based on adapter port addresses (APA) and QPN identifiers of the endpoints.  Two endpoints derive the same symmetric key.  Overheads of AES‐128 for N secure QP connections Key overhead Nonce counter Header IPSec 16B * N 16B * N 32B sRDMA 16B * N 10B * N 16B sRDMA + PD keys 16B 10B* N 16B 11

  12. spcl.inf.ethz.ch @spcl_eth Extended memory protection  Memory protection in IBA is based on rkey tags (32 bits)  Each one‐sided RDMA request must include rkey in its request.  Any endpoint with the rkey can access the memory Endpoint A  sRDMA proposes scalable crypto‐based memory protection  Access to sub‐region (SR) with addresses [START, END )  sRDMA does not introduce extra header and reuses the STH Endpoint B Endpoint C 12

  13. spcl.inf.ethz.ch @spcl_eth Implementation of sRDMA  sRDMA is implemented on Broadcom Stingray PS225  Eight‐core ARM A72  DDR4 8 GB DRAM  Supports crypto‐acceleration 13

  14. spcl.inf.ethz.ch @spcl_eth Implementation of sRDMA Host B Host A QP connection QP connection SmartNIC B SmartNIC A QP connection Endpoint A Endpoint B 14

  15. spcl.inf.ethz.ch @spcl_eth Implementation of sRDMA – RDMA Write Host B Host A 1. Host A sends data to SmartNIC A. 2. SmartNIC A protects the packet. 3. SmartNIC A sends the protected packet to SmartNIC B. 4. SmartNIC B validates the packet. 5. SmartNIC B performs RDMA Write to the requested memory. SmartNIC B SmartNIC A Endpoint A Endpoint B 15

  16. spcl.inf.ethz.ch @spcl_eth Evaluation – Source authentication latency NO security baseline 16

  17. spcl.inf.ethz.ch @spcl_eth Evaluation – Source authentication latency NO security baseline 17

  18. spcl.inf.ethz.ch @spcl_eth Evaluation – Source authentication latency NO security baseline 18

  19. spcl.inf.ethz.ch @spcl_eth Evaluation – Packet authentication latency Read latency (RTT) Write latency (RTT/2) Payload size 19

  20. spcl.inf.ethz.ch @spcl_eth Evaluation – AEAD latency Payload size 20

  21. spcl.inf.ethz.ch @spcl_eth Evaluation – Write Bandwidth 21

  22. spcl.inf.ethz.ch @spcl_eth Evaluation – Write Bandwidth 22

  23. spcl.inf.ethz.ch @spcl_eth Evaluation – Write Bandwidth 23

  24. spcl.inf.ethz.ch @spcl_eth Evaluation – Write Bandwidth 24

  25. spcl.inf.ethz.ch @spcl_eth Evaluation – Read Bandwidth Write Bandwidth Read Bandwidth 25

  26. spcl.inf.ethz.ch @spcl_eth Evaluation – Read Bandwidth Write Bandwidth Read Bandwidth 26

  27. spcl.inf.ethz.ch @spcl_eth Evaluation – Read Bandwidth Write Bandwidth Read Bandwidth 27

  28. spcl.inf.ethz.ch @spcl_eth Evaluation – Read Bandwidth Write Bandwidth Read Bandwidth 28

  29. spcl.inf.ethz.ch @spcl_eth sRDMA paper also includes  Memory Sub‐delegation  Details on the implementation  Extra Experiments 29

  30. spcl.inf.ethz.ch @spcl_eth Thank you for your attention!  sRDMA is lightweight security extension to RDMA protocols sRDMA implementation:  sRDMA is flexible and supports various protection modes  PD‐level protection minimizes memory consumption on the NIC  sRDMA extends memory protection of InfiniBand architecture  sRDMA can be easily adapted to hardware Contact information: Konstantin Taranov konstantin.taranov@inf.ethz.ch 30

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Permutation-based encryption, authentication and authenticated encryption Joan Daemen 1 Joint

Permutation-based encryption, authentication and authenticated encryption Joan Daemen 1 Joint

. . . . . . Permutation-based encryption, authentication and authenticated encryption Permutation-based encryption, authentication and authenticated encryption Joan Daemen 1 Joint work with DIAC 2012, Stockholm, July 6 Guido Bertoni 1 ,

739 views • 49 slides
HOST PUF-Based Authentication ECE 525 PUF-Based Authentication PUF-based protocols have been

HOST PUF-Based Authentication ECE 525 PUF-Based Authentication PUF-based protocols have been

HOST PUF-Based Authentication ECE 525 PUF-Based Authentication PUF-based protocols have been proposed for applications including: Encryption and authentication For detecting malicious alterations of design components For

645 views • 15 slides
Innovations in permutation-based encryption & authentication . based on joint work with

Innovations in permutation-based encryption & authentication . based on joint work with

Innovations in permutation-based encryption & authentication . based on joint work with Fast Software Encryption Conference 2017 1 Joan Daemen 1 , 2 Guido Bertoni 1 , Michal Peeters 1 , Gilles Van Assche 1 and Ronny Van Keer 1 1

855 views • 30 slides
Permutation-based encryption, authentication and authenticated encryption Guido Bertoni 1 , Joan

Permutation-based encryption, authentication and authenticated encryption Guido Bertoni 1 , Joan

Permutation-based encryption, authentication and authenticated encryption Guido Bertoni 1 , Joan Daemen 1 , Michal Peeters 2 , and Gilles Van Assche 1 1 STMicroelectronics 2 NXP Semiconductors Abstract. While mainstream symmetric cryptography has

519 views • 12 slides
1 Message Encryption- see Table 11.1 in the book Message Encryption if public-key encryption

1 Message Encryption- see Table 11.1 in the book Message Encryption if public-key encryption

Message Authentication CPE 542: CRYPTOGRAPHY & NETWORK SECURITY message authentication is concerned with: protecting the integrity of a message Chapter 11 Message Authentication and validating identity of originator Hash

462 views • 6 slides
Quantum Authentication and Encryption with Key Recycling Or: How to Re-use a One-Time Pad Even if

Quantum Authentication and Encryption with Key Recycling Or: How to Re-use a One-Time Pad Even if

Quantum Authentication and Encryption with Key Recycling Or: How to Re-use a One-Time Pad Even if P = NP Safely & Feasibly Serge Fehr Louis Salvail CWI Amsterdam University of Montral Encryption & Authentication Schemes with

829 views • 62 slides
Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication

Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication

Cryptography Authentication and Data Integrity Aims of Authentication Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication with Hash Cryptography Functions Authentication with MACs School of

613 views • 27 slides
Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication

Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication

Cryptography Authentication and Data Integrity Aims of Authentication Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication with Hash Cryptography Functions Authentication with MACs School of

1.66k views • 27 slides
Lapin (an efficient authentication protocol based on Ring-LPN) Stefan Heyse, Eike Kiltz, Vadim

Lapin (an efficient authentication protocol based on Ring-LPN) Stefan Heyse, Eike Kiltz, Vadim

Lapin (an efficient authentication protocol based on Ring-LPN) Stefan Heyse, Eike Kiltz, Vadim Lyubashevsky, Christof Paar, Krzysztof Pietrzak Authentication Protocols Prover Verifier HB-style authentication shared AES key K protocols

563 views • 22 slides
(Hierarchical) Identity-Based Encryption from Affine Message Authentication Crypto 2014 , Olivier

(Hierarchical) Identity-Based Encryption from Affine Message Authentication Crypto 2014 , Olivier

(Hierarchical) Identity-Based Encryption from Affine Message Authentication Crypto 2014 , Olivier Blazy Eike Kiltz Jiaxin Pan Horst Grtz Institute for IT Security Ruhr-University Bochum 1 Introduction 2 Affine MAC 3 From Affine MAC to IBE 4

880 views • 58 slides
NTRUReEncrypt An Efficient Proxy Re-Encryption Scheme based on NTRU David Nu nez , Isaac Agudo,

NTRUReEncrypt An Efficient Proxy Re-Encryption Scheme based on NTRU David Nu nez , Isaac Agudo,

Outline Proxy Re-Encryption NTRU NTRUReEncrypt PS-NTRUReEncrypt Experimental results Conclusions NTRUReEncrypt An Efficient Proxy Re-Encryption Scheme based on NTRU David Nu nez , Isaac Agudo, and Javier Lopez Network, Information and

929 views • 38 slides
HOST PUF-Based Authentication Protocols ECE 525 PUF-Based Authentication Protocols The simplest

HOST PUF-Based Authentication Protocols ECE 525 PUF-Based Authentication Protocols The simplest

HOST PUF-Based Authentication Protocols ECE 525 PUF-Based Authentication Protocols The simplest mechanisms called challenge-response entity authentication exchange cleartext bitstrings directly, i.e., no cryptographic primitives are used A PUF

1.08k views • 38 slides
EAP Efficient Re-authentication Vidya Narayanan , vidyan@qualcomm.com Lakshminath Dondeti ,

EAP Efficient Re-authentication Vidya Narayanan , vidyan@qualcomm.com Lakshminath Dondeti ,

EAP Efficient Re-authentication Vidya Narayanan , vidyan@qualcomm.com Lakshminath Dondeti , ldondeti@qualcomm.com January 2007 Contents EAP Re-authentication and Fast Re-authentication Requirements for low latency re-authentication

1.05k views • 27 slides
Message Authentication MAC and Hash SMU CSE 5349/49 Message Authentication Verify that

Message Authentication MAC and Hash SMU CSE 5349/49 Message Authentication Verify that

Message Authentication MAC and Hash SMU CSE 5349/49 Message Authentication Verify that messages come from the alleged source, unaltered SMU CSE 5349/7349 Authentication Functions Message encryption Ciphertext itself serves as

1.16k views • 69 slides
Physically Restricted Authentication and Encryption for Cyber-physical Systems Michael

Physically Restricted Authentication and Encryption for Cyber-physical Systems Michael

11/12/09 Physically Restricted Authentication and Encryption for Cyber-physical Systems Michael Kirkpatrick, Elisa Bertino Purdue University Frederick Sheldon Oak Ridge National Laboratory DHS: S&T Workshop on Future Directions in

438 views • 4 slides
CAN AUTHENTICATION AND ENCRYPTION February 2017 CAN PROVIDES MULTIPLE ATTACK VECTORS Record

CAN AUTHENTICATION AND ENCRYPTION February 2017 CAN PROVIDES MULTIPLE ATTACK VECTORS Record

Implementing scalable CAN Security with CANcrypt by Olaf Pfeiffer CAN AUTHENTICATION AND ENCRYPTION February 2017 CAN PROVIDES MULTIPLE ATTACK VECTORS Record and re-play messages Can trigger desired actions Re-engineering

320 views • 21 slides
An eduGAIN Update Diego R. Lopez RedIRIS TF-EMC2. Utrecht, December 2008 What eduGAIN Offers

An eduGAIN Update Diego R. Lopez RedIRIS TF-EMC2. Utrecht, December 2008 What eduGAIN Offers

Connect. Communicate. Collaborate An eduGAIN Update Diego R. Lopez RedIRIS TF-EMC2. Utrecht, December 2008 What eduGAIN Offers Connect. Communicate. Collaborate Take advantage of existing identity infrastructures Easing the path to a

712 views • 21 slides
VALUES WITHOUT OFFENDING ANYONE Richard R Jurin University of Northern Colorado Deborah Matlock

VALUES WITHOUT OFFENDING ANYONE Richard R Jurin University of Northern Colorado Deborah Matlock

DEALING WITH SPIRITUALITY VALUES WITHOUT OFFENDING ANYONE Richard R Jurin University of Northern Colorado Deborah Matlock Antioch University, New Hampshire Consider how you feel about each of the following statements 0=no thought about it

569 views • 35 slides
Public IPv4 over Access IPv6 Network draft-cui-softwire-host-4over6-04 Y. Cui, J. Wu, P . Wu

Public IPv4 over Access IPv6 Network draft-cui-softwire-host-4over6-04 Y. Cui, J. Wu, P . Wu

Public IPv4 over Access IPv6 Network draft-cui-softwire-host-4over6-04 Y. Cui, J. Wu, P . Wu Tsinghua Univ. C. Metz Cisco Systems O. Vautrin Juniper Networks Y. Lee Comcast Outline Introduction Basic idea & use cases

824 views • 16 slides
Incremental Copying Collection with Pinning (Progress Report) Daniel Spoonhower Carnegie Mellon

Incremental Copying Collection with Pinning (Progress Report) Daniel Spoonhower Carnegie Mellon

Incremental Copying Collection with Pinning (Progress Report) Daniel Spoonhower Carnegie Mellon University spoons+@cs.cmu.edu (Joint work with Guy Blelloch and Robert Harper) January 12, 2004 SPACE 04 Incremental Copying Collection

744 views • 15 slides
Realistic Image Synthesis Bidirectional Path Tracing & Reciprocity Philipp Slusallek Karol

Realistic Image Synthesis Bidirectional Path Tracing & Reciprocity Philipp Slusallek Karol

Realistic Image Synthesis Bidirectional Path Tracing & Reciprocity Philipp Slusallek Karol Myszkowski Gurprit Singh Realistic Image Synthesis SS2020 Bidirectional Path Tracing Philipp Slusallek Path Sampling Techniques Different

577 views • 31 slides
Negotiability In Depth: Management Rights and Beyond August 17, 2017 Slide 2 Disagreement

Negotiability In Depth: Management Rights and Beyond August 17, 2017 Slide 2 Disagreement

Slide 1 Negotiability In Depth: Management Rights and Beyond August 17, 2017 Slide 2 Disagreement between a union and an agency concerning the legality of a proposal or a provision Negotiability In Depth: Management Rights & Beyond

906 views • 64 slides
Automated Placement for Custom Digital Designs Tung-Chieh Chen Physical Design Group, SpringSoft

Automated Placement for Custom Digital Designs Tung-Chieh Chen Physical Design Group, SpringSoft

Automated Placement for Custom Digital Designs Tung-Chieh Chen Physical Design Group, SpringSoft Inc. Mar 29 2011 (ISPD-2011) Outline Why Placement Custom Summary Issues Digital ISPD-2011 1 Outline Why Placement Custom Summary

637 views • 31 slides
Slides for Lecture 9 ENCM 501: Principles of Computer Architecture Winter 2014 Term Steve

Slides for Lecture 9 ENCM 501: Principles of Computer Architecture Winter 2014 Term Steve

Slides for Lecture 9 ENCM 501: Principles of Computer Architecture Winter 2014 Term Steve Norman, PhD, PEng Electrical & Computer Engineering Schulich School of Engineering University of Calgary 6 February, 2014 slide 2/23 ENCM 501 W14

452 views • 23 slides

More recommend