SlideShare a Scribd company logo

Rdma 1

Anna Kim
Anna Kim

The document discusses security issues with remote direct memory access (RDMA) and potential attacks. It proposes a secure RDMA system design where a smartNIC protects packets by authenticating, encrypting, and validating them before performing RDMA operations between endpoints. The smartNIC offloads cryptographic operations to improve performance and security compared to relying only on the host CPU. Future plans include programming InfiniBand RDMA and offloading specific cipher suites to the smartNIC.

Engineering
1 of 11
Download to read offline
1 RDMA Intro. with bluefield smartnic
2 Introduction ▪ State-of-the-art remote direct memory access(RDMA) technologies such as • InfiniBand (IB) • RDMA over Converged Ethernet (RoCE) are becoming widely used in data center applications. ▪ Hence, the security of RDMA architectures is crucial, yet potential security implications of using RDMA communication remain largely unstudied. ReDMArk: Bypassing RDMA Security Mechanisms (ETH Zurich)
3 Introduction ➨ RFC 5042 analyzes basic security issues, but lack in-depth analysis. ReDMArk: Bypassing RDMA Security Mechanisms (ETH Zurich)
4 Introduction ▪ Unfortunately, encryption and authentication of RDMA packets is not part of current RDMA specifications. • IPsec standard does not support InfiniBand traffic (only RoCE) • Application-level encryption (e.g., TLS) is not possible since RDMA operations can be handled without involvement of the CPU. ReDMArk: Bypassing RDMA Security Mechanisms (ETH Zurich)
5 RDMA Background RDMA has been key ingredient of HPC and supercomputing environments for years. At a high level RDMA is a networking approach consisting of two basic concepts: Design Guidelines for High Performance RDMA Systems (USENIX ATC’ 16) 1. Operating system “stack bypass”: In many applications, the overhead of going through the kernel networking layers is the bottleneck to processing speed. 2. Full CPU bypass: For certain, more-specialized applications, RDMA hardware can allow one computer to read and write directly to/from the memory of another node in the cluster, without the remote node’s CPU or OS being involved at all.
6 Large RDMA design space Design Guidelines for High Performance RDMA Systems (USENIX ATC’ 16) Operations Transports Optimizations READ WRITE ATOMIC Remote bypass (one-sided) SEND, RECV Two-sided Reliable Unreliable Connected Datagram Inlined Unsignaled Doorbell batching WQE shrinking 0B-RECVs
7 Large RDMA design space Design Guidelines for High Performance RDMA Systems (USENIX ATC’ 16) PCI Express messages are expensive Reduce CPU-to-NIC messages (MMIOs) Reduce NIC-to-CPU messages (DMAs)
8 Security Gaps in RDMA 10 discovered vulnerabilities in ReDMArk V1 Memory Protection Key Randomness V2 Static Initialization State for Key Generation V3 Shared Key Generator V4 Consecutive Allocation of Memory Regions V5 Linearly Increasing QP Numbers V6 Fixed Starting Packet Sequence Number V7 Limited Attack Detection Capabilities V8 Missing Encryption and Authentication in RDMA Protocols V9 Single Protection Domain for all QPs V10 Implicit On-Demand Paging (ODP) Packet Injection using Impersonation Dos Attack by Transiting QPs to an Error State Unauthorized Memory Access DoS Attack based on QP Allocation Resource Exhaustion Performance Degradation using Resource Exhaustion Facilitating Attacks using RDMA
1.Host A sends data to SNIC A 2.SNIC A protects the packet 3.SNIC A sends the protected packet to SNIC B 4.SNIC B validates the packet 5.SNIC B performs RDMA write to the requested memory 9 Secure RDMA System Design sRDMA – Efficient NIC-based Authentication and Encryption for Remote Direct Memory Access ▪ The current IBA protection mechanism do not suffice to ensure secure communication between endpoints, allowing adversaries numerous attacks. ▪ Thus, the primary goal of our work is to secure RDMA protocols against attacks by providing source and data authentication along with data secrecy and data freshness. QP connection Endpoint A Endpoint B Host A Host B
Intelligent Offloads – Higher Performance, Efficiency, Scalability ConnectX-4 / Lx ConnectX-5/6/6-Dx BlueField © 2018 Mellanox Technologies 10
111 FUTURE PLANS ▪ Programming Infiniband RDMA ▪ OFFLOAD a specific CipherSuite (e.g., TLS1.2-ECDHE-ECDSA-AES128-GCM-SHA256) to SmartNIC.

Recommended

Understanding DPDK
Understanding DPDKUnderstanding DPDK
Understanding DPDKDenys Haryachyy
 
Embedded System
Embedded SystemEmbedded System
Embedded Systemsureskal
 
Five Rendering Ideas from Battlefield 3 & Need For Speed: The Run
Five Rendering Ideas from Battlefield 3 & Need For Speed: The RunFive Rendering Ideas from Battlefield 3 & Need For Speed: The Run
Five Rendering Ideas from Battlefield 3 & Need For Speed: The RunElectronic Arts / DICE
 
SR-IOV ixgbe Driver Limitations and Improvement
SR-IOV ixgbe Driver Limitations and ImprovementSR-IOV ixgbe Driver Limitations and Improvement
SR-IOV ixgbe Driver Limitations and ImprovementLF Events
 
Optimizing the Graphics Pipeline with Compute, GDC 2016
Optimizing the Graphics Pipeline with Compute, GDC 2016Optimizing the Graphics Pipeline with Compute, GDC 2016
Optimizing the Graphics Pipeline with Compute, GDC 2016Graham Wihlidal
 
Understanding DPDK algorithmics
Understanding DPDK algorithmicsUnderstanding DPDK algorithmics
Understanding DPDK algorithmicsDenys Haryachyy
 
GMSL in Linux
GMSL in LinuxGMSL in Linux
GMSL in LinuxKieran Bingham
 
Parallel Futures of a Game Engine (v2.0)
Parallel Futures of a Game Engine (v2.0)Parallel Futures of a Game Engine (v2.0)
Parallel Futures of a Game Engine (v2.0)Johan Andersson
 

Recommended

Understanding DPDK
Understanding DPDKUnderstanding DPDK
Understanding DPDKDenys Haryachyy
 
Embedded System
Embedded SystemEmbedded System
Embedded Systemsureskal
 
Five Rendering Ideas from Battlefield 3 & Need For Speed: The Run
Five Rendering Ideas from Battlefield 3 & Need For Speed: The RunFive Rendering Ideas from Battlefield 3 & Need For Speed: The Run
Five Rendering Ideas from Battlefield 3 & Need For Speed: The RunElectronic Arts / DICE
 
SR-IOV ixgbe Driver Limitations and Improvement
SR-IOV ixgbe Driver Limitations and ImprovementSR-IOV ixgbe Driver Limitations and Improvement
SR-IOV ixgbe Driver Limitations and ImprovementLF Events
 
Optimizing the Graphics Pipeline with Compute, GDC 2016
Optimizing the Graphics Pipeline with Compute, GDC 2016Optimizing the Graphics Pipeline with Compute, GDC 2016
Optimizing the Graphics Pipeline with Compute, GDC 2016Graham Wihlidal
 
Understanding DPDK algorithmics
Understanding DPDK algorithmicsUnderstanding DPDK algorithmics
Understanding DPDK algorithmicsDenys Haryachyy
 
GMSL in Linux
GMSL in LinuxGMSL in Linux
GMSL in LinuxKieran Bingham
 
Parallel Futures of a Game Engine (v2.0)
Parallel Futures of a Game Engine (v2.0)Parallel Futures of a Game Engine (v2.0)
Parallel Futures of a Game Engine (v2.0)Johan Andersson
 
Uvm dac2011 final_color
Uvm dac2011 final_colorUvm dac2011 final_color
Uvm dac2011 final_colorJamal EL HAITOUT
 
VIDEO CODECS
VIDEO CODECSVIDEO CODECS
VIDEO CODECSVinayagam Mariappan
 
ICME 2016 - High Efficiency Video Coding - Coding Tools and Specification: HE...
ICME 2016 - High Efficiency Video Coding - Coding Tools and Specification: HE...ICME 2016 - High Efficiency Video Coding - Coding Tools and Specification: HE...
ICME 2016 - High Efficiency Video Coding - Coding Tools and Specification: HE...Mathias Wien
 
Real-Time 200Gbit/s PAM4 Transmission Over 80km SSMF Using Quantum-Dot Laser ...
Real-Time 200Gbit/s PAM4 Transmission Over 80km SSMF Using Quantum-Dot Laser ...Real-Time 200Gbit/s PAM4 Transmission Over 80km SSMF Using Quantum-Dot Laser ...
Real-Time 200Gbit/s PAM4 Transmission Over 80km SSMF Using Quantum-Dot Laser ...ADVA
 
DirectX 11 Rendering in Battlefield 3
DirectX 11 Rendering in Battlefield 3DirectX 11 Rendering in Battlefield 3
DirectX 11 Rendering in Battlefield 3Electronic Arts / DICE
 
4K Checkerboard in Battlefield 1 and Mass Effect Andromeda
4K Checkerboard in Battlefield 1 and Mass Effect Andromeda4K Checkerboard in Battlefield 1 and Mass Effect Andromeda
4K Checkerboard in Battlefield 1 and Mass Effect AndromedaElectronic Arts / DICE
 
Rendering Battlefield 4 with Mantle
Rendering Battlefield 4 with MantleRendering Battlefield 4 with Mantle
Rendering Battlefield 4 with MantleElectronic Arts / DICE
 
SPU-Based Deferred Shading in BATTLEFIELD 3 for Playstation 3
SPU-Based Deferred Shading in BATTLEFIELD 3 for Playstation 3SPU-Based Deferred Shading in BATTLEFIELD 3 for Playstation 3
SPU-Based Deferred Shading in BATTLEFIELD 3 for Playstation 3Electronic Arts / DICE
 
CryENGINE 3 Rendering Techniques
CryENGINE 3 Rendering TechniquesCryENGINE 3 Rendering Techniques
CryENGINE 3 Rendering TechniquesTiago Sousa
 
Userspace networking
Userspace networkingUserspace networking
Userspace networkingStephen Hemminger
 
GTC 2014 - DirectX 11 Rendering and NVIDIA GameWorks in Batman: Arkham Origins
GTC 2014 - DirectX 11 Rendering and NVIDIA GameWorks in Batman: Arkham OriginsGTC 2014 - DirectX 11 Rendering and NVIDIA GameWorks in Batman: Arkham Origins
GTC 2014 - DirectX 11 Rendering and NVIDIA GameWorks in Batman: Arkham OriginsColin Barré-Brisebois
 
Versatile Video Coding – Video Compression beyond HEVC: Coding Tools for SDR ...
Versatile Video Coding – Video Compression beyond HEVC: Coding Tools for SDR ...Versatile Video Coding – Video Compression beyond HEVC: Coding Tools for SDR ...
Versatile Video Coding – Video Compression beyond HEVC: Coding Tools for SDR ...Förderverein Technische Fakultät
 
Introducing ucx unified communications x framework
Introducing ucx unified communications x frameworkIntroducing ucx unified communications x framework
Introducing ucx unified communications x frameworkinside-BigData.com
 
Code GPU with CUDA - SIMT
Code GPU with CUDA - SIMTCode GPU with CUDA - SIMT
Code GPU with CUDA - SIMTMarina Kolpakova
 
SOC design
SOC design SOC design
SOC design Vinchipsytm Vlsitraining
 
DPDK & Layer 4 Packet Processing
DPDK & Layer 4 Packet ProcessingDPDK & Layer 4 Packet Processing
DPDK & Layer 4 Packet ProcessingMichelle Holley
 
Dx11 performancereloaded
Dx11 performancereloadedDx11 performancereloaded
Dx11 performancereloadedmistercteam
 
Automatic Audio in Frostbite
Automatic Audio in FrostbiteAutomatic Audio in Frostbite
Automatic Audio in FrostbiteElectronic Arts / DICE
 
Getting the most out of H.264
Getting the most out of H.264Getting the most out of H.264
Getting the most out of H.264Iain Richardson
 
GDC 2014 - Deformable Snow Rendering in Batman: Arkham Origins
GDC 2014 - Deformable Snow Rendering in Batman: Arkham OriginsGDC 2014 - Deformable Snow Rendering in Batman: Arkham Origins
GDC 2014 - Deformable Snow Rendering in Batman: Arkham OriginsColin Barré-Brisebois
 
Secured Internet Gateway for ISP with pfsense & FRR
Secured Internet Gateway for ISP with pfsense & FRRSecured Internet Gateway for ISP with pfsense & FRR
Secured Internet Gateway for ISP with pfsense & FRRBangladesh Network Operators Group
 
Making networks secure with multi-layer encryption
Making networks secure with multi-layer encryptionMaking networks secure with multi-layer encryption
Making networks secure with multi-layer encryptionADVA
 

More Related Content

What's hot

ICME 2016 - High Efficiency Video Coding - Coding Tools and Specification: HE...
ICME 2016 - High Efficiency Video Coding - Coding Tools and Specification: HE...ICME 2016 - High Efficiency Video Coding - Coding Tools and Specification: HE...
ICME 2016 - High Efficiency Video Coding - Coding Tools and Specification: HE...Mathias Wien
 
Real-Time 200Gbit/s PAM4 Transmission Over 80km SSMF Using Quantum-Dot Laser ...
Real-Time 200Gbit/s PAM4 Transmission Over 80km SSMF Using Quantum-Dot Laser ...Real-Time 200Gbit/s PAM4 Transmission Over 80km SSMF Using Quantum-Dot Laser ...
Real-Time 200Gbit/s PAM4 Transmission Over 80km SSMF Using Quantum-Dot Laser ...ADVA
 
4K Checkerboard in Battlefield 1 and Mass Effect Andromeda
4K Checkerboard in Battlefield 1 and Mass Effect Andromeda4K Checkerboard in Battlefield 1 and Mass Effect Andromeda
4K Checkerboard in Battlefield 1 and Mass Effect AndromedaElectronic Arts / DICE
 
SPU-Based Deferred Shading in BATTLEFIELD 3 for Playstation 3
SPU-Based Deferred Shading in BATTLEFIELD 3 for Playstation 3SPU-Based Deferred Shading in BATTLEFIELD 3 for Playstation 3
SPU-Based Deferred Shading in BATTLEFIELD 3 for Playstation 3Electronic Arts / DICE
 
CryENGINE 3 Rendering Techniques
CryENGINE 3 Rendering TechniquesCryENGINE 3 Rendering Techniques
CryENGINE 3 Rendering TechniquesTiago Sousa
 
GTC 2014 - DirectX 11 Rendering and NVIDIA GameWorks in Batman: Arkham Origins
GTC 2014 - DirectX 11 Rendering and NVIDIA GameWorks in Batman: Arkham OriginsGTC 2014 - DirectX 11 Rendering and NVIDIA GameWorks in Batman: Arkham Origins
GTC 2014 - DirectX 11 Rendering and NVIDIA GameWorks in Batman: Arkham OriginsColin Barré-Brisebois
 
Versatile Video Coding – Video Compression beyond HEVC: Coding Tools for SDR ...
Versatile Video Coding – Video Compression beyond HEVC: Coding Tools for SDR ...Versatile Video Coding – Video Compression beyond HEVC: Coding Tools for SDR ...
Versatile Video Coding – Video Compression beyond HEVC: Coding Tools for SDR ...Förderverein Technische Fakultät
 
Introducing ucx unified communications x framework
Introducing ucx unified communications x frameworkIntroducing ucx unified communications x framework
Introducing ucx unified communications x frameworkinside-BigData.com
 
DPDK & Layer 4 Packet Processing
DPDK & Layer 4 Packet ProcessingDPDK & Layer 4 Packet Processing
DPDK & Layer 4 Packet ProcessingMichelle Holley
 
Dx11 performancereloaded
Dx11 performancereloadedDx11 performancereloaded
Dx11 performancereloadedmistercteam
 
Getting the most out of H.264
Getting the most out of H.264Getting the most out of H.264
Getting the most out of H.264Iain Richardson
 
GDC 2014 - Deformable Snow Rendering in Batman: Arkham Origins
GDC 2014 - Deformable Snow Rendering in Batman: Arkham OriginsGDC 2014 - Deformable Snow Rendering in Batman: Arkham Origins
GDC 2014 - Deformable Snow Rendering in Batman: Arkham OriginsColin Barré-Brisebois
 

What's hot (20)

Uvm dac2011 final_color
Uvm dac2011 final_colorUvm dac2011 final_color
Uvm dac2011 final_color
 
VIDEO CODECS
VIDEO CODECSVIDEO CODECS
VIDEO CODECS
 
ICME 2016 - High Efficiency Video Coding - Coding Tools and Specification: HE...
ICME 2016 - High Efficiency Video Coding - Coding Tools and Specification: HE...ICME 2016 - High Efficiency Video Coding - Coding Tools and Specification: HE...
ICME 2016 - High Efficiency Video Coding - Coding Tools and Specification: HE...
 
Real-Time 200Gbit/s PAM4 Transmission Over 80km SSMF Using Quantum-Dot Laser ...
Real-Time 200Gbit/s PAM4 Transmission Over 80km SSMF Using Quantum-Dot Laser ...Real-Time 200Gbit/s PAM4 Transmission Over 80km SSMF Using Quantum-Dot Laser ...
Real-Time 200Gbit/s PAM4 Transmission Over 80km SSMF Using Quantum-Dot Laser ...
 
DirectX 11 Rendering in Battlefield 3
DirectX 11 Rendering in Battlefield 3DirectX 11 Rendering in Battlefield 3
DirectX 11 Rendering in Battlefield 3
 
4K Checkerboard in Battlefield 1 and Mass Effect Andromeda
4K Checkerboard in Battlefield 1 and Mass Effect Andromeda4K Checkerboard in Battlefield 1 and Mass Effect Andromeda
4K Checkerboard in Battlefield 1 and Mass Effect Andromeda
 
Rendering Battlefield 4 with Mantle
Rendering Battlefield 4 with MantleRendering Battlefield 4 with Mantle
Rendering Battlefield 4 with Mantle
 
SPU-Based Deferred Shading in BATTLEFIELD 3 for Playstation 3
SPU-Based Deferred Shading in BATTLEFIELD 3 for Playstation 3SPU-Based Deferred Shading in BATTLEFIELD 3 for Playstation 3
SPU-Based Deferred Shading in BATTLEFIELD 3 for Playstation 3
 
CryENGINE 3 Rendering Techniques
CryENGINE 3 Rendering TechniquesCryENGINE 3 Rendering Techniques
CryENGINE 3 Rendering Techniques
 
Userspace networking
Userspace networkingUserspace networking
Userspace networking
 
GTC 2014 - DirectX 11 Rendering and NVIDIA GameWorks in Batman: Arkham Origins
GTC 2014 - DirectX 11 Rendering and NVIDIA GameWorks in Batman: Arkham OriginsGTC 2014 - DirectX 11 Rendering and NVIDIA GameWorks in Batman: Arkham Origins
GTC 2014 - DirectX 11 Rendering and NVIDIA GameWorks in Batman: Arkham Origins
 
Versatile Video Coding – Video Compression beyond HEVC: Coding Tools for SDR ...
Versatile Video Coding – Video Compression beyond HEVC: Coding Tools for SDR ...Versatile Video Coding – Video Compression beyond HEVC: Coding Tools for SDR ...
Versatile Video Coding – Video Compression beyond HEVC: Coding Tools for SDR ...
 
Introducing ucx unified communications x framework
Introducing ucx unified communications x frameworkIntroducing ucx unified communications x framework
Introducing ucx unified communications x framework
 
Code GPU with CUDA - SIMT
Code GPU with CUDA - SIMTCode GPU with CUDA - SIMT
Code GPU with CUDA - SIMT
 
SOC design
SOC design SOC design
SOC design
 
DPDK & Layer 4 Packet Processing
DPDK & Layer 4 Packet ProcessingDPDK & Layer 4 Packet Processing
DPDK & Layer 4 Packet Processing
 
Dx11 performancereloaded
Dx11 performancereloadedDx11 performancereloaded
Dx11 performancereloaded
 
Automatic Audio in Frostbite
Automatic Audio in FrostbiteAutomatic Audio in Frostbite
Automatic Audio in Frostbite
 
Getting the most out of H.264
Getting the most out of H.264Getting the most out of H.264
Getting the most out of H.264
 
GDC 2014 - Deformable Snow Rendering in Batman: Arkham Origins
GDC 2014 - Deformable Snow Rendering in Batman: Arkham OriginsGDC 2014 - Deformable Snow Rendering in Batman: Arkham Origins
GDC 2014 - Deformable Snow Rendering in Batman: Arkham Origins
 

Similar to Rdma 1

Making networks secure with multi-layer encryption
Making networks secure with multi-layer encryptionMaking networks secure with multi-layer encryption
Making networks secure with multi-layer encryptionADVA
 
ODSA Use Case - SmartNIC
ODSA Use Case - SmartNICODSA Use Case - SmartNIC
ODSA Use Case - SmartNICODSA Workgroup
 
DPDK Summit - 08 Sept 2014 - 6WIND - High Perf Networking Leveraging the DPDK...
DPDK Summit - 08 Sept 2014 - 6WIND - High Perf Networking Leveraging the DPDK...DPDK Summit - 08 Sept 2014 - 6WIND - High Perf Networking Leveraging the DPDK...
DPDK Summit - 08 Sept 2014 - 6WIND - High Perf Networking Leveraging the DPDK...Jim St. Leger
 
Advanced Networking: The Critical Path for HPC, Cloud, Machine Learning and more
Advanced Networking: The Critical Path for HPC, Cloud, Machine Learning and moreAdvanced Networking: The Critical Path for HPC, Cloud, Machine Learning and more
Advanced Networking: The Critical Path for HPC, Cloud, Machine Learning and moreinside-BigData.com
 
Analysis of Security and Compliance using Oracle SPARC T-Series Servers: Emph...
Analysis of Security and Compliance using Oracle SPARC T-Series Servers: Emph...Analysis of Security and Compliance using Oracle SPARC T-Series Servers: Emph...
Analysis of Security and Compliance using Oracle SPARC T-Series Servers: Emph...Ramesh Nagappan
 
High Performance Networking Leveraging the DPDK and Growing Community
High Performance Networking Leveraging the DPDK and Growing CommunityHigh Performance Networking Leveraging the DPDK and Growing Community
High Performance Networking Leveraging the DPDK and Growing Community6WIND
 
Ipv6 Security with Mikrotik RouterOS by Wardner Maia
Ipv6 Security with Mikrotik RouterOS by Wardner MaiaIpv6 Security with Mikrotik RouterOS by Wardner Maia
Ipv6 Security with Mikrotik RouterOS by Wardner MaiaWardner Maia
 
St Louis Linux Users Group Wireguard (for Fun and Networking)
St Louis Linux Users Group Wireguard (for Fun and Networking)St Louis Linux Users Group Wireguard (for Fun and Networking)
St Louis Linux Users Group Wireguard (for Fun and Networking)Andrew Denner
 
Devconf2017 - Can VMs networking benefit from DPDK
Devconf2017 - Can VMs networking benefit from DPDKDevconf2017 - Can VMs networking benefit from DPDK
Devconf2017 - Can VMs networking benefit from DPDKMaxime Coquelin
 
Kurs CCNA 200 - 301
Kurs CCNA 200 - 301Kurs CCNA 200 - 301
Kurs CCNA 200 - 301tctal
 
FINAL YEAR PROJECTS ABSTRACT ECE-Wireless encryption and decryption newWirele...
FINAL YEAR PROJECTS ABSTRACT ECE-Wireless encryption and decryption newWirele...FINAL YEAR PROJECTS ABSTRACT ECE-Wireless encryption and decryption newWirele...
FINAL YEAR PROJECTS ABSTRACT ECE-Wireless encryption and decryption newWirele...ASHOKKUMAR RAMAR
 
Giai phap bao mat - so sanh switch bao mat cua HDN va switch cua Cisco
Giai phap bao mat - so sanh switch bao mat cua HDN va switch cua CiscoGiai phap bao mat - so sanh switch bao mat cua HDN va switch cua Cisco
Giai phap bao mat - so sanh switch bao mat cua HDN va switch cua CiscoTran Thanh Song
 
Cisco 900 Series Integrated Services Routers Datasheet
Cisco 900 Series Integrated Services Routers DatasheetCisco 900 Series Integrated Services Routers Datasheet
Cisco 900 Series Integrated Services Routers Datasheet美兰 曾
 
Ccna 4 Chapter 1 V4.0 Answers
Ccna 4 Chapter 1 V4.0 AnswersCcna 4 Chapter 1 V4.0 Answers
Ccna 4 Chapter 1 V4.0 Answersccna4discovery
 
Security Issues in Next Generation IP and Migration Networks
Security Issues in Next Generation IP and Migration NetworksSecurity Issues in Next Generation IP and Migration Networks
Security Issues in Next Generation IP and Migration NetworksIOSR Journals
 
Securing Millions of Devices
Securing Millions of DevicesSecuring Millions of Devices
Securing Millions of DevicesKai Hudalla
 
It’s in the Air(waves): Deconstructing 2017’s Biggest RF Attacks
It’s in the Air(waves): Deconstructing 2017’s Biggest RF AttacksIt’s in the Air(waves): Deconstructing 2017’s Biggest RF Attacks
It’s in the Air(waves): Deconstructing 2017’s Biggest RF AttacksPriyanka Aash
 
Endüstriyel Router Çözümleri
Endüstriyel Router ÇözümleriEndüstriyel Router Çözümleri
Endüstriyel Router ÇözümleriElmarkPlusTurkiye
 

Similar to Rdma 1 (20)

Secured Internet Gateway for ISP with pfsense & FRR
Secured Internet Gateway for ISP with pfsense & FRRSecured Internet Gateway for ISP with pfsense & FRR
Secured Internet Gateway for ISP with pfsense & FRR
 
Making networks secure with multi-layer encryption
Making networks secure with multi-layer encryptionMaking networks secure with multi-layer encryption
Making networks secure with multi-layer encryption
 
ODSA Use Case - SmartNIC
ODSA Use Case - SmartNICODSA Use Case - SmartNIC
ODSA Use Case - SmartNIC
 
DPDK Summit - 08 Sept 2014 - 6WIND - High Perf Networking Leveraging the DPDK...
DPDK Summit - 08 Sept 2014 - 6WIND - High Perf Networking Leveraging the DPDK...DPDK Summit - 08 Sept 2014 - 6WIND - High Perf Networking Leveraging the DPDK...
DPDK Summit - 08 Sept 2014 - 6WIND - High Perf Networking Leveraging the DPDK...
 
Advanced Networking: The Critical Path for HPC, Cloud, Machine Learning and more
Advanced Networking: The Critical Path for HPC, Cloud, Machine Learning and moreAdvanced Networking: The Critical Path for HPC, Cloud, Machine Learning and more
Advanced Networking: The Critical Path for HPC, Cloud, Machine Learning and more
 
Analysis of Security and Compliance using Oracle SPARC T-Series Servers: Emph...
Analysis of Security and Compliance using Oracle SPARC T-Series Servers: Emph...Analysis of Security and Compliance using Oracle SPARC T-Series Servers: Emph...
Analysis of Security and Compliance using Oracle SPARC T-Series Servers: Emph...
 
High Performance Networking Leveraging the DPDK and Growing Community
High Performance Networking Leveraging the DPDK and Growing CommunityHigh Performance Networking Leveraging the DPDK and Growing Community
High Performance Networking Leveraging the DPDK and Growing Community
 
Ipv6 Security with Mikrotik RouterOS by Wardner Maia
Ipv6 Security with Mikrotik RouterOS by Wardner MaiaIpv6 Security with Mikrotik RouterOS by Wardner Maia
Ipv6 Security with Mikrotik RouterOS by Wardner Maia
 
St Louis Linux Users Group Wireguard (for Fun and Networking)
St Louis Linux Users Group Wireguard (for Fun and Networking)St Louis Linux Users Group Wireguard (for Fun and Networking)
St Louis Linux Users Group Wireguard (for Fun and Networking)
 
Devconf2017 - Can VMs networking benefit from DPDK
Devconf2017 - Can VMs networking benefit from DPDKDevconf2017 - Can VMs networking benefit from DPDK
Devconf2017 - Can VMs networking benefit from DPDK
 
Kurs CCNA 200 - 301
Kurs CCNA 200 - 301Kurs CCNA 200 - 301
Kurs CCNA 200 - 301
 
FINAL YEAR PROJECTS ABSTRACT ECE-Wireless encryption and decryption newWirele...
FINAL YEAR PROJECTS ABSTRACT ECE-Wireless encryption and decryption newWirele...FINAL YEAR PROJECTS ABSTRACT ECE-Wireless encryption and decryption newWirele...
FINAL YEAR PROJECTS ABSTRACT ECE-Wireless encryption and decryption newWirele...
 
Giai phap bao mat - so sanh switch bao mat cua HDN va switch cua Cisco
Giai phap bao mat - so sanh switch bao mat cua HDN va switch cua CiscoGiai phap bao mat - so sanh switch bao mat cua HDN va switch cua Cisco
Giai phap bao mat - so sanh switch bao mat cua HDN va switch cua Cisco
 
Cisco 900 Series Integrated Services Routers Datasheet
Cisco 900 Series Integrated Services Routers DatasheetCisco 900 Series Integrated Services Routers Datasheet
Cisco 900 Series Integrated Services Routers Datasheet
 
Ccna 4 Chapter 1 V4.0 Answers
Ccna 4 Chapter 1 V4.0 AnswersCcna 4 Chapter 1 V4.0 Answers
Ccna 4 Chapter 1 V4.0 Answers
 
D017131318
D017131318D017131318
D017131318
 
Security Issues in Next Generation IP and Migration Networks
Security Issues in Next Generation IP and Migration NetworksSecurity Issues in Next Generation IP and Migration Networks
Security Issues in Next Generation IP and Migration Networks
 
Securing Millions of Devices
Securing Millions of DevicesSecuring Millions of Devices
Securing Millions of Devices
 
It’s in the Air(waves): Deconstructing 2017’s Biggest RF Attacks
It’s in the Air(waves): Deconstructing 2017’s Biggest RF AttacksIt’s in the Air(waves): Deconstructing 2017’s Biggest RF Attacks
It’s in the Air(waves): Deconstructing 2017’s Biggest RF Attacks
 
Endüstriyel Router Çözümleri
Endüstriyel Router ÇözümleriEndüstriyel Router Çözümleri
Endüstriyel Router Çözümleri
 

More from Anna Kim

Eccploit solution
Eccploit solutionEccploit solution
Eccploit solutionAnna Kim
 
iOS App development for sign language recognition
iOS App development for sign language recognitioniOS App development for sign language recognition
iOS App development for sign language recognitionAnna Kim
 
챗봇(Chatbot) 서비스 구축하기 | 개발 예시
챗봇(Chatbot) 서비스 구축하기 | 개발 예시 챗봇(Chatbot) 서비스 구축하기 | 개발 예시
챗봇(Chatbot) 서비스 구축하기 | 개발 예시 Anna Kim
 
HS애드 숨고 IMC전략 제안서
HS애드 숨고 IMC전략 제안서HS애드 숨고 IMC전략 제안서
HS애드 숨고 IMC전략 제안서Anna Kim
 
경제성장률과 GDP 갭 관계
경제성장률과 GDP 갭 관계경제성장률과 GDP 갭 관계
경제성장률과 GDP 갭 관계Anna Kim
 
수화 인식 자동 번역 iOS 앱 프로젝트 제안서
수화 인식 자동 번역 iOS 앱 프로젝트 제안서수화 인식 자동 번역 iOS 앱 프로젝트 제안서
수화 인식 자동 번역 iOS 앱 프로젝트 제안서Anna Kim
 

More from Anna Kim (6)

Eccploit solution
Eccploit solutionEccploit solution
Eccploit solution
 
iOS App development for sign language recognition
iOS App development for sign language recognitioniOS App development for sign language recognition
iOS App development for sign language recognition
 
챗봇(Chatbot) 서비스 구축하기 | 개발 예시
챗봇(Chatbot) 서비스 구축하기 | 개발 예시 챗봇(Chatbot) 서비스 구축하기 | 개발 예시
챗봇(Chatbot) 서비스 구축하기 | 개발 예시
 
HS애드 숨고 IMC전략 제안서
HS애드 숨고 IMC전략 제안서HS애드 숨고 IMC전략 제안서
HS애드 숨고 IMC전략 제안서
 
경제성장률과 GDP 갭 관계
경제성장률과 GDP 갭 관계경제성장률과 GDP 갭 관계
경제성장률과 GDP 갭 관계
 
수화 인식 자동 번역 iOS 앱 프로젝트 제안서
수화 인식 자동 번역 iOS 앱 프로젝트 제안서수화 인식 자동 번역 iOS 앱 프로젝트 제안서
수화 인식 자동 번역 iOS 앱 프로젝트 제안서
 

Recently uploaded

Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)dollysharma2066
 
Introduction to Machine Learning Unit-3 for II MECH
Introduction to Machine Learning Unit-3 for II MECHIntroduction to Machine Learning Unit-3 for II MECH
Introduction to Machine Learning Unit-3 for II MECHC Sai Kiran
 
Biology for Computer Engineers Course Handout.pptx
Biology for Computer Engineers Course Handout.pptxBiology for Computer Engineers Course Handout.pptx
Biology for Computer Engineers Course Handout.pptxDeepakSakkari2
 
Call Girls Narol 7397865700 Independent Call Girls
Call Girls Narol 7397865700 Independent Call GirlsCall Girls Narol 7397865700 Independent Call Girls
Call Girls Narol 7397865700 Independent Call Girlsssuser7cb4ff
 
IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024Mark Billinghurst
 
complete construction, environmental and economics information of biomass com...
complete construction, environmental and economics information of biomass com...complete construction, environmental and economics information of biomass com...
complete construction, environmental and economics information of biomass com...asadnawaz62
 
Arduino_CSE ece ppt for working and principal of arduino.ppt
Arduino_CSE ece ppt for working and principal of arduino.pptArduino_CSE ece ppt for working and principal of arduino.ppt
Arduino_CSE ece ppt for working and principal of arduino.pptSAURABHKUMAR892774
 
Sachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
Sachpazis Costas: Geotechnical Engineering: A student's Perspective IntroductionSachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
Sachpazis Costas: Geotechnical Engineering: A student's Perspective IntroductionDr.Costas Sachpazis
 
Work Experience-Dalton Park.pptxfvvvvvvv
Work Experience-Dalton Park.pptxfvvvvvvvWork Experience-Dalton Park.pptxfvvvvvvv
Work Experience-Dalton Park.pptxfvvvvvvvLewisJB
 
DATA ANALYTICS PPT definition usage example
DATA ANALYTICS PPT definition usage exampleDATA ANALYTICS PPT definition usage example
DATA ANALYTICS PPT definition usage examplePragyanshuParadkar1
 
Artificial-Intelligence-in-Electronics (K).pptx
Artificial-Intelligence-in-Electronics (K).pptxArtificial-Intelligence-in-Electronics (K).pptx
Artificial-Intelligence-in-Electronics (K).pptxbritheesh05
 
What are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptxWhat are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptxwendy cai
 
An experimental study in using natural admixture as an alternative for chemic...
An experimental study in using natural admixture as an alternative for chemic...An experimental study in using natural admixture as an alternative for chemic...
An experimental study in using natural admixture as an alternative for chemic...Chandu841456
 
GDSC ASEB Gen AI study jams presentation
GDSC ASEB Gen AI study jams presentationGDSC ASEB Gen AI study jams presentation
GDSC ASEB Gen AI study jams presentationGDSCAESB
 
Electronically Controlled suspensions system .pdf
Electronically Controlled suspensions system .pdfElectronically Controlled suspensions system .pdf
Electronically Controlled suspensions system .pdfme23b1001
 
main PPT.pptx of girls hostel security using rfid
main PPT.pptx of girls hostel security using rfidmain PPT.pptx of girls hostel security using rfid
main PPT.pptx of girls hostel security using rfidNikhilNagaraju
 
EduAI - E learning Platform integrated with AI
EduAI - E learning Platform integrated with AIEduAI - E learning Platform integrated with AI
EduAI - E learning Platform integrated with AIkoyaldeepu123
 

Recently uploaded (20)

Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
 
Introduction to Machine Learning Unit-3 for II MECH
Introduction to Machine Learning Unit-3 for II MECHIntroduction to Machine Learning Unit-3 for II MECH
Introduction to Machine Learning Unit-3 for II MECH
 
Biology for Computer Engineers Course Handout.pptx
Biology for Computer Engineers Course Handout.pptxBiology for Computer Engineers Course Handout.pptx
Biology for Computer Engineers Course Handout.pptx
 
Call Girls Narol 7397865700 Independent Call Girls
Call Girls Narol 7397865700 Independent Call GirlsCall Girls Narol 7397865700 Independent Call Girls
Call Girls Narol 7397865700 Independent Call Girls
 
IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024
 
complete construction, environmental and economics information of biomass com...
complete construction, environmental and economics information of biomass com...complete construction, environmental and economics information of biomass com...
complete construction, environmental and economics information of biomass com...
 
Arduino_CSE ece ppt for working and principal of arduino.ppt
Arduino_CSE ece ppt for working and principal of arduino.pptArduino_CSE ece ppt for working and principal of arduino.ppt
Arduino_CSE ece ppt for working and principal of arduino.ppt
 
Sachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
Sachpazis Costas: Geotechnical Engineering: A student's Perspective IntroductionSachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
Sachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
 
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptxExploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
 
young call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Service
young call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Serviceyoung call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Service
young call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Service
 
Work Experience-Dalton Park.pptxfvvvvvvv
Work Experience-Dalton Park.pptxfvvvvvvvWork Experience-Dalton Park.pptxfvvvvvvv
Work Experience-Dalton Park.pptxfvvvvvvv
 
DATA ANALYTICS PPT definition usage example
DATA ANALYTICS PPT definition usage exampleDATA ANALYTICS PPT definition usage example
DATA ANALYTICS PPT definition usage example
 
Artificial-Intelligence-in-Electronics (K).pptx
Artificial-Intelligence-in-Electronics (K).pptxArtificial-Intelligence-in-Electronics (K).pptx
Artificial-Intelligence-in-Electronics (K).pptx
 
What are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptxWhat are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptx
 
An experimental study in using natural admixture as an alternative for chemic...
An experimental study in using natural admixture as an alternative for chemic...An experimental study in using natural admixture as an alternative for chemic...
An experimental study in using natural admixture as an alternative for chemic...
 
GDSC ASEB Gen AI study jams presentation
GDSC ASEB Gen AI study jams presentationGDSC ASEB Gen AI study jams presentation
GDSC ASEB Gen AI study jams presentation
 
Electronically Controlled suspensions system .pdf
Electronically Controlled suspensions system .pdfElectronically Controlled suspensions system .pdf
Electronically Controlled suspensions system .pdf
 
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCRCall Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
 
main PPT.pptx of girls hostel security using rfid
main PPT.pptx of girls hostel security using rfidmain PPT.pptx of girls hostel security using rfid
main PPT.pptx of girls hostel security using rfid
 
EduAI - E learning Platform integrated with AI
EduAI - E learning Platform integrated with AIEduAI - E learning Platform integrated with AI
EduAI - E learning Platform integrated with AI
 

Rdma 1

  • 2. 2 Introduction ▪ State-of-the-art remote direct memory access(RDMA) technologies such as • InfiniBand (IB) • RDMA over Converged Ethernet (RoCE) are becoming widely used in data center applications. ▪ Hence, the security of RDMA architectures is crucial, yet potential security implications of using RDMA communication remain largely unstudied. ReDMArk: Bypassing RDMA Security Mechanisms (ETH Zurich)
  • 3. 3 Introduction ➨ RFC 5042 analyzes basic security issues, but lack in-depth analysis. ReDMArk: Bypassing RDMA Security Mechanisms (ETH Zurich)
  • 4. 4 Introduction ▪ Unfortunately, encryption and authentication of RDMA packets is not part of current RDMA specifications. • IPsec standard does not support InfiniBand traffic (only RoCE) • Application-level encryption (e.g., TLS) is not possible since RDMA operations can be handled without involvement of the CPU. ReDMArk: Bypassing RDMA Security Mechanisms (ETH Zurich)
  • 5. 5 RDMA Background RDMA has been key ingredient of HPC and supercomputing environments for years. At a high level RDMA is a networking approach consisting of two basic concepts: Design Guidelines for High Performance RDMA Systems (USENIX ATC’ 16) 1. Operating system “stack bypass”: In many applications, the overhead of going through the kernel networking layers is the bottleneck to processing speed. 2. Full CPU bypass: For certain, more-specialized applications, RDMA hardware can allow one computer to read and write directly to/from the memory of another node in the cluster, without the remote node’s CPU or OS being involved at all.
  • 6. 6 Large RDMA design space Design Guidelines for High Performance RDMA Systems (USENIX ATC’ 16) Operations Transports Optimizations READ WRITE ATOMIC Remote bypass (one-sided) SEND, RECV Two-sided Reliable Unreliable Connected Datagram Inlined Unsignaled Doorbell batching WQE shrinking 0B-RECVs
  • 7. 7 Large RDMA design space Design Guidelines for High Performance RDMA Systems (USENIX ATC’ 16) PCI Express messages are expensive Reduce CPU-to-NIC messages (MMIOs) Reduce NIC-to-CPU messages (DMAs)
  • 8. 8 Security Gaps in RDMA 10 discovered vulnerabilities in ReDMArk V1 Memory Protection Key Randomness V2 Static Initialization State for Key Generation V3 Shared Key Generator V4 Consecutive Allocation of Memory Regions V5 Linearly Increasing QP Numbers V6 Fixed Starting Packet Sequence Number V7 Limited Attack Detection Capabilities V8 Missing Encryption and Authentication in RDMA Protocols V9 Single Protection Domain for all QPs V10 Implicit On-Demand Paging (ODP) Packet Injection using Impersonation Dos Attack by Transiting QPs to an Error State Unauthorized Memory Access DoS Attack based on QP Allocation Resource Exhaustion Performance Degradation using Resource Exhaustion Facilitating Attacks using RDMA
  • 9. 1.Host A sends data to SNIC A 2.SNIC A protects the packet 3.SNIC A sends the protected packet to SNIC B 4.SNIC B validates the packet 5.SNIC B performs RDMA write to the requested memory 9 Secure RDMA System Design sRDMA – Efficient NIC-based Authentication and Encryption for Remote Direct Memory Access ▪ The current IBA protection mechanism do not suffice to ensure secure communication between endpoints, allowing adversaries numerous attacks. ▪ Thus, the primary goal of our work is to secure RDMA protocols against attacks by providing source and data authentication along with data secrecy and data freshness. QP connection Endpoint A Endpoint B Host A Host B
  • 10. Intelligent Offloads – Higher Performance, Efficiency, Scalability ConnectX-4 / Lx ConnectX-5/6/6-Dx BlueField © 2018 Mellanox Technologies 10
  • 11. 111 FUTURE PLANS ▪ Programming Infiniband RDMA ▪ OFFLOAD a specific CipherSuite (e.g., TLS1.2-ECDHE-ECDSA-AES128-GCM-SHA256) to SmartNIC.