srdma efficient nic based authentication and encryption
play

sRDMA Efficient NICbased Authentication and Encryption for Remote - PowerPoint PPT Presentation

Sep 09, 2022 •2.08k likes •2.47k views

spcl.inf.ethz.ch @spcl_eth Konstantin Taranov, Benjamin Rothenberger, Adrian Perrig, Torsten Hoefler sRDMA Efficient NICbased Authentication and Encryption for Remote Direct Memory Access spcl.inf.ethz.ch @spcl_eth RDMA networking is

  1. spcl.inf.ethz.ch @spcl_eth Konstantin Taranov, Benjamin Rothenberger, Adrian Perrig, Torsten Hoefler sRDMA – Efficient NIC‐based Authentication and Encryption for Remote Direct Memory Access

  2. spcl.inf.ethz.ch @spcl_eth RDMA networking is a new trend in cloud computing 2

  3. spcl.inf.ethz.ch @spcl_eth RDMA security considerations RFC4297 – Remote Direct Memory Access (RDMA) over IP Problem Statement: “The RDMA protocols must permit integration with Internet security standards, such as IPsec and TLS. ” December 2005 March 2017 IPSec does not support RDMA July 2020 3

  4. spcl.inf.ethz.ch @spcl_eth Can application‐level security be used?  One‐sided RDMA requests are completely performed by the NIC  No CPU involvement on the destination machine  Two‐sided communication is also offloaded to the NIC  Packets cannot be discarded by the NIC  Received data consumes resources of the connection  CPU is responsible for verifying the received data negating RDMA advantages 4

  5. spcl.inf.ethz.ch @spcl_eth sRDMA – secure RDMA communication  sRDMA is lightweight security extension to RDMA which uses symmetric key cryptography to provide  Header Authentication  Packet Authentication  Payload encryption  Memory protection  sRDMA effectively prevents:  Eavesdropping  Spoofing attacks  Replay attacks  Man in the middle attacks  sRDMA is back compatible with classical RDMA and can be easily adapted by  native InfiniBand  RoCEv1  RoCEv2 5

  6. spcl.inf.ethz.ch @spcl_eth sRDMA – secure QP connection  sRDMA introduces a new Secure Reliably Connected Queue Pair  The application installs symmetric keys to a QP connection and required level of protection  Supported security codes: 6

  7. spcl.inf.ethz.ch @spcl_eth sRDMA Packet format Routing Base Transport RDMA Payload Checksums Header (RH) Header (BTH) Routing Base Transport IPSec* IPSec Payload Checksums Header (RH) Header (BTH) Routing Base Transport sRDMA sRDMA Payload Checksums Header (RH) Header (BTH) header sRDMA packet format advantages: • Routing and checksums not affected • Secure header is processed after processing of BTH * It does not exist yet, but it is discussed 7

  8. spcl.inf.ethz.ch @spcl_eth Base Transport Header (BTH) Routing Base Transport sRDMA sRDMA Payload Checksums Header (RH) Header (BTH) header • Changes to BTH • We use 3 out of 7 reserved bits from BTH to indicate the presence of the secure header • Secure header size • sRDMA supports 7 different MAC sizes • Value 0 is for back‐compatibility 8

  9. spcl.inf.ethz.ch @spcl_eth Nonce and Packet Sequence Number (PSN)  IPSec uses nonce against replay attacks  Nonce must never be reused  Nonce can be predictable and be transmitted in clear  PSN is a part of BTH  PSN is only 24 bit which get reused after 80 ms on modern network devices  Mellanox ConnectX‐5 can send up to 200 million messages per second!  sRDMA extends InfiniBand PSN counters to 64 bits  Both sender and receiver maintain 64‐bit counters,  But they transmit 24 least significant bits (LSB).  As PSNs are ordered, the endpoints can recover 64 bit sequence number from 24 LSB using sliding window. 9

  10. spcl.inf.ethz.ch @spcl_eth sRDMA ‐ Authentication and Secrecy  Header Authentication  Packet Authentication  Payload authenticated encryption  Nonce, RH, and BTH are passed as Additional Authenticated Data  Payload is encrypted and sent instead of plaintext  Overheads of AES‐128 for N secure QP connections Key overhead Nonce counter Header IPSec 16B * N 16B * N 32B sRDMA 16B * N 10B * N 16B 10

  11. spcl.inf.ethz.ch @spcl_eth Improving memory overhead – Protection Domain (PD) level keys  In RDMA, QP connections are created inside PDs  PD groups IB resources such as QP connections and memory regions that can work together.  sRDMA proposes to install a key ( K PD ) to PD, and use this key to derive QP level keys  We propose to install a single key per PD, and derive QP‐level keys from the PD key.  The key is derived using pseudorandom function (PRF) based on adapter port addresses (APA) and QPN identifiers of the endpoints.  Two endpoints derive the same symmetric key.  Overheads of AES‐128 for N secure QP connections Key overhead Nonce counter Header IPSec 16B * N 16B * N 32B sRDMA 16B * N 10B * N 16B sRDMA + PD keys 16B 10B* N 16B 11

  12. spcl.inf.ethz.ch @spcl_eth Extended memory protection  Memory protection in IBA is based on rkey tags (32 bits)  Each one‐sided RDMA request must include rkey in its request.  Any endpoint with the rkey can access the memory Endpoint A  sRDMA proposes scalable crypto‐based memory protection  Access to sub‐region (SR) with addresses [START, END )  sRDMA does not introduce extra header and reuses the STH Endpoint B Endpoint C 12

  13. spcl.inf.ethz.ch @spcl_eth Implementation of sRDMA  sRDMA is implemented on Broadcom Stingray PS225  Eight‐core ARM A72  DDR4 8 GB DRAM  Supports crypto‐acceleration 13

  14. spcl.inf.ethz.ch @spcl_eth Implementation of sRDMA Host B Host A QP connection QP connection SmartNIC B SmartNIC A QP connection Endpoint A Endpoint B 14

  15. spcl.inf.ethz.ch @spcl_eth Implementation of sRDMA – RDMA Write Host B Host A 1. Host A sends data to SmartNIC A. 2. SmartNIC A protects the packet. 3. SmartNIC A sends the protected packet to SmartNIC B. 4. SmartNIC B validates the packet. 5. SmartNIC B performs RDMA Write to the requested memory. SmartNIC B SmartNIC A Endpoint A Endpoint B 15

  16. spcl.inf.ethz.ch @spcl_eth Evaluation – Source authentication latency NO security baseline 16

  17. spcl.inf.ethz.ch @spcl_eth Evaluation – Source authentication latency NO security baseline 17

  18. spcl.inf.ethz.ch @spcl_eth Evaluation – Source authentication latency NO security baseline 18

  19. spcl.inf.ethz.ch @spcl_eth Evaluation – Packet authentication latency Read latency (RTT) Write latency (RTT/2) Payload size 19

  20. spcl.inf.ethz.ch @spcl_eth Evaluation – AEAD latency Payload size 20

  21. spcl.inf.ethz.ch @spcl_eth Evaluation – Write Bandwidth 21

  22. spcl.inf.ethz.ch @spcl_eth Evaluation – Write Bandwidth 22

  23. spcl.inf.ethz.ch @spcl_eth Evaluation – Write Bandwidth 23

  24. spcl.inf.ethz.ch @spcl_eth Evaluation – Write Bandwidth 24

  25. spcl.inf.ethz.ch @spcl_eth Evaluation – Read Bandwidth Write Bandwidth Read Bandwidth 25

  26. spcl.inf.ethz.ch @spcl_eth Evaluation – Read Bandwidth Write Bandwidth Read Bandwidth 26

  27. spcl.inf.ethz.ch @spcl_eth Evaluation – Read Bandwidth Write Bandwidth Read Bandwidth 27

  28. spcl.inf.ethz.ch @spcl_eth Evaluation – Read Bandwidth Write Bandwidth Read Bandwidth 28

  29. spcl.inf.ethz.ch @spcl_eth sRDMA paper also includes  Memory Sub‐delegation  Details on the implementation  Extra Experiments 29

  30. spcl.inf.ethz.ch @spcl_eth Thank you for your attention!  sRDMA is lightweight security extension to RDMA protocols sRDMA implementation:  sRDMA is flexible and supports various protection modes  PD‐level protection minimizes memory consumption on the NIC  sRDMA extends memory protection of InfiniBand architecture  sRDMA can be easily adapted to hardware Contact information: Konstantin Taranov konstantin.taranov@inf.ethz.ch 30

Recommend

Permutation-based encryption, authentication and authenticated encryption Joan Daemen 1 Joint

Permutation-based encryption, authentication and authenticated encryption Joan Daemen 1 Joint

. . . . . . Permutation-based encryption, authentication and authenticated encryption Permutation-based encryption, authentication and authenticated encryption Joan Daemen 1 Joint work with DIAC 2012, Stockholm, July 6 Guido Bertoni 1 ,

739 views • 49 slides
HOST PUF-Based Authentication ECE 525 PUF-Based Authentication PUF-based protocols have been

HOST PUF-Based Authentication ECE 525 PUF-Based Authentication PUF-based protocols have been

HOST PUF-Based Authentication ECE 525 PUF-Based Authentication PUF-based protocols have been proposed for applications including: Encryption and authentication For detecting malicious alterations of design components For

645 views • 15 slides
Innovations in permutation-based encryption & authentication . based on joint work with

Innovations in permutation-based encryption & authentication . based on joint work with

Innovations in permutation-based encryption & authentication . based on joint work with Fast Software Encryption Conference 2017 1 Joan Daemen 1 , 2 Guido Bertoni 1 , Michal Peeters 1 , Gilles Van Assche 1 and Ronny Van Keer 1 1

855 views • 30 slides
Permutation-based encryption, authentication and authenticated encryption Guido Bertoni 1 , Joan

Permutation-based encryption, authentication and authenticated encryption Guido Bertoni 1 , Joan

Permutation-based encryption, authentication and authenticated encryption Guido Bertoni 1 , Joan Daemen 1 , Michal Peeters 2 , and Gilles Van Assche 1 1 STMicroelectronics 2 NXP Semiconductors Abstract. While mainstream symmetric cryptography has

519 views • 12 slides
1 Message Encryption- see Table 11.1 in the book Message Encryption if public-key encryption

1 Message Encryption- see Table 11.1 in the book Message Encryption if public-key encryption

Message Authentication CPE 542: CRYPTOGRAPHY & NETWORK SECURITY message authentication is concerned with: protecting the integrity of a message Chapter 11 Message Authentication and validating identity of originator Hash

462 views • 6 slides
Quantum Authentication and Encryption with Key Recycling Or: How to Re-use a One-Time Pad Even if

Quantum Authentication and Encryption with Key Recycling Or: How to Re-use a One-Time Pad Even if

Quantum Authentication and Encryption with Key Recycling Or: How to Re-use a One-Time Pad Even if P = NP Safely & Feasibly Serge Fehr Louis Salvail CWI Amsterdam University of Montral Encryption & Authentication Schemes with

829 views • 62 slides
Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication

Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication

Cryptography Authentication and Data Integrity Aims of Authentication Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication with Hash Cryptography Functions Authentication with MACs School of

613 views • 27 slides
Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication

Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication

Cryptography Authentication and Data Integrity Aims of Authentication Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication with Hash Cryptography Functions Authentication with MACs School of

1.66k views • 27 slides
Lapin (an efficient authentication protocol based on Ring-LPN) Stefan Heyse, Eike Kiltz, Vadim

Lapin (an efficient authentication protocol based on Ring-LPN) Stefan Heyse, Eike Kiltz, Vadim

Lapin (an efficient authentication protocol based on Ring-LPN) Stefan Heyse, Eike Kiltz, Vadim Lyubashevsky, Christof Paar, Krzysztof Pietrzak Authentication Protocols Prover Verifier HB-style authentication shared AES key K protocols

563 views • 22 slides
(Hierarchical) Identity-Based Encryption from Affine Message Authentication Crypto 2014 , Olivier

(Hierarchical) Identity-Based Encryption from Affine Message Authentication Crypto 2014 , Olivier

(Hierarchical) Identity-Based Encryption from Affine Message Authentication Crypto 2014 , Olivier Blazy Eike Kiltz Jiaxin Pan Horst Grtz Institute for IT Security Ruhr-University Bochum 1 Introduction 2 Affine MAC 3 From Affine MAC to IBE 4

880 views • 58 slides
NTRUReEncrypt An Efficient Proxy Re-Encryption Scheme based on NTRU David Nu nez , Isaac Agudo,

NTRUReEncrypt An Efficient Proxy Re-Encryption Scheme based on NTRU David Nu nez , Isaac Agudo,

Outline Proxy Re-Encryption NTRU NTRUReEncrypt PS-NTRUReEncrypt Experimental results Conclusions NTRUReEncrypt An Efficient Proxy Re-Encryption Scheme based on NTRU David Nu nez , Isaac Agudo, and Javier Lopez Network, Information and

929 views • 38 slides
HOST PUF-Based Authentication Protocols ECE 525 PUF-Based Authentication Protocols The simplest

HOST PUF-Based Authentication Protocols ECE 525 PUF-Based Authentication Protocols The simplest

HOST PUF-Based Authentication Protocols ECE 525 PUF-Based Authentication Protocols The simplest mechanisms called challenge-response entity authentication exchange cleartext bitstrings directly, i.e., no cryptographic primitives are used A PUF

1.08k views • 38 slides
EAP Efficient Re-authentication Vidya Narayanan , vidyan@qualcomm.com Lakshminath Dondeti ,

EAP Efficient Re-authentication Vidya Narayanan , vidyan@qualcomm.com Lakshminath Dondeti ,

EAP Efficient Re-authentication Vidya Narayanan , vidyan@qualcomm.com Lakshminath Dondeti , ldondeti@qualcomm.com January 2007 Contents EAP Re-authentication and Fast Re-authentication Requirements for low latency re-authentication

1.05k views • 27 slides
Message Authentication MAC and Hash SMU CSE 5349/49 Message Authentication Verify that

Message Authentication MAC and Hash SMU CSE 5349/49 Message Authentication Verify that

Message Authentication MAC and Hash SMU CSE 5349/49 Message Authentication Verify that messages come from the alleged source, unaltered SMU CSE 5349/7349 Authentication Functions Message encryption Ciphertext itself serves as

1.16k views • 69 slides
Physically Restricted Authentication and Encryption for Cyber-physical Systems Michael

Physically Restricted Authentication and Encryption for Cyber-physical Systems Michael

11/12/09 Physically Restricted Authentication and Encryption for Cyber-physical Systems Michael Kirkpatrick, Elisa Bertino Purdue University Frederick Sheldon Oak Ridge National Laboratory DHS: S&T Workshop on Future Directions in

438 views • 4 slides
CAN AUTHENTICATION AND ENCRYPTION February 2017 CAN PROVIDES MULTIPLE ATTACK VECTORS Record

CAN AUTHENTICATION AND ENCRYPTION February 2017 CAN PROVIDES MULTIPLE ATTACK VECTORS Record

Implementing scalable CAN Security with CANcrypt by Olaf Pfeiffer CAN AUTHENTICATION AND ENCRYPTION February 2017 CAN PROVIDES MULTIPLE ATTACK VECTORS Record and re-play messages Can trigger desired actions Re-engineering

320 views • 21 slides
EAP Efficient Re-authentication Lakshminath Dondeti , ldondeti@qualcomm.com Vidya Narayanan ,

EAP Efficient Re-authentication Lakshminath Dondeti , ldondeti@qualcomm.com Vidya Narayanan ,

EAP Efficient Re-authentication Lakshminath Dondeti , ldondeti@qualcomm.com Vidya Narayanan , vidyan@qualcomm.com IETF68; March 2007 Re-auth Goals MUST be better than full EAP authentication The protocol MUST be responsive to handover

361 views • 17 slides
Efficient Threshold Encryption from Lossy Trapdoor Functions Xiang Xie, Rui Xue and Rui Zhang

Efficient Threshold Encryption from Lossy Trapdoor Functions Xiang Xie, Rui Xue and Rui Zhang

Efficient Threshold Encryption from Lossy Trapdoor Functions Xiang Xie, Rui Xue and Rui Zhang SKLOIS Chinese Academy of Sciences Outline Background Our Results Our Constructions Conclusions 2 Threshold Public Key Encryption

854 views • 32 slides
tcpcrypt Mark Handley What would it take to encrypt all the traffic on the Internet, by

tcpcrypt Mark Handley What would it take to encrypt all the traffic on the Internet, by

tcpcrypt Mark Handley What would it take to encrypt all the traffic on the Internet, by default, all the time? Crypto 101: Encryption without authentication is useless. Encryption without authentication is like meeting a stranger in a

813 views • 31 slides
Efficient Ring-LWE Encryption on 8-bit AVR Processors . Zhe Liu 1 Hwajeong Seo 2 Sujoy Sinha Roy

Efficient Ring-LWE Encryption on 8-bit AVR Processors . Zhe Liu 1 Hwajeong Seo 2 Sujoy Sinha Roy

Short Overview Ring-LWE Encryption Scheme Our Implementation Implementation Results Conclusion . Efficient Ring-LWE Encryption on 8-bit AVR Processors . Zhe Liu 1 Hwajeong Seo 2 Sujoy Sinha Roy 3 adl 1 Howon Kim 2 Ingrid Verbauwhede 3

1.4k views • 102 slides
Tools for Security Physical security Access control Encryption Authentication

Tools for Security Physical security Access control Encryption Authentication

Tools for Security Physical security Access control Encryption Authentication Encapsulation Intrusion detection Common sense Lecture 2 Page 1 CS 236 Online Physical Security Lock up your computer Actually,

465 views • 35 slides
Authentication Dr. Steven Bitner Hashing Hashing is ONE WAY encryption You cannot

Authentication Dr. Steven Bitner Hashing Hashing is ONE WAY encryption You cannot

Authentication Dr. Steven Bitner Hashing Hashing is ONE WAY encryption You cannot retrieve the plain text Common hashes: md5 sha1 sha256 $password = hash (md5,$password); Better (though less common hash) Bcrypt

355 views • 18 slides
Authentication and Encryption Kelly Rivers and Stephanie Rosenthal 15-110 Fall 2019 The In

Authentication and Encryption Kelly Rivers and Stephanie Rosenthal 15-110 Fall 2019 The In

In Internet Security: Authentication and Encryption Kelly Rivers and Stephanie Rosenthal 15-110 Fall 2019 The In Internet: A Utopian Vision The In Internet: Reality Main Questions First who are the bad actors or r adversarie ies?

515 views • 24 slides
Small high-security encryption, authentication, and hashing D. J. Bernstein University of

Small high-security encryption, authentication, and hashing D. J. Bernstein University of

Small high-security encryption, authentication, and hashing D. J. Bernstein University of Illinois at Chicago Main goals of cryptography Alice and Bob are communicating. Eve is eavesdropping. Alice and Bob have several standard security

310 views • 29 slides

More recommend