Applied cryptography (2nd ed.): protocols, algorithms, and source code in C
Applied cryptography (2nd ed.): protocols, algorithms, and source code in C
Practical network support for IP traceback
Proceedings of the conference on Applications, Technologies, Architectures, and Protocols for Computer Communication
Timestamps in key distribution protocols
Communications of the ACM
Managing security in high-performance distributed computations
Cluster Computing
Performance Enhancement Techniques for InfiniBand" Architecture
HPCA '03 Proceedings of the 9th International Symposium on High-Performance Computer Architecture
Pi: A Path Identification Mechanism to Defend against DDoS Attacks
SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
Breaking the barriers: high performance security for high performance computing
Proceedings of the 2002 workshop on New security paradigms
IP Traceback: A New Denial-of-Service Deterrent?
IEEE Security and Privacy
Firewalls and Internet Security: Repelling the Wily Hacker
Firewalls and Internet Security: Repelling the Wily Hacker
Empirical evidence concerning AES
ACM Transactions on Modeling and Computer Simulation (TOMACS)
SENSS: Security Enhancement to Symmetric Shared Memory Multiprocessors
HPCA '05 Proceedings of the 11th International Symposium on High-Performance Computer Architecture
Security Enhancement in InfiniBand Architecture
IPDPS '05 Proceedings of the 19th IEEE International Parallel and Distributed Processing Symposium (IPDPS'05) - Papers - Volume 01
An Overview of Security Issues in Cluster Interconnects
CCGRID '06 Proceedings of the Sixth IEEE International Symposium on Cluster Computing and the Grid
A new distributed security model for Linux Clusters
ATEC '04 Proceedings of the annual conference on USENIX Annual Technical Conference
A session key caching and prefetching scheme for secure communication in cluster systems
Journal of Parallel and Distributed Computing
Mandatory access control with a multi-level reference monitor: PIGA-cluster
Proceedings of the first workshop on Changing landscapes in HPC security
Hi-index | 0.00 |
The InfiniBand™ Architecture (IBA) is a promising communication standard for building clusters and system area networks. However, the IBA specification has left out security aspects, resulting in potential security vulnerabilities which could be exploited with moderate effort. In this paper, we view these vulnerabilities from three classical security aspects: confidentiality, authentication, and availability and investigate the following security issues. First, as groundwork for secure services in IBA, we present partition-level and queue pair-level key management schemes, both of which can be easily integrated into IBA. Second, for confidentiality and authentication, we present a method to incorporate a scalable encryption and authentication algorithm into IBA with little performance overhead. Third, for better availability, we propose a stateful ingress filtering mechanism to block denial of service (DoS) attacks. Finally, to further improve the availability, we provide a scalable packet marking method tracing back DoS attacks. Simulation results of an IBA network show that the security performance overhead due to encryption/authentication on network latency ranges from 0.7% to 12.4%. Since the stateful ingress filtering is enabled only when a DoS attack is active, there is no performance overhead in a normal situation.