Message authentication with one-way hash functions
IEEE INFOCOM '92 Proceedings of the eleventh annual joint conference of the IEEE computer and communications societies on One world through communications (Vol. 3)
An integrity check value algorithm for stream ciphers
CRYPTO '93 Proceedings of the 13th annual international cryptology conference on Advances in cryptology
Applied cryptography (2nd ed.): protocols, algorithms, and source code in C
Applied cryptography (2nd ed.): protocols, algorithms, and source code in C
CryptoManiac: a fast flexible architecture for secure communication
ISCA '01 Proceedings of the 28th annual international symposium on Computer architecture
Managing security in high-performance distributed computations
Cluster Computing
UMAC: Fast and Secure Message Authentication
CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
CRYPTO '96 Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology
A Fast Cryptographic Checksum Algorithm Based on Stream Ciphers
ASIACRYPT '92 Proceedings of the Workshop on the Theory and Application of Cryptographic Techniques: Advances in Cryptology
A Study of the Relative Costs of Network Security Protocols
Proceedings of the FREENIX Track: 2002 USENIX Annual Technical Conference
Breaking the barriers: high performance security for high performance computing
Proceedings of the 2002 workshop on New security paradigms
A Source Identification Scheme against DDoS Attacks in Cluster Interconnects
ICPPW '04 Proceedings of the 2004 International Conference on Parallel Processing Workshops
Analyzing Distributed Denial of Service Tools: The Shaft Case
LISA '00 Proceedings of the 14th USENIX conference on System administration
Improving DES coprocessor throughput for short operations
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
A Comprehensive Framework for Enhancing Security in InfiniBand Architecture
IEEE Transactions on Parallel and Distributed Systems
Making the network scalable: inter-subnet routing in infiniband
Euro-Par'13 Proceedings of the 19th international conference on Parallel Processing
| Hi-index | 0.00 |
The InfiniBand驴 Architecture (IBA) is a new promising I/O communication standard positioned for building clusters and System Area Networks (SANs). However, the IBA specification has left out security resulting in potential security vulnerabilities, which could be exploited with moderate effort. In this paper, we view these vulnerabilities from three classical security aspects: availability, confidentiality, and authentication. For better availability of IBA, we recommend that a switch be able to enforce partitioning for data packets for which we propose an efficient implementation method using trap messages. For confidentiality, we encrypt only secret keys to minimize performance degradation. The most serious vulnerabilityin IBA is authentication since IBA authenticates packets solely by checking the existence of plaintext keys in the packet. In this paper, we propose a new authentication mechanism that treats the Invariant CRC (ICRC) field as an Authentication Tag, which is compatible with current IBA specification. When analyzing the performance of our authentication approach along with other authentication algorithms, we observe that our approach dramatically enhances IBA's authentication capability without hampering IBA performance benefit. Furthermore, simulation results indicate that our methods enhance security in IBA with marginal performance overhead.