Accession Number:

AD1166855

Title:

Securing Infiniband Networks with End-Point Encryption

Descriptive Note:

[Technical Report, Master's Thesis]

Corporate Author:

AIR FORCE INSTITUTE OF TECHNOLOGY WRIGHT-PATTERSON AFB OH

Personal Author(s):

• Diamond, Noah B

Report Date:

2022-03-24

Pagination or Media Count:

111

Abstract:

The NVIDIA-Mellanox BluexCeld-2 is a 100 Gbps high-performance network interface which offers hardware offload and acceleration features that can operate directly on network traffic without routine involvement from the ARM CPU. This allows the ARM multi-core CPU to orchestrate the hardware to perform operations on both Ethernet and RDMA traffic at high rates rather than processing all the traffic directly. A testbed called TNAP was created for performance testing and a MiTM verixCfication process called MiTMVMP is used to ensure proper network conxCfiguration. The hardware accelerators of the BluexCeld-2 support a throughput of nearly 86 Gbps when using IPsec to encrypt and authenticate RoCEv2 traffic. This research closes by providing operational security recommendations to defend against presented vulnerabilities, and secure InxCfiniBand with the BluexCeld-2 DPU and similar InxCfiniBand channel adapters.

Descriptors:

• computer networks
• network protocols
• performance tests
• transport protocols
• air force
• operating systems
• computer network security
• computers
• application-specific integrated circuits
• cryptography
• network architecture
• central processing units
• communication channels
• computer programming
• data centers
• data processing
• high performance computing

Subject Categories:

• Computer Systems Management and Standards

Distribution Statement:

[A, Approved For Public Release]