sRDMA -- Efficient NIC-based Authentication and Encryption for Remote Direct Memory Access

Authors: 

Konstantin Taranov, Benjamin Rothenberger, Adrian Perrig, and Torsten Hoefler, ETH Zurich

Abstract: 

State-of-the-art remote direct memory access (RDMA) technologies have shown to be vulnerable against attacks by in-network adversaries, as they provide only a weak form of protection by including access tokens in each message. A network eavesdropper can easily obtain sensitive information and modify bypassing packets, affecting not only secrecy but also integrity. Tampering with packets can have drastic consequences. For example, when memory pages with code are changed remotely, altering packet contents enables remote code injection. We propose sRDMA, a protocol that provides efficient authentication and encryption for RDMA to prevent information leakage and message tampering. sRDMA uses symmetric cryptography and employs network interface cards to perform cryptographic operations. Additionally, we provide an implementation for sRDMA using programmable network adapters.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

BibTeX
@inproceedings {254436,
author = {Konstantin Taranov and Benjamin Rothenberger and Adrian Perrig and Torsten Hoefler},
title = {{sRDMA} -- Efficient {NIC-based} Authentication and Encryption for Remote Direct Memory Access},
booktitle = {2020 USENIX Annual Technical Conference (USENIX ATC 20)},
year = {2020},
isbn = {978-1-939133-14-4},
pages = {691--704},
url = {https://www.usenix.org/conference/atc20/presentation/taranov},
publisher = {USENIX Association},
month = jul
}

Presentation Video