Name
Abstract | ||
|---|---|---|
The InfiniBand驴 Architecture (IBA) is a new promising I/O communication standard positioned for building clusters and System Area Networks (SANs). However, the IBA specification has left out security resulting in potential security vulnerabilities, which could be exploited with moderate effort. In this paper, we view these vulnerabilities from three classical security aspects: availability, confidentiality, and authentication. For better availability of IBA, we recommend that a switch be able to enforce partitioning for data packets for which we propose an efficient implementation method using trap messages. For confidentiality, we encrypt only secret keys to minimize performance degradation. The most serious vulnerabilityin IBA is authentication since IBA authenticates packets solely by checking the existence of plaintext keys in the packet. In this paper, we propose a new authentication mechanism that treats the Invariant CRC (ICRC) field as an Authentication Tag, which is compatible with current IBA specification. When analyzing the performance of our authentication approach along with other authentication algorithms, we observe that our approach dramatically enhances IBA's authentication capability without hampering IBA performance benefit. Furthermore, simulation results indicate that our methods enhance security in IBA with marginal performance overhead. |
Year | DOI | Venue |
|---|---|---|
2005 | 10.1109/IPDPS.2005.396 | IPDPS |
Keywords | Field | DocType |
marginal performance overhead,infiniband architecture,new authentication mechanism,current iba specification,iba performance benefit,authentication capability,authentication approach,security enhancement,authentication algorithm,iba specification,classical security aspect,iba authenticates packet,data security,degradation,cryptography,packet switching,authorisation,availability,data packets,message authentication,authentication,switches | Data security,Authentication,InfiniBand,Computer science,Computer security,Cryptography,Computer network,Data Authentication Algorithm,Encryption,Distributed computing,Message authentication code,Parallel computing,Plaintext | Conference |
ISBN | Citations | PageRank |
0-7695-2312-9 | 5 | 0.47 |
References | Authors | |
19 | 3 | |
Name | Order | Citations | PageRank |
|---|---|---|---|
| Manhee Lee | 1 | 40 | 9.04 |
| Eun Jung Kim | 2 | 873 | 67.64 |
| Mazin Yousif | 3 | 874 | 59.00 |