Name
Abstract | ||
|---|---|---|
The InfiniBand architecture (IBA) is a promising communication standard for building clusters and system area networks. However, the IBA specification has left out security aspects, resulting in potential security vulnerabilities, which could be exploited with moderate effort. In this paper, we view these vulnerabilities from three classical security aspects - confidentiality, authentication, and availability - and investigate the following security issues. First, as groundwork for secure services in IBA, we present partition-level and queue-pair-level key management schemes, both of which can be easily integrated into IBA. Second, for confidentiality and authentication, we present a method to incorporate a scalable encryption and authentication algorithm into IBA, with little performance overhead. Third, for better availability, we propose a stateful ingress filtering mechanism to block denial-of-service (DoS) attacks. Finally, to further improve the availability, we provide a scalable packet marking method tracing back DoS attacks. Simulation results of an IBA network show that the security performance overhead due to encryption/authentication on network latency ranges from 0.7 percent to 12.4 percent. Since the stateful ingress filtering is enabled only when a DoS attack is active, there is no performance overhead in a normal situation. |
Year | DOI | Venue |
|---|---|---|
2007 | 10.1109/TPDS.2007.1079 | IEEE Trans. Parallel Distrib. Syst. |
Keywords | Field | DocType |
iba specification,security performance,authentication,ingress filtering,scalable encryption,performance overhead,packet marking,security aspect,cryptography,queue-pair-level key management,dos attack,stateful ingress,security enhancement,infiniband architecture,cluster security,confidentiality,availability dos,potential security vulnerability,galois/counter mode,authorisation,iba network show,workstation clusters,classical security aspect,following security issue,comprehensive framework,denial-of-service attacks,encryption,communication standard,system area networks,enhancing security,denial of service,availability,computer architecture,dos,key management,galois counter mode,radiation detectors,security,denial of service attacks,real time systems | Ingress filtering,Authentication,InfiniBand,Denial-of-service attack,Cryptography,Computer science,Computer security,Computer network,Encryption,Stateful firewall,Galois/Counter Mode,Distributed computing | Journal |
Volume | Issue | ISSN |
18 | 10 | 1045-9219 |
Citations | PageRank | References |
2 | 0.37 | 18 |
Authors | ||
2 | ||
Name | Order | Citations | PageRank |
|---|---|---|---|
| Manhee Lee | 1 | 40 | 9.04 |
| Eun Jung Kim | 2 | 873 | 67.64 |