Skip to main content
SpringerLink
Log in

Securing an InfiniBand Network and its Effect on Performance

  • Conference paper
  • First Online:
Critical Infrastructure Protection XIV (ICCIP 2020)

Part of the book series: IFIP Advances in Information and Communication Technology ((IFIPAICT,volume 596))

Included in the following conference series:

Abstract

The InfiniBand network architecture, which delivers very high bandwidth and low latency, is one of the leading interconnects used in high performance computing. As its popularity increases, applications of InfiniBand in the critical infrastructure are growing, which creates the potential of new security risks.

This chapter addresses some open security issues related to InfiniBand. It demonstrates that common traffic analyzing tools are unable to capture or monitor InfiniBand traffic transmitted between hosts. Due to the kernel bypass nature of InfiniBand, many host-based network security systems cannot be executed on InfiniBand applications and, unfortunately, those that can impose significant network performance penalties. The principal takeaways are that Ethernet security practices do not translate to InfiniBand networks and securing InfiniBand networks requires a hardware offload strategy.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 109.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Corbet, J., Rubini, A., Kroah-Hartman, G.: Linux Device Drivers. O’Reilly Media, Sebastopol, California (2005)

    Google Scholar 

  2. InfiniBand Trade Association, InfiniBand Architecture Specification, Volume 1, Release 1.3, Beaverton, Oregon (cw.infinibandta.org/document/dl/7859), 2015

    Google Scholar 

  3. Lee, M., Kim, E.: A comprehensive framework for enhancing securityin the InfiniBand architecture. IEEE Transactions on Paralleland Distributed Systems 18(10), 1393–1406 (2007)

    Article  Google Scholar 

  4. M. Lee, E. Kim and M. Yousif, Security enhancement in the InfiniBand architecture, Proceedings of the Nineteenth IEEE International Parallel and Distributed Processing Symposium, 2005

    Google Scholar 

  5. Mellanox Technologies, Introduction to InfiniBand, White Paper, Document No. 2003WP, Santa Clara, California (www.mellanox.com/pdf/whitepapers/IB_Intro_WP_190.pdf), 2003

  6. Mellanox Technologies, InfiniBand Software and Protocols EnableSeamless Off-the-Shelf Applications Deployment, White Paper, Sunnyvale, California (www.mellanox.com/pdf/whitepapers/WP_2007_IB_Software_and_Protocols.pdf), 2007

  7. Mellanox Technologies, InfiniBand: The Production SDN, WhitePaper, Document No. 3987WP Rev. 1.0, Sunnyvale, California(www.mellanox.com/related-docs/whitepapers/WP_InfiniBand_Production_SDN.pdf), 2012

  8. Mellanox Technologies, Security in Mellanox Technology’s InfiniBand Fabrics, Technical Overview, White Paper, DocumentNo. 3861WP Rev. 1.0, Sunnyvale, California (www.mellanox.com/related-docs/whitepapers/WP_Secuirty_In_InfiniBand_Fabrics_Final.pdf), 2012

  9. Mellanox Technologies, RDMA Aware Networks ProgrammingUser Manual, Rev. 1.7, Sunnyvale, California (www.mellanox.com/related-docs/prod_software/RDMA_Aware_Programming_user_manual.pdf), 2015

  10. G. Pfister, An introduction to the InfiniBand architecture, in HighPerformance Mass Storage and Parallel I/O: Technologies and Applications, R. Buyya and T. Cortes (Eds.), John Wiley and Sons, New York, pp. 617–632, 2001

    Google Scholar 

  11. D. Schmitt, S. Graham, P. Sweeney and R. Mills, Vulnerability assessmentof InfiniBand networking, in Critical Infrastructure Protection XIII, J. Staggs and S. Shenoi (Eds.), Springer, Cham, Switzerland, pp. 179–205, 2019

    Google Scholar 

  12. K. Subedi, D. Dasgupta and B. Chen, Security analysis of InfiniBand protocol implementations, Proceedings of the IEEE Symposium Series on Computational Intelligence, 2016

    Google Scholar 

  13. TOP500, List Statistics, Sinsheim, Germany (top500.org/statistics/list), 2019

    Google Scholar 

  14. U.S. Department of Homeland Security, Communications Sector-Specific Plan: An Annex to the NIPP 2013, Washington, DC (www.hsdl.org/?viewdid=796518), 2015

  15. Warren, A.: InfiniBand Fabric and Userland Attacks. InformationSecurity Reading Room, SANS Institute, North Bethesda, Maryland (2012)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Air Force Institute of Technology, Wright-Patterson AirForce Base, Dayton, OH, USA

    Lucas Mireles, Scott Graham, Patrick Sweeney, Stephen Dunlap & Matthew Dallmeyer

Authors
  1. Lucas Mireles
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Scott Graham
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Patrick Sweeney
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Stephen Dunlap
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Matthew Dallmeyer
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Scott Graham .

Editor information

Editors and Affiliations

  1. University of Tulsa, Tulsa, OK, USA

    Jason Staggs

  2. University of Tulsa, Tulsa, OK, USA

    Sujeet Shenoi

Rights and permissions

Reprints and permissions

Copyright information

© 2020 IFIP International Federation for Information Processing

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Mireles, L., Graham, S., Sweeney, P., Dunlap, S., Dallmeyer, M. (2020). Securing an InfiniBand Network and its Effect on Performance. In: Staggs, J., Shenoi, S. (eds) Critical Infrastructure Protection XIV. ICCIP 2020. IFIP Advances in Information and Communication Technology, vol 596. Springer, Cham. https://doi.org/10.1007/978-3-030-62840-6_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-62840-6_8

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-62839-0

  • Online ISBN: 978-3-030-62840-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Societies and partnerships

Search

Navigation