Notification:
We are currently experiencing intermittent issues impacting performance. We apologize for the inconvenience.
By Topic

Security Enhancement in InfiniBand Architecture

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

3 Author(s)
Manhee Lee ; Dept. of Comput. Sci., Texas A&M Univ., College Station, TX, USA ; Eun Jung Kim ; Yousif, M.

The InfiniBand™ Architecture (IBA) is a new promising I/O communication standard positioned for building clusters and System Area Networks (SANs). However, the IBA specification has left out security resulting in potential security vulnerabilities, which could be exploited with moderate effort. In this paper, we view these vulnerabilities from three classical security aspects: availability, confidentiality, and authentication. For better availability of IBA, we recommend that a switch be able to enforce partitioning for data packets for which we propose an efficient implementation method using trap messages. For confidentiality, we encrypt only secret keys to minimize performance degradation. The most serious vulnerability in IBA is authentication since IBA authenticates packets solely by checking the existence of plaintext keys in the packet. In this paper, we propose a new authentication mechanism that treats the Invariant CRC (ICRC) field as an Authentication Tag, which is compatible with current IBA specification. When analyzing the performance of our authentication approach along with other authentication algorithms, we observe that our approach dramatically enhances IBA's authentication capability without hampering IBA performance benefit. Furthermore, simulation results indicate that our methods enhance security in IBA with marginal performance overhead.

Published in:

Parallel and Distributed Processing Symposium, 2005. Proceedings. 19th IEEE International

Date of Conference:

04-08 April 2005