Securing Infiniband Networks with End-Point Encryption

Author

Noah B. Diamond

Date of Award

3-2022

Document Type

Thesis

Degree Name

Master of Science

Department

Department of Electrical and Computer Engineering

First Advisor

Scott R. Graham, PhD

Abstract

The NVIDIA-Mellanox Bluefield-2 is a 100 Gbps high-performance network interface which offers hardware offload and acceleration features that can operate directly on network traffic without routine involvement from the ARM CPU. This allows the ARM multi-core CPU to orchestrate the hardware to perform operations on both Ethernet and RDMA traffic at high rates rather than processing all the traffic directly. A testbed called TNAP was created for performance testing and a MiTM verification process called MiTMVMP is used to ensure proper network configuration. The hardware accelerators of the Bluefield-2 support a throughput of nearly 86 Gbps when using IPsec to encrypt and authenticate RoCEv2 traffic. This research closes by providing operational security recommendations to defend against presented vulnerabilities, and secure InfiniBand with the Bluefield-2 DPU and similar InfiniBand channel adapters.

AFIT Designator

AFIT-ENG-MS-22-M-024

DTIC Accession Number

AD1166855

Recommended Citation

Diamond, Noah B., "Securing Infiniband Networks with End-Point Encryption" (2022). Theses and Dissertations. 5320.
https://scholar.afit.edu/etd/5320