Abstract
InfiniBand is an input/output interconnect technology for high performance computing clusters – it is employed in more than one-quarter of the world’s 500 fastest computer systems. Although InfiniBand was created to provide extremely low network latency with high quality of service, the cyber security aspects of InfiniBand have yet to be investigated thoroughly. The InfiniBand architecture was designed as a data center technology that is logically separated from the Internet, so defensive mechanisms such as packet encryption were not implemented. The security community does not appear to have taken an interest in InfiniBand, but this is likely to change as attackers branch out from traditional computing devices. This chapter discusses the security implications of InfiniBand features and presents a technical cyber vulnerability assessment.
Chapter PDF
Similar content being viewed by others
References
R. Boyce, Vulnerability Assessments: The Proactive Steps to Secure Your Organization, Information Security Reading Room, SANS Institute, North Bethesda, Maryland, 2001
cyberang3l, InfiniBand-Graphviz-ualization, GitHub (github.com/cyber ang3l/InfiniBand-Graphviz-ualization), 2016
D. Deming, InfiniBand software architecture and RDMA, presented at the Storage Developer Conference, 2013
J. Grand, Hardware reverse engineering: Access, analyze and defeat, presented at the Black Hat DC Workshop, 2011
P. Grun, Introduction to InfiniBand for End Users: Industry-Standard Value and Performance for High-Performance Computing and the Enterprise, InfiniBand Trade Association, Beaverton, Oregon, 2010
E. Hutchins, M. Cloppert and R. Amin, Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains, Proceedings of the Sixth International Conference on Information Warfare and Security, 2011
InfiniBand Trade Association, About InfiniBand, Beaverton, Oregon (www.InfiniBandta.org/about-InfiniBand), 2019
Information Systems Audit and Control Association, Security Vulnerability Assessment, Rolling Meadows, Illinois (cybersecurity.isaca.org/info/cyber-aware/images/ISACA\_WP\_Vulnerability\_Assessment\_1117.pdf), 2017
M. Lee, E. Kim and M. Yousif, Security enhancement in the InfiniBand architecture, Proceedings of the Nineteenth IEEE International Parallel and Distributed Processing Symposium, 2005
P. MacArthur, Q. Liu, R. Russell, F. Mizero, M. Veeraraghavan and J. Dennis, An integrated tutorial on InfiniBand, verbs and MPI, IEEE Communications Surveys and Tutorials, vol. 19(4), pp. 2894–2926, 2017
Mellanox Technologies, Introduction to InfiniBand, White Paper, Document No. 2003WP, Santa Clara, California (www.mellanox.com/pdf/whitepapers/IB\_Intro\_WP\_190.pdf), 2003
Mellanox Technologies, Security in Mellanox Technologies InfiniBand Fabrics, Technical Overview, White Paper, Document No. 3861WP Rev. 1.0, Sunnyvale, California (www.mellanox.com/related-docs/whitepapers/WP_Secuirty_In_InfiniBand_Fabrics_Final.pdf), 2012
Mellanox Technologies, RDMA Aware Networks Programming User Manual, Rev. 1.7, Sunnyvale, California (www.mellanox.com/related-docs/prod_software/RDMA_Aware_Programming_user_manual.pdf), 2015
Mellanox Technologies, RoCE vs. iWARP Competitive Analysis, White Paper, Document No. 15–4514WP Rev. 2.0, Sunnyvale, California (www.mellanox.com/related-docs/whitepapers/WP\_RoCE\_vs\_iWARP.pdf), 2017
Mellanox Technologies, Mellanox OFED for Linux User Manual, Revision 4.4, Software Version 4.4-1.0.0.0, Sunnyvale, California (www.mellanox com/related-docs/prod\_software/Mellanox\_OFED\_Linux\_User\_Manual\_v4\_4.pdf), 2018
Mellanox Technologies, SX6012 Switch, Product Brief, Sunnyvale, California (www.mellanox.com/related-docs/prod\_ib\_switch\_systems/PB\_S X6012.pdf), 2018
Mellanox Technologies, ConnectX-5 Single/Dual-Port Adapter Supporting 100Gb/s with VPI, Sunnyvale, California (www.mellanox.com/page/products\_dyn?product\_family=258&mtag=connectx\_5\_vpi\_card), 2019
Mellanox Technologies, Mellanox OpenFabrics Enterprise Distribution for Linux (MLNX\_OFED), Sunnyvale, California (www.mellanox.com/page/products\_dyn?product\_family=26), 2019
MITRE Corporation, ATT&CK Matrix for Enterprise, Bedford, Massachusetts (attack.mitre.org), 2019
National Institute of Standards and Technology, Cyber Supply Chain Risk Management, Gaithersburg, Maryland (csrc.nist.gov/Projects/cyber-supply-chain-risk-management), 2019
OpenFabrics Alliance, Index of /downloads/management (www.openfabrics.org/downloads/management), 2017
Oracle, Delivering Application Performance with Oracle’s InfiniBand Technology: A Standards-Based Interconnect for Application Scalability and Network Consolidation, Version 2.0, Technical White Paper, Redwood Shores, California, 2012
G. Pfister, An introduction to the InfiniBand architecture, in High Performance Mass Storage and Parallel I/O: Technologies and Applications, R. Buyya and T. Cortes (Eds.), John Wiley and Sons, New York, pp. 617–632, 2001
QLogic, Fabric Manager User Guide, Firmware Version 6.0, D000007–007 C, Aliso Viejo, California, 2010
S. Rubenoff, HDR 200G InfiniBand: Empowering Next Generation Data Centers, insideHPC, February 25, 2018
A. Shostack, Threat Modeling: Designing for Security, John Wiley and Sons, Indianapolis, Indiana, 2014
Symantec, Internet Security Threat Report, Volume 23, Mountain View, California, 2018
TOP500, List Statistics, Sinsheim, Germany (www.top500.org/statistics/list), November 2018
A. Warren, InfiniBand Fabric and Userland Attacks, Information Security Reading Room, SANS Institute, North Bethesda, Maryland, 2012
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 IFIP International Federation for Information Processing
About this paper
Cite this paper
Schmitt, D., Graham, S., Sweeney, P., Mills, R. (2019). Vulnerability Assessment of InfiniBand Networking. In: Staggs, J., Shenoi, S. (eds) Critical Infrastructure Protection XIII. ICCIP 2019. IFIP Advances in Information and Communication Technology, vol 570. Springer, Cham. https://doi.org/10.1007/978-3-030-34647-8_10
Download citation
DOI: https://doi.org/10.1007/978-3-030-34647-8_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-34646-1
Online ISBN: 978-3-030-34647-8
eBook Packages: Computer ScienceComputer Science (R0)