Viet Tung Hoang

Abu Naser, Cong Wu, Mehran Sadeghi Lahijani et al.

The cloud infrastructure must provide security for High-Performance Computing (HPC) applications of sensitive data to execute in such an environment. However, supporting security in the communication infrastructure of today's public cloud is challenging, because current networks for data centers are so fast that adding encryption can incur very significant overheads. In this work, we introduce CryptMPI, a high performance encrypted MPI library that supports communication with both integrity and privacy. We present the techniques in CryptMPI and report our benchmarking results using micro-benchmarks and NAS parallel benchmarks. The evaluation results indicate that the aforementioned techniques are effective in improving the performance of encrypted communication.

Abu Naser, Mehran Sadeghi Lahijani, Cong Wu et al.

In order for High-Performance Computing (HPC) applications with data security requirements to execute in the public cloud, the cloud infrastructure must ensure the privacy and integrity of data. To meet this goal, we consider incorporating encryption in the Message Passing Interface (MPI) library. We empirically evaluate four contemporary cryptographic libraries, OpenSSL, BoringSSL, Libsodium, and CryptoPP using micro-benchmarks and NAS parallel benchmarks on two different networking technologies, 10Gbps Ethernet and 40Gbps InfiniBand. We also develop accurate models that allow us to reason about the performance of encrypted MPI communication in different situations and give guidance on how to improve encrypted MPI performance.

Viet Tung Hoang, Ben Morris, Phillip Rogaway

We introduce the swap-or-not shuffle and show that the technique gives rise to a new method to convert a pseudorandom function (PRF) into a pseudorandom permutation (PRP) (or, alternatively, to directly build a confusion/diffusion blockcipher). We then prove that swap-or-not has excellent quantitative security bounds, giving a Luby-Rackoff type result that ensures security (assuming an ideal round function) to a number of adversarial queries that is nearly the size of the construction's domain. Swap-or-not provides a direct solution for building a small-domain cipher and achieving format-preserving encryption, yielding the best bounds known for a practical scheme for enciphering credit-card numbers. The analysis of swap-or-not is based on the theory of mixing times of Markov chains.