Securing High-Performance Data Transfers: Implementing AES Encryption in RDMA Systems
For high-performance computing users needing secure data transfers, this work provides a practical approach to encrypt RDMA traffic with minimal performance loss.
This work integrates AES-128 encryption into RDMA systems using a programmable Tofino switch to secure data transfers without compromising performance. The system achieves throughput up to 1.9 Gbps for 128-byte packets, demonstrating feasibility of secure high-throughput RDMA.
Remote Direct Memory Access (RDMA) is a key enabler of high-performance systems, offering low latency, high throughput, and reduced CPU overhead by allowing direct memory-to-memory transfers between machines. However, its design bypasses traditional CPU-mediated security mechanisms, introducing critical vulnerabilities in untrusted environments. This work explores the integration of RDMA and AES-128 encryption to secure data transfers without compromising performance. We implement encryption directly within the data plane of a programmable Tofino switch using the P4 programming language. By offloading encryption from the CPU to the switch, our design preserves RDMA's performance benefits while addressing its security shortcomings. Experimental results show that the system achieves throughput of 0.37 Gbps for 16-byte packets, 0.76 Gbps for 32-byte packets, 1.83 Gbps for 64-byte packets, and 1.9 Gbps for 128-byte packets. These findings demonstrate the feasibility of secure, high-throughput RDMA communication using programmable network hardware.