Securing High-Performance Data Transfers: Implementing AES Encryption in RDMA Systems

📅 2026-05-24
📈 Citations: 0
Influential: 0
📄 PDF

career value

225K/year
🤖 AI Summary
This work addresses the security vulnerabilities of Remote Direct Memory Access (RDMA) in untrusted environments, where its CPU-bypassing nature circumvents conventional security mechanisms. The authors present the first native RDMA encryption implementation directly within the data plane of a programmable Tofino switch, leveraging the P4 language to integrate AES-128 encryption and offload cryptographic operations from the host CPU to the network data plane. This approach ensures strong security without compromising performance. Experimental results demonstrate sustained throughput ranging from 0.37 to 1.9 Gbps for packet sizes between 16 and 128 bytes, confirming the feasibility of simultaneously achieving high performance and robust security. The proposed method overcomes the longstanding challenge of adapting traditional security mechanisms to high-speed RDMA communication.
📝 Abstract
Remote Direct Memory Access (RDMA) is a key enabler of high-performance systems, offering low latency, high throughput, and reduced CPU overhead by allowing direct memory-to-memory transfers between machines. However, its design bypasses traditional CPU-mediated security mechanisms, introducing critical vulnerabilities in untrusted environments. This work explores the integration of RDMA and AES-128 encryption to secure data transfers without compromising performance. We implement encryption directly within the data plane of a programmable Tofino switch using the P4 programming language. By offloading encryption from the CPU to the switch, our design preserves RDMA's performance benefits while addressing its security shortcomings. Experimental results show that the system achieves throughput of 0.37 Gbps for 16-byte packets, 0.76 Gbps for 32-byte packets, 1.83 Gbps for 64-byte packets, and 1.9 Gbps for 128-byte packets. These findings demonstrate the feasibility of secure, high-throughput RDMA communication using programmable network hardware.
Problem

Research questions and friction points this paper is trying to address.

RDMA
security
AES encryption
high-performance data transfer
untrusted environments
Innovation

Methods, ideas, or system contributions that make the work stand out.

RDMA
AES encryption
programmable switch
P4
in-network security
🔎 Similar Papers