Securing High-Performance Data Transfers: Implementing AES Encryption in RDMA Systems

Abstract

Remote Direct Memory Access (RDMA) is a key enabler of high-performance systems, offering low latency, high throughput, and reduced CPU overhead by allowing direct memory-to-memory transfers between machines. However, its design bypasses traditional CPU-mediated security mechanisms, introducing critical vulnerabilities in untrusted environments. This work explores the integration of RDMA and AES-128 encryption to secure data transfers without compromising performance. We implement encryption directly within the data plane of a programmable Tofino switch using the P4 programming language. By offloading encryption from the CPU to the switch, our design preserves RDMA's performance benefits while addressing its security shortcomings. Experimental results show that the system achieves throughput of 0.37 Gbps for 16-byte packets, 0.76 Gbps for 32-byte packets, 1.83 Gbps for 64-byte packets, and 1.9 Gbps for 128-byte packets. These findings demonstrate the feasibility of secure, high-throughput RDMA communication using programmable network hardware.