Security Aspects of Using Smart NICs

After I published the blog post describing how infrastructure cloud provides (example: AWS) might use smart Network Interface Cards (NICs) as the sweet spot to implement overlay virtual networking, my friend Christoph Jaggi sent me links to two interesting presentations:

Both presentations describe how you can take over a smart NIC with a properly crafted packet, and even bypass CPU on a firewall using smart NICs.

What Is a Smart NIC

If you’ve never heard about smart NICs, you might want to start with the chat we had with Or Gerlitz (Mellanox), Andy Gospodarek (Broadcom) and Jiri Pirko (Mellanox), and then look at the technical part of the Pensando presentation from Cloud Field Day 7 (you can safely skip the “we are so awesome” part).

Or in you’re short on time, here’s the crux of the story:

  • Dumb NICs take packets from a circular buffer (TX ring) and send bits from those packets to the wire… or the other way round (in which case the circular buffer would be called RX ring).
  • Smart NICs include everything a dumb NIC has (someone obviously has to transmit and receive the bits), but they can be programmed to munge the packets, including all sorts of crazy lookups and content manipulations. Most smart NICs are programmable, and include plenty of memory and a general-purpose CPU.
I was told some high-frequency trading environments use smart(er) NICs (using FPGA if I remember correctly) to reduce the number of stock quotes in updates received from stock exchange to minimize the delay in processing the interesting quotes.

What Is the Problem?

We make mistakes. Sometimes the mistakes are burnt into hardware (see Pentium FDIV bug), most often they are hidden somewhere in software. History of IT security is littered with buffer overflows or code accepting inputs without any sanity check (see Heartbleed).

Then there are those nasty bugs that need a very specific sequence of events and very specific timing (see: Meltdown and Spectre… and researchers keep discovering all sorts of variants of exploits of speculative execution). Finally, even the management software that handles software upgrades and the like is vulnerable (see: Intel CSME vulnerability).

I think it’s fair to say that it’s only a question of time when we’ll see another catastrophic smart NIC exploit. Oops, we already did - see Broadpwn.

Amazon might be in pretty good shape with AWS Nitro. A cloud service provider has to care about security more than a typical enterprise vendor, and they claim to have provable security. As for smart NICs being used in enterprise servers, in particular those that can be programmed by the end-user, I have only one thing to say: expect some fun times.

1 comments:

  1. It seems powerful but the question I have to ask myself (and you in occurrence) is, is it the right way to do things? (i.e. interfere with the network) or is it just a can of worm where, besides all the security aspects you highlighted, people will start using them for things they shouldn't. I mean, it's different, but it kind of reminds me of all those ALGs that were needed because of NAT, I know NAT is a problem in itself, but the protocols were broken in the first place. People might start fixing or patching things at the wrong level here. For very specific examples like the stocks usecase it might be a valuable ally but I don't think the global industry needs this. That beeing said, I didn't read/listen to all the content.

Add comment
Sidebar