09-09-2017, 09:10 AM
An increasing number of commodity clusters are connected to each other by public networks, which have become a potential threat to parallel sensitive, security-sensitive applications running in clusters. To address this security issue, we developed a Message Passing Interface (MPI) implementation to preserve the confidentiality of messages communicated between cluster nodes on an unsecured network. We focus on M PI rather than other protocols, because M PI is one of the most popular communication protocols for parallel cluster computing. Our MPI implementation-called ES-MPICH2-was built on the basis of MPICH2 developed by the Argonne National Laboratory. Like MPICH2, ES-MPICH2 aims to support a wide variety of computing and communication platforms such as commodity clusters and high-speed networks. We have integrated encryption and decryption algorithms in the MPICH2 library with the standard MPI interface and; therefore, the data confidentiality of MPI applications can be easily preserved without the need to change the source codes of MPI applications. MPI application programmers can fully configure any MPICHI2 confidentiality services, since a secure configuration file in ES-MPICH2 gives programmers flexibility in choosing cryptographic schemes and built-in keys seamlessly in ES-MPICH2. We used the Sandia Micro Benchmark and Intel MPI Benchmark tests to evaluate and compare the performance of ES-MPICH2 with the original MPICH2 version. Our experiments show that the indirect costs incurred by the confidentiality services in ES-MPICH2 are marginal for small messages. Security overload on ES-MPICH2 becomes more pronounced with larger messages. Our results also show that security overhead can be significantly reduced in ES-MPICH2 by high-performance clusters. The executable binaries and source code of the ES-MPICH2 implementation are available for free at http: //www.eng.auburn.edu/~xqin/software/es-mpich2/.