English

Designing Transport-Level Encryption for Datacenter Networks

Cryptography and Security 2026-02-16 v3 Networking and Internet Architecture

Abstract

Cloud applications need network data encryption to isolate from other tenants and protect their data from potential eavesdroppers in the network infrastructure. This paper presents SMT, a protocol design for emerging datacenter transport protocols, such as NDP and Homa, to integrate data encryption. SMT integrates TLS-based encryption with a message-based transport protocol that supports efficient Remote Procedure Calls (RPCs), a common workload in datacenters. This architecture enables the use of per-message record sequence number spaces in a secure session, while ensuring unique message identities to prevent replay attacks. It also enables the use of existing NIC offloads designed for TLS over TCP, while being a native transport protocol alongside TCP and UDP. We implement SMT in the Linux kernel by extending Homa/Linux and improve RPC throughput by up to 41 % and latency by up to 35 % in comparison to TLS/TCP.

Keywords

Cite

@article{arxiv.2406.15686,
  title  = {Designing Transport-Level Encryption for Datacenter Networks},
  author = {Tianyi Gao and Xinshu Ma and Suhas Narreddy and Eugenio Luo and Steven W. D. Chien and Michio Honda},
  journal= {arXiv preprint arXiv:2406.15686},
  year   = {2026}
}

Comments

To appear in IEEE Symposium on Security and Privacy (S&P) 2026

R2 v1 2026-06-28T17:15:39.375Z