Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

AquaSonic: Acoustic Manipulation of Underwater Data Center Operations and Resource Management

Jennifer Sheldon, Weidong Zhu, Adnan Abdullah, Sri Hrushikesh Varma Bhupathiraju, Takeshi Sugawara, Kevin R. B. Butler, Md Jahidul Islam, Sara Rampazzi

TL;DR

This work demonstrates that underwater data centers are vulnerable to modulated acoustic injections that can degrade RAID 5 throughput, drive large latency increases in distributed databases, and disrupt resource management and load balancing. It provides a physics-based threat model, a laboratory/testbed and open-water evaluation showing degradation up to 6.35 m, and supports a finite-element simulation to extrapolate to subsea scales. The authors also explore and critique common defenses, proposing a novel ML-based detector that achieves 0% false positives and 98.2% true positives on their dataset, and discuss practical design considerations for protecting subsea infrastructure. Collectively, the results reveal concrete pathways for attackers to subtly manipulate critical data-center operations and offer a promising mitigation approach focused on cross-disk throughput patterns rather than single-disk protection. This work thus informs both hardware design and cloud-resource management strategies critical for secure subsea computing.

Abstract

Underwater datacenters (UDCs) hold promise as next-generation data storage due to their energy efficiency and environmental sustainability benefits. While the natural cooling properties of water save power, the isolated aquatic environment and long-range sound propagation in water create unique vulnerabilities which differ from those of on-land data centers. Our research discovers the unique vulnerabilities of fault-tolerant storage devices, resource allocation software, and distributed file systems to acoustic injection attacks in UDCs. With a realistic testbed approximating UDC server operations, we empirically characterize the capabilities of acoustic injection underwater and find that an attacker can reduce fault-tolerant RAID 5 storage system throughput by 17% up to 100%. Our closed-water analyses reveal that attackers can (i) cause unresponsiveness and automatic node removal in a distributed filesystem with only 2.4 minutes of sustained acoustic injection, (ii) induce a distributed database's latency to increase by up to 92.7% to reduce system reliability, and (iii) induce load-balance managers to redirect up to 74% of resources to a target server to cause overload or force resource colocation. Furthermore, we perform open-water experiments in a lake and find that an attacker can cause controlled throughput degradation at a maximum allowable distance of 6.35 m using a commercial speaker. We also investigate and discuss the effectiveness of standard defenses against acoustic injection attacks. Finally, we formulate a novel machine learning-based detection system that reaches 0% False Positive Rate and 98.2% True Positive Rate trained on our dataset of profiled hard disk drives under 30-second FIO benchmark execution. With this work, we aim to help manufacturers proactively protect UDCs against acoustic injection attacks and ensure the security of subsea computing infrastructures.

AquaSonic: Acoustic Manipulation of Underwater Data Center Operations and Resource Management

TL;DR

This work demonstrates that underwater data centers are vulnerable to modulated acoustic injections that can degrade RAID 5 throughput, drive large latency increases in distributed databases, and disrupt resource management and load balancing. It provides a physics-based threat model, a laboratory/testbed and open-water evaluation showing degradation up to 6.35 m, and supports a finite-element simulation to extrapolate to subsea scales. The authors also explore and critique common defenses, proposing a novel ML-based detector that achieves 0% false positives and 98.2% true positives on their dataset, and discuss practical design considerations for protecting subsea infrastructure. Collectively, the results reveal concrete pathways for attackers to subtly manipulate critical data-center operations and offer a promising mitigation approach focused on cross-disk throughput patterns rather than single-disk protection. This work thus informs both hardware design and cloud-resource management strategies critical for secure subsea computing.

Abstract

Underwater datacenters (UDCs) hold promise as next-generation data storage due to their energy efficiency and environmental sustainability benefits. While the natural cooling properties of water save power, the isolated aquatic environment and long-range sound propagation in water create unique vulnerabilities which differ from those of on-land data centers. Our research discovers the unique vulnerabilities of fault-tolerant storage devices, resource allocation software, and distributed file systems to acoustic injection attacks in UDCs. With a realistic testbed approximating UDC server operations, we empirically characterize the capabilities of acoustic injection underwater and find that an attacker can reduce fault-tolerant RAID 5 storage system throughput by 17% up to 100%. Our closed-water analyses reveal that attackers can (i) cause unresponsiveness and automatic node removal in a distributed filesystem with only 2.4 minutes of sustained acoustic injection, (ii) induce a distributed database's latency to increase by up to 92.7% to reduce system reliability, and (iii) induce load-balance managers to redirect up to 74% of resources to a target server to cause overload or force resource colocation. Furthermore, we perform open-water experiments in a lake and find that an attacker can cause controlled throughput degradation at a maximum allowable distance of 6.35 m using a commercial speaker. We also investigate and discuss the effectiveness of standard defenses against acoustic injection attacks. Finally, we formulate a novel machine learning-based detection system that reaches 0% False Positive Rate and 98.2% True Positive Rate trained on our dataset of profiled hard disk drives under 30-second FIO benchmark execution. With this work, we aim to help manufacturers proactively protect UDCs against acoustic injection attacks and ensure the security of subsea computing infrastructures.
Paper Structure (31 sections, 8 equations, 18 figures)

This paper contains 31 sections, 8 equations, 18 figures.

Table of Contents

  1. Introduction
  2. Background
  3. Data Center Architectures
  4. Acoustic Injection Attacks
  5. Acoustic Signal Propagation in Water
  6. Attack Overview and Threat Model
  7. Threat Model
  8. Attack Overview
  9. Theoretical Analysis
  10. Sound-induced Vibrations at the Disk
  11. Vulnerability Characterization
  12. Resonant Frequency Identification
  13. Controlled Injection
  14. Acoustic Injection Points
  15. Speaker Orientation
  16. ...and 16 more sections

Figures (18)

  • Figure 1: (a) An overview of our experimental setup is shown; a rack server in a RAID 5 configuration is placed inside a $0.9\times0.6\times0.5$ m metal enclosure, while acoustic attacks are carried out using an underwater speaker. (b) The indoor experiments are conducted in a $1.2 \times 3.0 \times 1.5$ m laboratory water tank. (c) The studies are extended to higher volume levels and longer attack distances at an open-water testing facility.
  • Figure 2: Sound pressure attenuation at increasing distances are shown for closed-water laboratory testbed and open-water scenarios; we find similar trends in both scenarios.
  • Figure 3: PES displacement ratio at different $\Delta SPLs$
  • Figure 4: RAID 5 throughput as a percentage of the baseline average at varying frequencies based on a frequency sweep from 100 Hz to 12 kHz at 100 Hz intervals.
  • Figure 5: RAID 5 write throughput at increasing sound pressure from the baseline environmental noise (116 dB SPL for the testbed, and 114 dB SPL for the open water scenario) at $5.1$ kHz injection frequency. The distance between sound source-enclosure was set to $6$ cm for our laboratory testbed and $30$ cm for open water scenario.
  • ...and 13 more figures