High-frequency trading networks, which complete stock market
transactions in microseconds, are vulnerable to manipulation by hackers who can
inject tiny amounts of latency into them. By doing so, they can subtly change
the course of trading and pocket profits of millions of dollars in just a few
seconds, says Rony Kay, a former IBM research fellow and founder of cPacket
Networks, a Silicon Valley firm that develops chips and technologies for
network monitoring and traffic analysis.
Kay, an Israeli-born computer scientist and one-time Intel
engineering manager, says the root of the problem is the increasing speed of
networks; as they get faster and faster, our ability to actually understand
events taking place within them isn't keeping up. Network monitoring technology
can detect perturbations in network traffic happening in milliseconds, but when
changes occur in microseconds, they're not visible, he says.
cPacket has developed a proof of concept showing that these
side-channel attacks can be used to create tiny delays in the transmission of
market data and trades. By manipulating specific trading activities by several
microseconds, an attacker could gain unfair trading advantage. And because the
operation occurs outside the range of monitoring technology, it would remain
invisible. "We believe that such techniques pose a substantial risk of
creating unfair trading, if used by the wrong people," Kay says.
Latency threatens other applications as well
The lack of visibility into high-speed networks is of
concern to more than the financial community. Managing traffic on today's
10Gbps and faster networks is becoming difficult, resulting in degradations of
performance, particularly to virtualized systems. "It's difficult to take
corrective actions when you can't really see what's taking place," Kay
says. "If you cannot measure network latency, you cannot control it and
cannot improve it."
In a PDF whitepaper on latency, Kay wrote,
"Traditionally, applications that have latency requirements include: VoIP
and interactive video conferencing, network gaming, high-performance computing,
cloud computing, and automatic algorithmic trading. For example, one-way
latency for VoIP telephony should generally not exceed 150 milliseconds (0.15
seconds) to enable good conversation quality, while interactive games typically
require latencies between 100 and 1,000 milliseconds. However, the requirements
for automated algorithmic trading are much more strict. A few extra
milliseconds, or even a few extra microseconds, can enable trades to execute
ahead of the competition, thereby increasing profits."
Indeed, latency, even at the very highest speeds, is so
concerning that researchers at MIT recommended any organization dealing in
complicated time-sensitive global interactions should take a hard look at where
they locate their data centers.
The MIT researchers even suggested that financial firms
could gain some advantage by taking advantage of limitations posed by the speed
of light. For example, it typically takes about 50 milliseconds to send a
message from New York to London. Placing a server between the two could cut the
speed of communication in half, they said, which may be enough time to take
advantage of some momentary pricing discrepancy. Trading on that discrepancy is
known as arbitrage, and it's becoming increasingly common.
A side-channel attack on a high-frequency trading network is
analogous to a denial-of-service attack. In a typical DoS attack, bots flood a
target website with enormous numbers of hits, often causing a crash. A
side-channel attack would be infinitely more subtle, but it would still
function by adding extraneous packets to a legitimate data stream. Those extra
packets slow the data just enough to give someone else a chance to move first
in the market.
No comments:
Post a Comment