High-frequency trading networks, which complete stock market transactions in microseconds, are vulnerable to manipulation by hackers who can inject tiny amounts of latency into them. By doing so, they can subtly change the course of trading and pocket profits of millions of dollars in just a few seconds, says Rony Kay, a former IBM research fellow and founder of cPacket Networks, a Silicon Valley firm that develops chips and technologies for network monitoring and traffic analysis.
Kay, an Israeli-born computer scientist and one-time Intel engineering manager, says the root of the problem is the increasing speed of networks; as they get faster and faster, our ability to actually understand events taking place within them isn't keeping up. Network monitoring technology can detect perturbations in network traffic happening in milliseconds, but when changes occur in microseconds, they're not visible, he says.
[ For the key tech news of the day, sign up for InfoWorld's Tech Headlines Wrap-Up newsletter. | Learn how to greatly reduce the threat of malicious attacks with InfoWorld's Insider Threat Deep Dive PDF special report. ]
cPacket has developed a proof of concept showing that these side-channel attacks can be used to create tiny delays in the transmission of market data and trades. By manipulating specific trading activities by several microseconds, an attacker could gain unfair trading advantage. And because the operation occurs outside the range of monitoring technology, it would remain invisible. "We believe that such techniques pose a substantial risk of creating unfair trading, if used by the wrong people," Kay says.
(A side-channel attacker looks at indirect information related to the computer -- the electromagnetic emanations from screens or keyboards, for example -- to determine what is going on in the machine. )
Latency threatens other applications as well
The lack of visibility into high-speed networks is of concern to more than the financial community. Managing traffic on today's 10Gbps and faster networks is becoming difficult, resulting in degradations of performance, particularly to virtualized systems. "It's difficult to take corrective actions when you can't really see what's taking place," Kay says. "If you cannot measure network latency, you cannot control it and cannot improve it."
In a PDF whitepaper on latency, Kay wrote, "Traditionally, applications that have latency requirements include: VoIP and interactive video conferencing, network gaming, high-performance computing, cloud computing, and automatic algorithmic trading. For example, one-way latency for VoIP telephony should generally not exceed 150 milliseconds (0.15 seconds) to enable good conversation quality, while interactive games typically require latencies between 100 and 1,000 milliseconds. However, the requirements for automated algorithmic trading are much more strict. A few extra milliseconds, or even a few extra microseconds, can enable trades to execute ahead of the competition, thereby increasing profits."