Underwater datacenters have yet to take off in any meaningful way, but it seems they could prove vulnerable to attack using sound waves, according to researchers.

Submerged datacenter modules are claimed to benefit from using the surrounding water to help carry away heat, reducing the operational costs of keeping servers and other equipment cool.

Microsoft experimented with undersea bit barns (bit barnacles?) as part of its Project Natick, and a company called Subsea Cloud is offering a commercial service, while a Chinese project was said to be under way as of the end of last year.

Now researchers at the University of Florida and the University of Electro-Communications in Japan have found that sound waves targeting the datacenter from up to 20 feet away can affect critical operations, reducing the response time of applications and the throughput of RAID storage systems.

In a paper available on the arXiv open-access repository, the researchers detail how sound at a resonant frequency of the hard disk drives (HDDs) deployed in submerged enclosures can cause throughput reduction and even application crashing.

HDDs are still widely used in datacenters, despite their obituary having been written many times, and are typically paired with flash-based SSDs. The researchers focused on hybrid and full-HDD architectures to evaluate the impact of acoustic attacks.

The researchers found that sound at the right resonance frequency would induce vibrations in the read-write head and platter of the disks by vibration propagation, proportional to the acoustic pressure, or intensity of the sound. This affects the disk's read/write performance.

For the tests, a Supermicro rack server configured with a RAID 5 storage array was placed inside a metal enclosure in two scenarios; an indoor laboratory water tank and an open-water testing facility, which was actually a lake on the Florida University campus. Sound was generated from an underwater speaker.

The researchers found that the measured RAID 5 throughput dropped at varying sound frequencies, which they say is likely due to the components inside the HDDs and server having varying resonant frequencies. However, there was "consistent throughput degradation" between 5.1-5.3 kHz.

According to the paper, the researchers were able to cause unresponsiveness in a distributed file system after just 2.4 minutes of sustained acoustic injection, and cause a database's latency to increase by up to 92.7 percent to reduce system reliability. Some hard drives can even be permanently destroyed, the researchers claim.

The paper goes into much greater detail on the tests performed and the configurations used, which included the CockroachDB database, HDFS file system and OpenNebula for resource management.

To mitigate the threat from this kind of issue, the researchers looked at several methods. One was to use sound absorbing materials to attenuate sound-induced vibration, but the result was an increase in the temperature of the server when running workloads, and it was found that an attacker could overpower this protection by increasing the sound volume.

However, the defense proposed in the paper is a machine learning model to detect multiple simultaneous low-volume throughput degradations, by analyzing the throughput of disk clusters in close physical proximity inside a submerged datacenter pod.

Post detection, the paper suggests that data replication and erasure coding techniques can be used by the datacenter resource management system to migrate the I/O requests to unaffected nodes outside the sound affected area, which is likely to be fairly localized.

All of this assumes that an attacker would be able to carry out such an operation. The paper suggests it could be achieved by mounting the speaker on a rigid structure connected to a boat, or a more sophisticated approach might use a remotely operated underwater vehicle.

Aquatic bit barns may also need protection against accidental disruption, according to Kevin Butler, University of Florida professor and co-author of the paper.

"The ocean is awash in sound already. We've demonstrated that these attacks can happen inadvertently from something like a submarine sonar blast, which is extremely loud," he said in a statement.

Subsea cloud, which recently started offering potential customers the chance to try out its facilities for up to 90 days before committing, says it can place its datacenters at depths up to 9500 ft (nearly 3 km). We imagine only a pretty determined attacker would try to reach there. ®

https://www.theregister.com//2024/05/17/underwater_datacenters_sound_waves/