A Time-Free Byzantine Failure Detector for Dynamic Networks

2011 IEEE/IFIP 41st International Conference on Dependable Systems and Networks Workshops (DSN-W), 2011

Modern distributed systems deployed over wireless ad-hoc networks are inherently dynamic and the issue of designing dependable services which can cope with the high dynamics of these systems is a challenge. Byzantine failure detectors provide an elegant abstraction for solving security problems; however, very few work has been proposed for the new context of dynamic networks. This paper advocates the adoption of the time-free approach to detect Byzantine failures in such systems. This approach does not rely on timers to detect progress failures; it is suitable to deal with the unpredictability of the node's behavior and communication medium on these networks, favoring scalability and adaptability.

Byzantine failure detectors provide an elegant abstraction for solving security problems. However, as far as we know, there is no general solution for this problem in a dynamic distributed system of unknown networks. This paper presents thus a first Byzantine failure detector for this context. The protocol has the interesting feature to be asynchronous, that is, the failure detection process does not rely on timers to make suspicions. This characteristic favors its scalability and adaptability and leads to an intriguing conjecture about the pattern of the overlying algorithm that uses the failure detector as a building block: it should be symmetrical.

IEEE Transactions on Mobile Computing, 2000

Wireless ad hoc networks, due to their inherent unreliability, pose significant challenges to the task of achieving tight coordination amongst nodes. The failure of some nodes and momentary breakdown of communications, either of accidental or malicious nature, should not result in the failure of the entire system. This paper presents an asynchronous Byzantine consensus protocol -called Turquois -specifically designed for resource-constrained wireless ad hoc networks. The key to its efficiency is the fact that it tolerates dynamic message omissions, which allows an efficient utilization of the wireless broadcasting medium. The protocol also refrains from computationally expensive public-key cryptographic during its normal operation. The protocol is safe despite the arbitrary failure of f < n 3 nodes from a total of n nodes, and unrestricted message omissions. Progress is ensured in rounds where the number of omissions is σ ≤ n−t 2 (n − k − t) + k − 2, where k is the number of nodes required to terminate and t ≤ f is the number of nodes that are actually faulty. These characteristics make Turquois the first consensus protocol that simultaneously circumvents the FLP and the Santoro-Widmayer impossibility results, which is achieved through randomization. Finally, the protocol was prototyped and subject to a comparative performance evaluation against two well-known Byzantine fault-tolerant consensus protocols. The results show that, due to its design, Turquois outperforms the other protocols by more than an order of magnitude as the number of nodes in the system increases.

Dependable Systems and …, 2005

This paper presents an overlay based Byzantine tolerant broadcast protocol for wireless ad-hoc networks. The use of an overlay results in a significant reduction in the number of messages. The protocol overcomes Byzantine failures by combining digital signatures, gossiping of message signatures, and failure detectors. These ensure that messages dropped or modified by Byzantine nodes will be detected and retransmitted and that the overlay will eventually consist of enough correct processes to enable message dissemination. An appealing property of the protocol is that it only requires the existence of one correct node in each one-hop neighborhood. The paper also includes a detailed performance evaluation by simulation.

Journal of Computer and Systems Sciences International, 2007

The Mobile Ad Hoc Network (MANET) has become more popular because the MANET is a self-organizing, self-configuring, and an instantly deployable multi-hop wireless network that responds to application needs without any fixed infrastructure. Moreover, the MANET is fault-tolerant and reliable. A mechanism is needed in the MANET that allows a set of nodes to agree on a common value. The distributed Byzantine Agreement (BA) problem is one of the most important issues in designing a fault-tolerant system. In many cases, reaching a common agreement among fault-free nodes in coping with the influence from faulty components is crucial in a fault-tolerant system. When a common agreement is achieved, all fault-free nodes in the system can produce stable results without any influence from the faulty components. In this study, the BA problem is visited in a MANET, in which the components are subject to a malicious fault. The proposed protocol can tolerate the maximum number of allowable faulty nodes using a minimum number of message exchange rounds. Each fault-free node can reach a common agreement value for the BA problem in a MANET.

2010 Ninth IEEE International Symposium on Network Computing and Applications, 2010

This paper presents a simple protocol that solves the authenticated Byzantine Consensus problem in asynchronous distributed systems. To circumvent the FLP impossibility result in a deterministic way, synchrony assumptions should be added. In the context of Byzantine failures for systems where at most t processes may exhibit a Byzantine behavior and where not all the system is assumed eventually synchronous, Moumen et al. provide the main result. They assume at least one correct process, called 2t-bisource, connected with 2t privileged neighbors with eventually timely outgoing and incoming links. The present paper shows that a deterministic solution for the authenticated byzantine consensus problem is possible if the system model satisfies an additional assumption that does not rely on physical time but on the pattern of messages that are exchanged. The basic message exchange between processes is the query-response mechanism. To solve the Consensus problem, we assume a correct process p, called 2t-winning process, and a set Q of 2t processes such that, eventually, for each query issued by p, any process q of Q receives a response from p among the (n − t) first responses to that query. The processes in the set Q can exhibit a Byzantine behavior and this set may change over time. Whereas many time-free solutions have been designed for the consensus problem in the crash model, this is, to our knowledge, the first time-free deterministic solution to the Byzantine consensus problem.

2002

The paper presents a new reliable multicast protocol that tolerates arbitrary faults, including Byzantine faults. This protocol is developed using a novel way of designing secure protocols which is based on a well-founded hybrid failure model. Despite our claim of arbitrary failure resilience, the protocol needs not necessarily incur the cost of "Byzantine agreement", in number of participants and round/message complexity. It can rely on the existence of a simple distributed security kernel -the TTCB -where the participants only execute crucial parts of the protocol operation, under the protection of a crash failure model. Otherwise, participants follow an arbitrary failure model.

2007

Services offered by computing systems continue to play a crucial role in our every day lives. This thesis examines and solves a challenging problem in making these services dependable using means that can be assured not to compromise service responsiveness, particularly when no failure occurs. Causes of undependability are faults and faults of all known origins, including malicious attacks, are collectively referred to as Byzantine faults. Service or state machine replication is the only known technique for tolerating Byzantine faults. It becomes more effective when replicas are spaced out over a wide area network (WAN) such as the Internetadding tolerance to localised disasters. It requires that replicas process the randomly arriving user requests in an identical order. Achieving this requirement together with deterministic termination guarantees is impossible in a fail-prone environment. This impossibility prevails because of the inability to accurately estimate a bound on inter-replica communication delays over a WAN. Canonical protocols in the literature are designed to delay termination until the WAN preserves convergence between actual delays and the estimate used. They thus risk performance degradation of the replicated service. We eliminate this risk by using Fail-Signal processes to circumvent the impossibility. A fail-signal (FS) process is made up of redundant, Byzantine-prone processes that continually check each other's performance. Consequently, it fails only by crashing and also signals its imminent failure. Using FS process constructs, a family of three order protocols has been developed: Protocol-0, Protocol-I and Protocol-11. Each protocol caters for a particular set of assumptions made in the FS process construction and the subsequent FS process behaviour. Protocol-I is extensively compared with a canonical protocol of Castro and Liskov which is widely acknowledged for its desirable performance. The study comprehensively establishes the cost and benefits of our approach in a variety of both real and emulated network settings, by varying number of replicas, system load and cryptographic techniques. The study shows that Protocol-I has superior performancp when no failures occur.

Proceedings of the 1st …, 2002

An ad hoc wireless network is an autonomous self-organizing system of mobile nodes connected by wireless links where nodes not in direct range can communicate via intermediate nodes. A common technique used in routing protocols for ad hoc wireless networks is to establish the routing paths ondemand, as opposed to continually maintaining a complete routing table. A significant concern in routing is the ability to function in the presence of byzantine failures which include nodes that drop, modify, or mis-route packets in an attempt to disrupt the routing service.

2011

Abstract A system is said intrusion-tolerant if it maintains its security properties despite some of its components being compromised by a malicious adversary. Although the implementation of these systems usually requires the use of Byzantine fault-tolerant (BFT) protocols, they are not a complete solution. Besides BFT replication, there are several other techniques such as proactive recovery, diversity and confidential operation that are needed to implement these systems.