320 research outputs found
Security and Privacy Issues in Wireless Mesh Networks: A Survey
This book chapter identifies various security threats in wireless mesh
network (WMN). Keeping in mind the critical requirement of security and user
privacy in WMNs, this chapter provides a comprehensive overview of various
possible attacks on different layers of the communication protocol stack for
WMNs and their corresponding defense mechanisms. First, it identifies the
security vulnerabilities in the physical, link, network, transport, application
layers. Furthermore, various possible attacks on the key management protocols,
user authentication and access control protocols, and user privacy preservation
protocols are presented. After enumerating various possible attacks, the
chapter provides a detailed discussion on various existing security mechanisms
and protocols to defend against and wherever possible prevent the possible
attacks. Comparative analyses are also presented on the security schemes with
regards to the cryptographic schemes used, key management strategies deployed,
use of any trusted third party, computation and communication overhead involved
etc. The chapter then presents a brief discussion on various trust management
approaches for WMNs since trust and reputation-based schemes are increasingly
becoming popular for enforcing security in wireless networks. A number of open
problems in security and privacy issues for WMNs are subsequently discussed
before the chapter is finally concluded.Comment: 62 pages, 12 figures, 6 tables. This chapter is an extension of the
author's previous submission in arXiv submission: arXiv:1102.1226. There are
some text overlaps with the previous submissio
Interactive Consistency in practical, mostly-asynchronous systems
Interactive consistency is the problem in which n nodes, where up to t may be
byzantine, each with its own private value, run an algorithm that allows all
non-faulty nodes to infer the values of each other node. This problem is
relevant to critical applications that rely on the combination of the opinions
of multiple peers to provide a service. Examples include monitoring a content
source to prevent equivocation or to track variability in the content provided,
and resolving divergent state amongst the nodes of a distributed system.
Previous works assume a fully synchronous system, where one can make strong
assumptions such as negligible message delivery delays and/or detection of
absent messages. However, practical, real-world systems are mostly
asynchronous, i.e., they exhibit only some periods of synchrony during which
message delivery is timely, thus requiring a different approach. In this paper,
we present a thorough study on practical interactive consistency. We leverage
the vast prior work on broadcast and byzantine consensus algorithms to design,
implement and evaluate a set of algorithms, with varying timing assumptions and
message complexity, that can be used to achieve interactive consistency in
real-world distributed systems. We provide a complete, open-source
implementation of each proposed interactive consistency algorithm by building a
multi-layered stack of protocols that include several broadcast protocols, as
well as a binary and a multi-valued consensus protocol. Most of these protocols
have never been implemented and evaluated in a real system before. We analyze
the performance of our suite of algorithms experimentally by engaging in both
single instance and multiple parallel instances of each alternative.Comment: 13 pages, 10 figure
Hybrid Fault-Tolerant Consensus in Asynchronous and Wireless Embedded Systems
Byzantine fault-tolerant (BFT) consensus in an asynchronous system can only tolerate up to floor[(n-1)/3] faulty processes in a group of n processes. This is quite a strict limit in certain application scenarios, for example a group consisting of only 3 processes. In order to break through this limit, we can leverage a hybrid fault model, in which a subset of the system is enhanced and cannot be arbitrarily faulty except for crashing. Based on this model, we propose a randomized binary consensus algorithm that executes in complete asynchrony, rather than in partial synchrony required by deterministic algorithms. It can tolerate up to floor[(n-1)/2] Byzantine faulty processes as long as the trusted subsystem in each process is not compromised, and terminates with a probability of one. The algorithm is resilient against a strong adversary, i. e. the adversary is able to inspect the state of the whole system, manipulate the delay of every message and process, and then adjust its faulty behaviour during execution.
From a practical point of view, the algorithm is lightweight and has little dependency on lower level protocols or communication primitives. We evaluate the algorithm and the results show that it performs promisingly in a testbed consisting of up to 10 embedded devices connected via an ad hoc wireless network
Intrusion-Tolerant Middleware: the MAFTIA approach
The pervasive interconnection of systems all over the world has given computer services a significant socio-economic value, which can be affected both by accidental faults and by malicious activity. It would be appealing to address both problems in a seamless manner, through a common approach to security and dependability. This is the proposal of intrusion tolerance, where it is assumed that systems remain to some extent faulty and/or vulnerable and subject to attacks that can be successful, the idea being to ensure that the overall system nevertheless remains secure and operational. In this paper, we report some of the advances made in the European project MAFTIA, namely in what concerns a basis of concepts unifying security and dependability, and a modular and versatile architecture, featuring several intrusion-tolerant middleware building blocks. We describe new architectural constructs and algorithmic strategies, such as: the use of trusted components at several levels of abstraction; new randomization techniques; new replica control and access control algorithms. The paper concludes by exemplifying the construction of intrusion-tolerant applications on the MAFTIA middleware, through a transaction support servic
Low Complexity Byzantine-Resilient Consensus
The application of the tolerance paradigm to security intrusion tolerance has been raising a good deal of attention in the dependability and security communities. This paper is concerned with a novel approach to intrusion tolerance. The idea is to use privileged distributed components generically designated by wormholes to support the execution of intrusion-tolerant protocols, often called Byzantine-resilient protocols in the literature. The paper introduces the design of wormhole-aware intrusion-tolerant protocols using a classical distributed systems problem: consensus. The system where the consensus protocol runs is mostly asynchronous and can fail in an arbitrary way, except for the wormhole, which is secure and synchronous. Using the wormhole to execute a few critical steps, the protocol manages to have a low time complexity: in the best case, it runs in a single round, even if some processes are malicious. The protocol is also arguably faster than classical Byzantine protocols, because it does not use public-key cryptography in runtime. The protocol has the interesting feature of not being bound by the FLP impossibility resul
Intrusion tolerance in large scale networks
Tese de doutoramento, Informática (Engenharia Informática), Universidade de Lisboa, Faculdade de Ciências, 2010The growing reliance on wide-area services demands highly available systems that provide
a correct and uninterrupted service. Therefore, Byzantine Fault-Tolerant (BFT) algorithms have
received considerable attention in the last years. A service is replicated over several servers and
can survive even in the presence of a bounded number of Byzantine failures.
The main motivation for this thesis is that for a replicated service to be fault-tolerant,
common mode failures have to be avoided. More specifically, the thesis is concerned with
common mode failures caused by natural disasters, power outages and physical attacks, which
have to be prevented by scattering replicas geographically. This requires the sites where the
replicas reside to be connected by a wide-area network (WAN) like the Internet.
Unfortunately, when the replicas are distributed geographically the performance of current
BFT algorithms is affected by the lower bandwidths, and the higher and more heterogeneous
network latencies. In order to deal with these limitations this thesis introduces novel BFT
algorithms that are simultaneously efficient and secure. Some algorithms of this thesis are based
on a hybrid fault model, i.e., considering that a part of the system is secure by construction. A
notable contribution of this thesis is the definition and implementation of a minimal trusted
service: the Unique Sequential Identifier Generator (USIG).
The thesis describes how to implement a 2 f +1 Byzantine consensus algorithm using a
2 f +1 reliable multicast algorithm that requires a trusted service, that is an abstract version
of the USIG. Then, the USIG service and the reliable multicast primitive are applied as a core
component to implement two novel BFT algorithms introduced in this thesis: MinBFT and
MinZyzzyva. These BFT algorithms are minimal in terms of number of replicas, complexity of
the trusted service used, and number of communication steps. In order to mitigate performance
degradation attacks, this thesis proposes the use of a rotating primary defining a novel BFT
algorithm, Spinning, that is less vulnerable to attacks caused by a faulty primary and attains a
throughput similar to the baseline algorithm in the area. Finally, the mechanisms and techniques developed in this thesis are combined in order to
define EBAWA, a novel BFT algorithm that is suitable for supporting the execution of wide-area
replicated services.O crescimento da dependência na utilização de serviços informáticos em redes de larga escala
demanda sistemas que forneçam um serviço correcto e ininterrupto. Por este motivo,
algoritmos tolerantes a faltas bizantinas (BFT) têm recebido considerável atenção nos últimos
anos. A ideia fundamental destes algoritmos é replicar um determinado serviço num conjunto
de servidores, assegurando a sua operação contínua mesmo na presença de um número limitado
de servidores faltosos. Cada servidor é uma réplica, uma máquina de estados determinística que
executa operações em resposta a requisições realizadas por clientes.
Para que serviços replicados sejam tolerantes a faltas, modos comuns de falhas devem
ser evitados, essa ´e a principal motivação desta tese. Mais especificamente, a tese trata de
falhas causadas por desastres naturais, falta de energia e ataques físicos. Para que a ocorrência
destas falhas afecte um número limitado de servidores é necessário distribuir as réplicas
geograficamente. Esta distribuição, requer que os locais onde se situam as réplicas sejam
conectados por uma rede de larga-escala (WAN), como a Internet.
Infelizmente, quando as réplicas estão distribuídas geograficamente o desempenho dos
algoritmos BFT actuais é afectado pelas limitações de largura de banda e latências heterogéneas,
típicas em redes de larga-escala. A fim de tratar destas limitações esta tese introduz novos
algoritmos BFT que são simultaneamente eficientes e seguros. Alguns destes algoritmos são
baseados em um modelo de faltas híbrido, por exemplo, parte do sistema ´e considerado seguro
pela sua construção. Uma importante contribuição desta tese é a definição e concretização de
um serviço confiável mínimo: o gerador de identificador único e sequencial (USIG).
A tese descreve como concretizar algoritmos de consenso bizantinos com 2 f +1 processos,
usando um algoritmo de reliable multicast que requer um componente confiável, uma abstração
do USIG. O serviço USIG e a primitiva de reliable multicast são aplicados como componentes
nucleares na concretização de dois novos algoritmos BFT introduzidos nesta tese: MinBFT e
MinZyzzyva. Estes algoritmos são mínimos em termos de número de réplicas, complexidade do
componente confiável e número de passos de comunicação.
A fim de mitigar os ataques de degradação de desempenho esta tese propõe o uso de um primário rotativo, definindo assim um novo algoritmo BFT, o Spinning. Al´em de ser menos
vulnerável a ataques causados por primários faltosos, o Spinning atinge um débito similar ao
algoritmo base. Finalmente, os mecanismos e técnicas desenvolvidos ao longo desta tese são
combinados com o objectivo de definir o EBAWA, um novo algoritmo BFT que é adequado para
suportar a execução de serviços replicados em redes de larga-escala.Programme ALBAN; Fundação para a Ciência e a Tecnologia - Portuga
Intrusion tolerant routing with data consensus in wireless sensor networks
Dissertação para obtenção do Grau de Mestre em
Engenharia InformáticaWireless sensor networks (WSNs) are rapidly emerging and growing as an important
new area in computing and wireless networking research. Applications of WSNs are numerous,
growing, and ranging from small-scale indoor deployment scenarios in homes
and buildings to large scale outdoor deployment settings in natural, industrial, military
and embedded environments. In a WSN, the sensor nodes collect data to monitor physical
conditions or to measure and pre-process physical phenomena, and forward that
data to special computing nodes called Syncnodes or Base Stations (BSs). These nodes
are eventually interconnected, as gateways, to other processing systems running applications.
In large-scale settings, WSNs operate with a large number of sensors – from hundreds
to thousands of sensor nodes – organised as ad-hoc multi-hop or mesh networks, working
without human supervision. Sensor nodes are very limited in computation, storage,
communication and energy resources. These limitations impose particular challenges in
designing large scale reliable and secure WSN services and applications. However, as
sensors are very limited in their resources they tend to be very cheap. Resilient solutions
based on a large number of nodes with replicated capabilities, are possible approaches to
address dependability concerns, namely reliability and security requirements and fault
or intrusion tolerant network services.
This thesis proposes, implements and tests an intrusion tolerant routing service for
large-scale dependable WSNs. The service is based on a tree-structured multi-path routing
algorithm, establishing multi-hop and multiple disjoint routes between sensors and
a group of BSs. The BS nodes work as an overlay, processing intrusion tolerant data consensus
over the routed data. In the proposed solution the multiple routes are discovered,
selected and established by a self-organisation process. The solution allows the WSN
nodes to collect and route data through multiple disjoint routes to the different BSs, with
a preventive intrusion tolerance approach, while handling possible Byzantine attacks and
failures in sensors and BS with a pro-active recovery strategy supported by intrusion and
fault tolerant data-consensus algorithms, performed by the group of Base Stations
- …