841 research outputs found
Tiny Groups Tackle Byzantine Adversaries
A popular technique for tolerating malicious faults in open distributed
systems is to establish small groups of participants, each of which has a
non-faulty majority. These groups are used as building blocks to design
attack-resistant algorithms.
Despite over a decade of active research, current constructions require group
sizes of , where is the number of participants in the system.
This group size is important since communication and state costs scale
polynomially with this parameter. Given the stubbornness of this logarithmic
barrier, a natural question is whether better bounds are possible.
Here, we consider an attacker that controls a constant fraction of the total
computational resources in the system. By leveraging proof-of-work (PoW), we
demonstrate how to reduce the group size exponentially to while
maintaining strong security guarantees. This reduction in group size yields a
significant improvement in communication and state costs.Comment: This work is supported by the National Science Foundation grant CCF
1613772 and a C Spire Research Gif
Adding Query Privacy to Robust DHTs
Interest in anonymous communication over distributed hash tables (DHTs) has
increased in recent years. However, almost all known solutions solely aim at
achieving sender or requestor anonymity in DHT queries. In many application
scenarios, it is crucial that the queried key remains secret from intermediate
peers that (help to) route the queries towards their destinations. In this
paper, we satisfy this requirement by presenting an approach for providing
privacy for the keys in DHT queries.
We use the concept of oblivious transfer (OT) in communication over DHTs to
preserve query privacy without compromising spam resistance. Although our
OT-based approach can work over any DHT, we concentrate on communication over
robust DHTs that can tolerate Byzantine faults and resist spam. We choose the
best-known robust DHT construction, and employ an efficient OT protocol
well-suited for achieving our goal of obtaining query privacy over robust DHTs.
Finally, we compare the performance of our privacy-preserving protocols with
their more privacy-invasive counterparts. We observe that there is no increase
in the message complexity and only a small overhead in the computational
complexity.Comment: To appear at ACM ASIACCS 201
Automated performance attack discovery in distributed system implementations
Security and performance are critical goals for distributed systems. The increased complexity in design, incomplete expertise of developers, and limited functionality of existing testing tools often result in implementations with vulnerabilities and make the debugging process difficult and costly. The deployed vulnerabilities are often exploited by adversaries preventing the system from achieving its design goals. We refer to attacks that slow down the performance of a system as performance attacks. In the past, finding performance attacks has been a painstaking manual process that involved an expert of the target implementation. Given the cost associated with each vulnerability that occurs in the production, there is a need for tools to automatically check that the implementation of a protocol achieves its performance goals with respect to malicious components in the system. In this dissertation, we find performance attacks automatically from implementations of distributed systems. We do not try to show that an implementation is free from all attacks. Our goal is to find attacks and report them to the user in a timely manner. We first investigate how to find attacks automatically from implementations under a simulated environment. A simulated approach, however, has a fundamental limitation in terms of applicable target systems, as certain assumptions are made about languages, operating systems or libraries used. Therefore, we next investigate challenges and requirements to automatically find attacks in implementations of distributed systems under an emulated environment where no limiting assumptions are made
Scalable and Secure Aggregation in Distributed Networks
We consider the problem of computing an aggregation function in a
\emph{secure} and \emph{scalable} way. Whereas previous distributed solutions
with similar security guarantees have a communication cost of , we
present a distributed protocol that requires only a communication complexity of
, which we prove is near-optimal. Our protocol ensures perfect
security against a computationally-bounded adversary, tolerates
malicious nodes for any constant (not
depending on ), and outputs the exact value of the aggregated function with
high probability
PeerCube: an Hypercube-based P2P Overlay Robust against Collusion and Churn
International audienceIn this paper we present PeerCube, a DHT-based system that aims at minimizing performance penalties caused by high churn while preventing malicious peers from subverting the system through collusion. This is achieved by i) applying a clustering strategy to support quorum-based operations; ii) using a randomised insertion algorithm to reduce the probability with which colluding Byzantine peers corrupt clusters, and; iii) leveraging on the properties of PeerCube's hypercube structure to allow operations to be successfully handled despite the corruption of some clusters. Despite a powerful adversary that can inspect the whole system and issue malicious join requests as often as it wishes, PeerCube guarantees robust operations in O(logN) messages, with N the number of peers in the system. Extended simulations validate PeerCube robustness
Dependability Evaluation of Cluster-based Distributed Systems
19International audienceAwerbuch and Scheideler have shown that peer-to-peer overlay networks can survive Byzantine attacks only if malicious nodes are not able to predict what will be the topology of the network for a given sequence of join and leave operations. In this paper we inves- tigate adversarial strategies by following speci c protocols. Our analysis demonstrates rst that an adversary can very quickly subvert overlays based on distributed hash tables by simply never triggering leave operations. We then show that when all nodes (honest and malicious ones) are imposed on a limited lifetime, the system eventually reaches a stationary regime where the ratio of polluted clusters is bounded, independently from the initial amount of corruption in the system
- âŠ