17 research outputs found
Leaderless Byzantine Fault Tolerant Consensus
Byzantine fault tolerant (BFT) consensus has recently gained much attention
because of its intriguing connection with blockchains. Several state-of-the-art
BFT consensus protocols have been proposed in the age of blockchains such as
Tendermint [5], Pala [9], Streamlet [8], HotStuff [23], and Fast-HotStuff [17].
These protocols are all leader-based (i.e., protocols run in a series of views,
and each view has a delegated node called the leader to coordinate all
consensus decisions). To make progress, leader-based BFT protocols usually rely
on view synchronization, which is an ad-hoc way of rotating the leader and
synchronizing nodes to the same view with the leader for enough overlap time.
However, many studies and system implementations show that existing methods of
view synchronization are complicated and bug-prone [2], [15], [16], [19]. In
this paper, we aim to design a leaderless Byzantine fault tolerant (LBFT)
protocol, in which nodes simply compete to propose blocks (containing a batch
of clients' requests) without the need of explicit coordination through view
synchronization. LBFT also enjoys several other desirable features emphasized
recently by the research community, such as the chain structure, pipelining
techniques, and advanced cryptography [5], [6], [9], [17], [23]. With these
efforts, LBFT can achieve both good performance (e.g., O(n)or O(nlog(n))
message complexity) and prominent simplicity.Comment: 13 page, 4 figure
BaseSAFE: Baseband SAnitized Fuzzing through Emulation
Rogue base stations are an effective attack vector. Cellular basebands
represent a critical part of the smartphone's security: they parse large
amounts of data even before authentication. They can, therefore, grant an
attacker a very stealthy way to gather information about calls placed and even
to escalate to the main operating system, over-the-air. In this paper, we
discuss a novel cellular fuzzing framework that aims to help security
researchers find critical bugs in cellular basebands and similar embedded
systems. BaseSAFE allows partial rehosting of cellular basebands for fast
instrumented fuzzing off-device, even for closed-source firmware blobs.
BaseSAFE's sanitizing drop-in allocator, enables spotting heap-based
buffer-overflows quickly. Using our proof-of-concept harness, we fuzzed various
parsers of the Nucleus RTOS-based MediaTek cellular baseband that are
accessible from rogue base stations. The emulator instrumentation is highly
optimized, reaching hundreds of executions per second on each core for our
complex test case, around 15k test-cases per second in total. Furthermore, we
discuss attack vectors for baseband modems. To the best of our knowledge, this
is the first use of emulation-based fuzzing for security testing of commercial
cellular basebands. Most of the tooling and approaches of BaseSAFE are also
applicable for other low-level kernels and firmware. Using BaseSAFE, we were
able to find memory corruptions including heap out-of-bounds writes using our
proof-of-concept fuzzing harness in the MediaTek cellular baseband. BaseSAFE,
the harness, and a large collection of LTE signaling message test cases will be
released open-source upon publication of this paper
Fast Privacy-Preserving Punch Cards
Loyalty programs in the form of punch cards that can be redeemed for benefits
have long been a ubiquitous element of the consumer landscape. However, their
increasingly popular digital equivalents, while providing more convenience and
better bookkeeping, pose a considerable privacy risk. This paper introduces a
privacy-preserving punch card protocol that allows firms to digitize their
loyalty programs without forcing customers to submit to corporate surveillance.
We also present a number of extensions that allow our scheme to provide other
privacy-preserving customer loyalty features.
Compared to the best prior work, we achieve a reduction in the
computation and a reduction in the communication required to perform
a "hole punch," a reduction in the communication required to redeem
a punch card, and a reduction in the computation time required to
redeem a card. Much of our performance improvement can be attributed to
removing the reliance on pairings or range proofs present in prior work, which
has only addressed this problem in the context of more general loyalty systems.
By tailoring our scheme to punch cards and related loyalty systems, we
demonstrate that we can reduce communication and computation costs by orders of
magnitude
From Symmetric to Asymmetric Asynchronous Byzantine Consensus
Consensus is arguably one of the most important notions in distributed
computing. Among asynchronous, randomized, and signature-free implementations,
the protocols of Most\'efaoui et al. (PODC 2014 and JACM 2015) represent a
landmark result, which has been extended later and taken up in practical
systems. The protocols achieve optimal resilience and takes, in expectation,
only a constant expected number of rounds of quadratic message complexity.
Randomization is provided through a common-coin primitive. In traditional
consensus protocols, all involved processes adhere to a global, symmetric
failure model, typically only defined by bounds on the number of faulty
processes. Motivated by applications to blockchains, however, more flexible
trust assumptions have recently been considered. In particular, with asymmetric
trust, a process is free to choose which other processes it trusts and which
ones might collude against it. This paper revisits the optimal asynchronous
protocol of Most\'efaoui et al. and shows how to realize it with asymmetric
trust. The paper starts by pointing out in detail why some versions of this
protocol may violate liveness. Then it proposes a fix for the protocol that
does not affect its properties, but lets it regain the simplicity of its
original version (PODC 2014). At the same time, the paper shows how to realize
randomized signature-free asynchronous Byzantine consensus with asymmetric
quorums. This results in an optimal consensus protocol with subjective,
asymmetric trust and constant expected running time. It is suitable for
applications to blockchains, for instance
Dynamic proofs of retrievability with low server storage
Proofs of Retrievability (PoRs) are protocols which allow a client to store
data remotely and to efficiently ensure, via audits, that the entirety of that
data is still intact. A dynamic PoR system also supports efficient retrieval
and update of any small portion of the data. We propose new, simple protocols
for dynamic PoR that are designed for practical efficiency, trading decreased
persistent storage for increased server computation, and show in fact that this
tradeoff is inherent via a lower bound proof of time-space for any PoR scheme.
Notably, ours is the first dynamic PoR which does not require any special
encoding of the data stored on the server, meaning it can be trivially composed
with any database service or with existing techniques for encryption or
redundancy. Our implementation and deployment on Google Cloud Platform
demonstrates our solution is scalable: for example, auditing a 1TB file takes
just less than 5 minutes and costs less than $0.08 USD. We also present several
further enhancements, reducing the amount of client storage, or the
communication bandwidth, or allowing public verifiability, wherein any
untrusted third party may conduct an audit