Byzantine modification detection in multicast networks using randomized network coding

Distributed randomized network coding, a robust approach to multicasting in distributed network settings, can be extended to provide Byzantine modification detection without the use of cryptographic functions is presented in this paper

Automatic Reconfiguration for Large-Scale Reliable Storage Systems

Byzantine-fault-tolerant replication enhances the availability and reliability of Internet services that store critical state and preserve it despite attacks or software errors. However, existing Byzantine-fault-tolerant storage systems either assume a static set of replicas, or have limitations in how they handle reconfigurations (e.g., in terms of the scalability of the solutions or the consistency levels they provide). This can be problematic in long-lived, large-scale systems where system membership is likely to change during the system lifetime. In this paper, we present a complete solution for dynamically changing system membership in a large-scale Byzantine-fault-tolerant system. We present a service that tracks system membership and periodically notifies other system nodes of membership changes. The membership service runs mostly automatically, to avoid human configuration errors; is itself Byzantine-fault-tolerant and reconfigurable; and provides applications with a sequence of consistent views of the system membership. We demonstrate the utility of this membership service by using it in a novel distributed hash table called dBQS that provides atomic semantics even across changes in replica sets. dBQS is interesting in its own right because its storage algorithms extend existing Byzantine quorum protocols to handle changes in the replica set, and because it differs from previous DHTs by providing Byzantine fault tolerance and offering strong semantics. We implemented the membership service and dBQS. Our results show that the approach works well, in practice: the membership service is able to manage a large system and the cost to change the system membership is low

Byzantine-Resistant Total Ordering Algorithms

AbstractMulticast group communication protocols are used extensively in fault-tolerant distributed systems. For many such protocols, the acknowledgments for individual messages define a causal order on messages. Maintaining the consistency of information, replicated on several processors to protect it against faults, is greatly simplified by a total order on messages. We present algorithms that incrementally convert a causal order on messages into a total order and that tolerate both crash and Byzantine process faults. Varying compromises between latency to message ordering and resilience to faults yield four distinct algorithms. All of these algorithms use a multistage voting strategy to achieve agreement on the total order and exploit the random structure of the causal order to ensure probabilistic termination

The Design of a COTS Real-Time Distributed Security Kernel (Extended Version)

This technical report describes the design of a security kernel called TTCB, which has innovative features. Firstly, it is a distributed subsystem with its own secure network. Secondly, the TTCB is real-time, that is, a synchronous subsystem capable of timely behavior. These two characteristics together are uncommon in security kernels. Thirdly, the TTCB can be implemented using only COTS components. We discuss essentially three things in this paper: (1) The TTCB is a simple component providing a small set of basic secure services. It aims at building a new style of protocols to achieve intrusion tolerance, which for the most part execute in insecure, arbitrary failure environments, and resort to the TTCB only in crucial parts of their operation. (2) Besides, the TTCB is a synchronous device supplying functions that may be an enabler of a new generation of timed secure protocols, until now known to be fragile due to attacks on timing assumptions. (3) Finally, we present a design methodology that establishes our hybrid failure assumptions in a well-founded manner. It helps us to achieve a robust design, despite using exclusively COTS components, with the advantage of allowing the security kernel to be easily deployed on widely used platform

Authenticated group Diffie-Hellman key exchange: theory and practice

Authenticated two-party Diffie-Hellman key exchange allows two principals A and B, communicating over a public network, and each holding a pair of matching public/private keys to agree on a session key. Protocols designed to deal with this problem ensure A (B resp.)that no other principals aside from B (A resp.) can learn any information about this value. These protocols additionally often ensure A and B that their respective partner has actually computed the shared secret value. A natural extension to the above cryptographic protocol problem is to consider a pool of principals agreeing on a session key. Over the years several papers have extended the two-party Diffie-Hellman key exchange to the multi-party setting but no formal treatments were carried out till recently. In light of recent developments in the formalization of the authenticated two-party Diffie-Hellman key exchange we have in this thesis laid out the authenticated group Diffie-Hellman key exchange on firmer foundations

Tolerância a faltas bizantinas usando técnicas de introspecção de máquinas virtuais

Dissertação (mestrado) - Universidade Federal de Santa Catarina, Centro Tecnológico, Programa de Pós-Graduação em Ciência da Computação, Florianópolis, 2015.Atualmente é quase impossível uma pessoa não utilizar direta ou indiretamente um sistema computacional. Ao realizar uma operação bancária ou até mesmo ao fazer compras em uma loja, nós somos auxiliados por sistemas computacionais. Em contrapartida, surgem novos ataques para comprometer o funcionamento correto dos sistemas utilizados. Várias técnicas são utilizadas para que os sistemas funcionem conforme sua especificação, entre elas,destacam-se sistemas tolerantes a faltas bizantinas/intrusões (BFT) através de replicação de máquina de estados (RME). Nessa abordagem, é proposta uma arquitetura de sistema tolerante a intrusões que garante o seu funcionamento correto, mesmo na presença de réplicas faltosas.Este trabalho propõe um algoritmo que une replicação de máquina de estados e sistema de detecção de intrusões (IDS) para tolerar faltas bizantinas. A tecnologia de virtualização é utilizada no algoritmo proposto para replicar o serviço e também para isolar o IDS da aplicação monitorada. Dessa forma, é proposto um detector de intrusões como um componente confiável do sistema BFT. As principais contribuições são: (1) propor um modelo unificado, o qual utiliza replicação de máquina de estados e IDS em conjunto, e faz uso dos recursos da tecnologia de virtualização, (2) detector de intrusões como componente confiável do sistema e (3) elaborar um algoritmo BFT baseado no modelo proposto. Através desta abordagem foi possível reduzir o número de réplicas do sistema de 3f + 1 para 2f + 1 e reduzir o número de passos do protocolo do algoritmo tradicional BFT de Castro e Liskov de 5 para 3 no caso normal de operação e sem precisar da participação do cliente no protocolo.Abstract : Currently, it is almost impossible for a person not to use a computing system, in a direct or indirect way. When we are using a banking machine, or shopping in a store, we need to use a computing system. On the other hand, there are new attacks to damage the correct workingof the systems. There are several techniques to help the systems to work correctly according to their specification; among them, the Byzantine/intrusions fault tolerant systems (BFT) through the state machine replication (SMR) are important ones. In this perspective, it proposes a system architecture tolerant to intrusions that guarantees its proper functioning, even if there are faulty replicas.This research proposes an algorithm which presents a unified approachby using state machine replication and intrusion detection system in order to tolerate Byzantine faults. The virtualization technology is usedon the proposed algorithm to replicate the service and also to isolate the IDS of the monitored application. Therefore, we propose an intrusion detector as a reliable component of the BFT system. The main contributions are: (1) to propose a unified model, which uses state machine replication together with IDS, using the virtualization technology resources; (2) intrusion detector as a reliable component of the system; and (3) to make a BFT algorithm based on the proposed model. This approach made it possible to decrease the number of the system replicas from the 3f + 1 to 2f + 1, and to reduce the number of steps of the protocol of the BFT traditional algorithm from Castro and Liskov from 5 to 3 in a normal case of operation without the participation of the client in the protocol

A Framework for Secure Group Key Management

The need for secure group communication is increasingly evident in a wide variety of governmental, commercial, and Internet communities. Secure group key management is concerned with the methods of issuing and distributing group keys, and the management of those keys over a period of time. To provide perfect secrecy, a central group key manager (GKM) has to perform group rekeying for every join or leave request. Fast rekeying is crucial to an application\u27s performance that has large group size, experiences frequent joins and leaves, or where the GKM is hosted by a group member. Examples of such applications are interactive military simulation, secure video and audio broadcasting, and secure peer-to-peer networks. Traditionally, the rekeying is performed periodically for the batch of requests accumulated during an inter-rekey period. The use of a logical key hierarchy (LKH) by a GKM has been introduced to provide scalable rekeying. If the GKM maintains a LKH of degree d and height h, such that the group size n ≤ dh, and the batch size is R requests, a rekeying requires the GKM to regenerate O(R × h) keys and to perform O(d × R × h) keys encryptions for the new keys distribution. The LKH approach provided a GKM rekeying cost that scales to the logarithm of the group size, however, the number of encryptions increases with increased LKH degree, LKH height, or the batch size. In this dissertation, we introduce a framework for scalable and efficient secure group key management that outperforms the original LKH approach. The framework has six components as follows. First, we present a software model for providing secure group key management that is independent of the application, the security mechanism, and the communication protocol. Second, we focus on a LKH-based GKM and introduce a secure key distribution technique, in which a rekeying requires the GKM to regenerate O( R × h) keys. Instead of encryption, we propose a novel XOR-based key distribution technique, namely XORBP, which performs an XOR operation between keys, and uses random byte patterns (BPs) to distribute the key material in the rekey message to guard against insider attacks. Our experiments show that the XORBP LKH approach substantially reduces a rekeying computation effort by more than 90%. Third, we propose two novel LKH batch rekeying protocols . The first protocol maintains a balanced LKH (B+-LKH) while the other maintains an unbalanced LKH (S-LKH). If a group experiences frequent leaves, keys are deleted form the LKH and maintaining a balanced LKH becomes crucial to the rekeying\u27s process performance. In our experiments, the use of a B+-LKH by a GKM, compared to a S-LKH, is shown to substantially reduce the number of LKH nodes (i.e., storage), and the number of regenerated keys per a rekeying by more than 50%. Moreover, the B +-LKH performance is shown to be bounded with increased group dynamics. Fourth, we introduce a generalized rekey policy that can be used to provide periodic rekeying as well as other versatile rekeying conditions. Fifth, to support distributed group key management, we identify four distributed group-rekeying protocols between a set of peer rekey agents. Finally, we discuss a group member and a GKM\u27s recovery after a short failure time

Robust services in dynamic systems

Thesis (Ph. D.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2005.Includes bibliographical references (p. 191-202).Our growing reliance on online services accessible on the Internet demands highly- available systems that work correctly without interruption. This thesis extends previous work on Byzantine-fault-tolerant replication to meet the new requirements of current Internet services: scalability and the ability to reconfigure the service automatically in the presence of a changing system membership. Our solution addresses two important problems that appear in dynamic replicated services: First, we present a membership service that provides servers and clients in the system with a sequence of consistent views of the system membership (i.e., the set of currently available servers). The membership service is designed to be scalable, and to handle membership changes mostly automatically. Furthermore, the membership service is itself reconfigurable, and tolerates arbitrary faults of a subset of the servers that are implementing it at any instant. The second part of our solution is a generic methodology for transforming replicated services that assume a fixed membership into services that support a dynamic system membership. The methodology uses the output from the membership service to decide when to reconfigure.(cont.) We built two example services using this methodology: a dynamic Byzantine quorum system that supports read and write operations, and a dynamic Byzantine state machine replication system that supports any deterministic service. The final contribution of this thesis is an analytic study that points out an obstacle to the deployment of replicated services based on a dynamic membership. The basic problem is that maintaining redundancy levels for the service state as servers join and leave the system is costly in terms of network bandwidth. To evaluate how dynamic the system membership can be, we developed a model for the cost of state maintenance in dynamic replicated services, and we use measured values from real-world traces to determine possible values for the parameters of the model. We conclude that certain deployments (like a volunteer-based system) are incompatible with the goals of large- scale reliable services. We implemented the membership service and the two example services. Our performance results show that the membership service is scalable, and our replicated services perform well, even during reconfigurations.by Rodrigo Seromenho Miragaia Rodrigues.Ph.D

Modélisation et vérification de protocoles pour des communications sécurisées de groupes

Dans le monde des systèmes qui utilisent des communications sous forme de diffusion de groupes, le critère de sécurité devient un facteur de plus en plus important. Le choix des mécanismes pour la protection de cette communication, mécanismes basés sur des échanges de clés symétriques et asymétriques, influe sur l'efficacité du système. Nous avons procédé à l'analyse des besoins et nous avons défini un modèle qui permet de représenter la dynamique des groupes et la communication entre leurs membres. Nous avons défini l'architecture d'un système dont l'élément central est la fonction de création, d'échange et de mise en place correcte des clés. La modélisation de ce système dans un environnement UML 2.0 a permis son analyse en termes de garantie de propriétés temporelles et de sécurité. L'approche suivie pour l'étude des exigences temporelles est généralisable à de nombreux systèmes distribués. La valorisation de nos études a été faite dans le cadre du projet national RNRT SAFECAST. ABSTRACT : Systems that implement communications in the form of group multicast have increasingly raised security problems. The protection mechanisms applied to that communication rely on symmetrical and asymmetrical key exchanges, and the way these mechanisms are selected does influence the system's efficiency. Following an in depth analysis of the needs captured by these systems, we defined a model for representing the dynamics of groups, as well as communication among group members. We defined one system architecture which focuses on key creation, exchange and management functions. The system was modeled in UML 2.0 and checked against security and temporal properties. The approach we followed to investigate temporal requirements may be extended to a broad variety of distributed system

Enhancing intrusion resilience in publicly accessible distributed systems

PhD ThesisThe internet is increasingly used as a means of communication by many businesses. Online shopping has become an important commercial activity and many governmental bodies offer services online. Malicious intrusion into these systems can have major negative consequences, both for the providers and users of these services. The need to protect against malicious intrusion, coupled with the difficulty of identifying and removing all possible vulnerabilities in a distributed system, have led to the use of systems that can tolerate intrusions with no loss of integrity. These systems require that services be replicated as deterministic state machines, a relatively hard task in practice, and do not ensure that confidentiality is maintained when one or more replicas are successfully intruded into. This thesis presents FORTRESS, a novel intrusion-resilient system that makes use of proactive obfuscation techniques and cheap off-the-shelf hardware to enhance intrusionresilience. FORTRESS uses proxies to prevent clients accessing servers directly, and regular replacement of proxies and servers with differently obfuscated versions. This maintains both confidentiality and integrity as long as an attacker does not compromise the system as a whole. The expected lifetime until system compromise of the FORTRESS system is compared to those of state machine replicated and primary backup systems when confronted with an attacker capable of launching distributed attacks against known vulnerabilities. Thus, FORTRESS is demonstrated to be a viable alternative to building intrusion-tolerant systems using deterministic state machine replication. The performance overhead of the FORTRESS system is also evaluated, using both a general state transfer framework for distributed systems, and a lightweight framework for large scale web applications. This shows the FORTRESS system has a sufficiently small performance overhead to be of practical use