Uniform Node Sampling Service Robust against Collusions of Malicious Nodes

International audienceWe consider the problem of achieving uniform node sampling in large scale systems in presence of a strong adversary. We first propose an omniscient strategy that processes on the fly an unbounded and arbitrarily biased input stream made of node identifiers exchanged within the system, and outputs a stream that preserves Uniformity and Freshness properties. We show through Markov chains analysis that both properties hold despite any arbitrary bias introduced by the adversary. We then propose a knowledge-free strategy and show through extensive simulations that this strategy accurately approximates the omniscient one. We also evaluate its resilience against a strong adversary by studying two representative attacks (flooding and targeted attacks). We quantify the minimum number of identifiers that the adversary must insert in the input stream to prevent uniformity. To our knowledge, such an analysis has never been proposed before

Foiling Sybils with HAPS in Permissionless Systems: An Address-based Peer Sampling Service

International audienceBlockchains and distributed ledgers have brought renewed interest in Byzantine fault-tolerant protocols and decentralized systems, two domains studied for several decades. Recent promising works have in particular proposed to use epidemic protocols to overcome the limitations of popular Blockchain mechanisms , such as proof-of-stake or proof-of-work. These works unfortunately assume a perfect peer-sampling service, immune to malicious attacks, a property that is difficult and costly to achieve. We revisit this fundamental problem in this paper, and propose a novel Byzantine-tolerant peer-sampling service that is resilient to Sybil attacks in open systems by exploiting the underlying structure of wide-area networks

RAPTEE: Leveraging trusted execution environments for Byzantine-tolerant peer sampling services

International audiencePeer sampling is a first-class abstraction used in distributed systems for overlay management and information dissemination. The goal of peer sampling is to continuously build and refresh a partial and local view of the full membership of a dynamic, large-scale distributed system. Malicious nodes under the control of an adversary may aim at being over-represented in the views of correct nodes, increasing their impact on the properoperation of protocols built over peer sampling. State-of-the-art Byzantine resilient peer sampling protocols reduce this bias as long as Byzantines are not overly present. This paper studies the benefits brought to the resilience of peer sampling services when considering that a small portion of trusted nodes can run code whose authenticity and integrity can be assessed within a trusted execution environment, and specifically Intel’s software guard extensions technology (SGX). We present RAPTEE, a protocol that builds and leverages trusted gossip-based communications to hamper an adversary’s ability to increase its system-wide representation in the views of all nodes. We apply RAPTEE to BRAHMS, the most resilient peer sampling protocol to date. Experiments with 10,000 nodes show that with only 1% of SGX-capable devices, RAPTEE can reduce the proportion of identifiers of Byzantine nodes in the view of honest ones by up to 17%, when the system contains 10% of Byzantine nodes. In addition, the security guarantees of RAPTEE hold even in the presence of a powerful attacker attempting to identify trusted nodes and injecting view-poisoned trusted nodes

Designing Robust Collaborative Services in Distributed Wireless Networks

Wireless Sensor Networks (WSNs) are a popular class of distributed collaborative networks finding suitability from medical to military applications. However, their vulnerability to capture, their "open" wireless interfaces, limited battery life, all result in potential vulnerabilities. WSN-based services inherit these vulnerabilities. We focus on tactical environments where sensor nodes play complex roles in data sensing, aggregation and decision making. Services in such environments demand a high level of reliability and robustness. The first problem we studied is robust target localization. Location information is important for surveillance, monitoring, secure routing, intrusion detection, on-demand services etc. Target localization means tracing the path of moving entities through some known surveillance area. In a tactical environment, an adversary can often capture nodes and supply incorrect surveillance data to the system. In this thesis we create a target localization protocol that is robust against large amounts of such falsified data. Location estimates are generated by a Bayesian maximum-likelihood estimator. In order to achieve improved results with respect to fraudulent data attacks, we introduce various protection mechanisms. Further, our novel approach of employing watchdog nodes improves our ability to detect anomalies reducing the impact of an adversarial attack and limiting the amount of falsified data that gets accepted into the system. By concealing and altering the location where data is aggregated, we restrict the adversary to making probabilistic "guess" attacks at best, and increase robustness further. By formulating the problem of robust node localization under adversarial settings and casting it as a multivariate optimization problem, we solve for the system design parameters that correspond to the optimal solution. Together this results in a highly robust protocol design. In order for any collaboration to succeed, collaborating entities must have the same relative sense of time. This ensures that any measurements, surveillance data, mission commands, etc will be processed in the same epoch they are intended to serve. In most cases, data disseminated in a WSN is transient in nature, and applies for a short period of time. New data routinely replaces old data. It is imperative that data be placed in its correct time context; therefore..

An enhanced block validation framework with efficient consensus for secure consortium blockchains

Consortium blockchains have attracted considerable interest from academia and industry due to their low-cost installation and maintenance. However, typical consortium blockchains can be easily attacked by colluding block validators because of the limited number of miners in the systems. To address this problem, in this paper, we propose a novel block validation framework to enhance blockchain security. In the framework, the block validations are assisted and implemented by various lightweight nodes, e.g., edge devices, in addition to the typical blockchain miners. This improves the blockchain security but can cause an increased block validation delay and, thereby, reduced blockchain throughput. To tackle this challenge, we propose an effective method to select lightweight nodes based on their computing powers to maximize the blockchain throughput, and prove the uniqueness of the optimal nodes selection strategy. Security analysis and simulation results from the deployed consortium blockchain platform show that the proposed framework achieves higher throughput and security than the existing consortium blockchain models

Fine-grained reputation-based routing in wireless ad hoc networks

Ad hoc networks are very helpful in situations when no fixed network infrastructure is available. They are especially important in emergency situations such as natural disasters and military conflicts. Most developed wireless ad hoc routing protocols are designed to discover and maintain an active path from source to destination with an assumption that every node is friendly and cooperative. However, it is possible that the participating nodes are selfish or malicious. A mechanism to evaluate reputation for each node is essential for the reliability and security of routing protocol in ad hoc networks. We propose a fine-grained reputation system for wireless ad hoc routing protocols based on constantly monitored and updated first and second-hand reputation information. The nodes in the network monitor their neighbors and obtain first-hand information based on the perceived behavior. Second-hand information is obtained by sharing first-hand information with nodes’ neighbors. Our system is able to distinguish between selfish and malicious nodes and take appropriate actions in either case. We employ the moving-window mechanism which enables us to assign more weight to more recent observations and adjust responsiveness of our reputation system to changes in nodes’ behavior. We show that our fine-grained reputation system is able to improve both reliability and security of an ad hoc network when compared to a reputation system that does not distinguish between selfish and malicious nodes

Collusions and Privacy in Rational-Resilient Gossip

Gossip-based content dissemination protocols are a scalable and cheap alternative to centralized content sharing systems. However, it is well known that these protocols suffer from rational nodes, i.e., nodes that aim at downloading the content without contributing their fair share to the system. While the problem of rational nodes that act individually has been well addressed in the literature, colluding rational nodes is still an open issue. In addition, previous rational-resilient gossip-based solutions require nodes to log their interactions with others, and disclose the content of their logs, which may disclose sensitive information. Nowadays, a consensus exists on the necessity of reinforcing the control of users on their personal information. Nonetheless, to the best of our knowledge no privacy-preserving rational-resilient gossip-based content dissemination system exists. The contributions of this thesis are twofold. First, we present AcTinG, a protocol that prevents rational collusions in gossip-based content dissemination protocols, while guaranteeing zero false positive accusations. AcTing makes nodes maintain secure logs and mutually check each others’ correctness thanks to verifiable but non predictable audits. As a consequence of its design, it is shown to be a Nash-equilibrium. A performance evaluation shows that AcTinG is able to deliver all messages despite the presence of colluders, and exhibits similar scalability properties as standard gossip-based dissemination protocols. Second, we describe P AG, the first accountable and privacy-preserving gossip pro- tocol. P AG builds on a monitoring infrastructure, and homomorphic cryptographic procedures to provide privacy to nodes while making sure that nodes forward the content they receive. The theoretical evaluation of P AG shows that breaking the privacy of interactions is difficult, even in presence of a global and active opponent. We assess this protocol both in terms of privacy and performance using a deployment performed on a cluster of machines, simulations involving up to a million of nodes, and theoretical proofs. The bandwidth overhead is much lower than existing anonymous communication protocols, while still being practical in terms of CPU usage

Copyright protection of scalar and multimedia sensor network data using digital watermarking

This thesis records the research on watermarking techniques to address the issue of copyright protection of the scalar data in WSNs and image data in WMSNs, in order to ensure that the proprietary information remains safe between the sensor nodes in both. The first objective is to develop LKR watermarking technique for the copyright protection of scalar data in WSNs. The second objective is to develop GPKR watermarking technique for copyright protection of image data in WMSN