4 research outputs found
Intrusion Resilience Systems for Modern Vehicles
Current vehicular Intrusion Detection and Prevention Systems either incur
high false-positive rates or do not capture zero-day vulnerabilities, leading
to safety-critical risks. In addition, prevention is limited to few primitive
options like dropping network packets or extreme options, e.g., ECU Bus-off
state. To fill this gap, we introduce the concept of vehicular Intrusion
Resilience Systems (IRS) that ensures the resilience of critical applications
despite assumed faults or zero-day attacks, as long as threat assumptions are
met. IRS enables running a vehicular application in a replicated way, i.e., as
a Replicated State Machine, over several ECUs, and then requiring the
replicated processes to reach a form of Byzantine agreement before changing
their local state. Our study rides the mutation of modern vehicular
environments, which are closing the gap between simple and resource-constrained
"real-time and embedded systems", and complex and powerful "information
technology" ones. It shows that current vehicle (e.g., Zonal) architectures and
networks are becoming plausible for such modular fault and intrusion tolerance
solutions,deemed too heavy in the past. Our evaluation on a simulated
Automotive Ethernet network running two state-of-the-art agreement protocols
(Damysus and Hotstuff) shows that the achieved latency and throughout are
feasible for many Automotive applications
Practical Byzantine Reliable Broadcast on Partially Connected Networks
In this paper, we consider the Byzantine reliable broadcast problem on authenticated and partially connected networks. The state-of-the-art method to solve this problem consists in combining two algorithms from the literature. Handling asynchrony and faulty senders is typically done thanks to Gabriel Brachaâs authenticated double-echo broadcast protocol, which assumes an asynchronous fully connected network. Danny Dolevâs algorithm can then be used to provide reliable communications between processes in the global fault model, where up to f processes among N can be faulty in a communication network that is at least 2f+1-connected. Following recent works that showed how Dolevâs protocol can be made more practical thanks to several optimizations, we show that the state-of-the-art methods to solve our problem can be optimized thanks to layer-specific and cross-layer optimizations. Our simulations with the Omnet ++ network simulator show that these optimizations can be efficiently combined to decrease the total amount of information transmitted or the protocolâs latency (e.g., respectively, -25% and -50% with a 16B payload, N=31 and f=4) compared to the state-of-the-art combination of Brachaâs and Dolevâs protocols
RepuCoin: Your Reputation is Your Power
Existing proof-of-work cryptocurrencies cannot tolerate attackers controlling more than 50% of the networkâs computing power at any time, but assume that such a condition happening is âunlikelyâ. However, recent attack sophistication, e.g., where attackers can rent mining capacity to obtain a majority of computing power temporarily, render this assumption unrealistic.
This paper proposes RepuCoin, the first system to provide guarantees even when more than 50% of the systemâs computing power is temporarily dominated by an attacker. RepuCoin physically limits the rate of voting power growth of the entire system. In particular, RepuCoin defines a minerâs power by its âreputationâ, as a function of its work integrated over the time of the entire blockchain, rather than through instantaneous computing power, which can be obtained relatively quickly and/or temporarily. As an example, after a single year of operation, RepuCoin can tolerate attacks compromising 51% of the networkâs computing resources, even if such power stays maliciously seized for almost a whole year. Moreover, RepuCoin provides better resilience to known attacks, compared to existing proof-of-work systems, while achieving a high throughput of 10000 transactions per second (TPS)