Bar Gossip Aleksander Jurkowski University of Warsaw - - PowerPoint PPT Presentation

Bar Gossip

Aleksander Jurkowski

University of Warsaw aj262944@students.mimuw.edu.pl

October 18, 2010

Aleksander Jurkowski (MIM UW) Bar Gossip October 18, 2010 1 / 25

Introduction

Goal

Provide p2p data streaming system usable for live podcasts. There is no competitive solution so far...

Aleksander Jurkowski (MIM UW) Bar Gossip October 18, 2010 2 / 25

Introduction

Goal

Provide p2p data streaming system usable for live podcasts. There is no competitive solution so far...

Aleksander Jurkowski (MIM UW) Bar Gossip October 18, 2010 2 / 25

Motivation

Why BAR Gossip?

Benefitting from p2p systems robustness, scalability and adaptivity Shifting costs (e.g. bandwidth) to clients

Aleksander Jurkowski (MIM UW) Bar Gossip October 18, 2010 3 / 25

Motivation

Why BAR Gossip?

Benefitting from p2p systems robustness, scalability and adaptivity Shifting costs (e.g. bandwidth) to clients

Aleksander Jurkowski (MIM UW) Bar Gossip October 18, 2010 3 / 25

Key features

Difference from other solutions

provides stable, reliable throughput focuses on short intervals does not optimize overall download speed small amount of data at given time robust agains Byzantine and Rational clients no purely local, long term based reputation

Aleksander Jurkowski (MIM UW) Bar Gossip October 18, 2010 4 / 25

Key features

Difference from other solutions

provides stable, reliable throughput focuses on short intervals does not optimize overall download speed small amount of data at given time robust agains Byzantine and Rational clients no purely local, long term based reputation

Aleksander Jurkowski (MIM UW) Bar Gossip October 18, 2010 4 / 25

Key features

Difference from other solutions

provides stable, reliable throughput focuses on short intervals does not optimize overall download speed small amount of data at given time robust agains Byzantine and Rational clients no purely local, long term based reputation

Aleksander Jurkowski (MIM UW) Bar Gossip October 18, 2010 4 / 25

Vocabulary

BAR ?

Byzantine - arbitrary malitious client Altruistic - implementing protocol exactly as described Rational - self-serving client

Aleksander Jurkowski (MIM UW) Bar Gossip October 18, 2010 5 / 25

Vocabulary

BAR ?

Byzantine - arbitrary malitious client Altruistic - implementing protocol exactly as described Rational - self-serving client

Aleksander Jurkowski (MIM UW) Bar Gossip October 18, 2010 5 / 25

Vocabulary

BAR ?

Byzantine - arbitrary malitious client Altruistic - implementing protocol exactly as described Rational - self-serving client

Aleksander Jurkowski (MIM UW) Bar Gossip October 18, 2010 5 / 25

Security basis

Assumptions

Digital signatures - each of the clients signs sent messages Dynamic membership - non-Byzantine clients remain in the system until end of the broadcast Single identity for each of the clients

Aleksander Jurkowski (MIM UW) Bar Gossip October 18, 2010 6 / 25

Security basis

Assumptions

Digital signatures - each of the clients signs sent messages Dynamic membership - non-Byzantine clients remain in the system until end of the broadcast Single identity for each of the clients

Aleksander Jurkowski (MIM UW) Bar Gossip October 18, 2010 6 / 25

Security basis

Assumptions

Digital signatures - each of the clients signs sent messages Dynamic membership - non-Byzantine clients remain in the system until end of the broadcast Single identity for each of the clients

Aleksander Jurkowski (MIM UW) Bar Gossip October 18, 2010 6 / 25

Vocabulary

POM

Proof Of Misbehavior - a sequence of signed messages proving that a client violates the protocol

Aleksander Jurkowski (MIM UW) Bar Gossip October 18, 2010 7 / 25

Broadcast

Broadcast consists of rounds, each T + δ long T - time interval sufficient to complete message communication for

• ne round

Update expires deadline rounds after being sent by broadcaster. It is delivered to the media player after expiration. The update is considered delivered timely when it is received before the deadline

Aleksander Jurkowski (MIM UW) Bar Gossip October 18, 2010 8 / 25

Broadcast

Broadcast consists of rounds, each T + δ long T - time interval sufficient to complete message communication for

• ne round

Update expires deadline rounds after being sent by broadcaster. It is delivered to the media player after expiration. The update is considered delivered timely when it is received before the deadline

Aleksander Jurkowski (MIM UW) Bar Gossip October 18, 2010 8 / 25

Broadcast

Broadcast consists of rounds, each T + δ long T - time interval sufficient to complete message communication for

• ne round

Update expires deadline rounds after being sent by broadcaster. It is delivered to the media player after expiration. The update is considered delivered timely when it is received before the deadline

Aleksander Jurkowski (MIM UW) Bar Gossip October 18, 2010 8 / 25

Broadcast

Broadcast consists of rounds, each T + δ long T - time interval sufficient to complete message communication for

• ne round

Update expires deadline rounds after being sent by broadcaster. It is delivered to the media player after expiration. The update is considered delivered timely when it is received before the deadline

Aleksander Jurkowski (MIM UW) Bar Gossip October 18, 2010 8 / 25

Connecting to the broadcast

Client generates a session public and private key Client sends the keys to the broadcaster Broadcaster verifies the keys Broadcaster publishes a list of clients (identity, address, public key)

Aleksander Jurkowski (MIM UW) Bar Gossip October 18, 2010 9 / 25

Connecting to the broadcast

Client generates a session public and private key Client sends the keys to the broadcaster Broadcaster verifies the keys Broadcaster publishes a list of clients (identity, address, public key)

Aleksander Jurkowski (MIM UW) Bar Gossip October 18, 2010 9 / 25

Connecting to the broadcast

Client generates a session public and private key Client sends the keys to the broadcaster Broadcaster verifies the keys Broadcaster publishes a list of clients (identity, address, public key)

Aleksander Jurkowski (MIM UW) Bar Gossip October 18, 2010 9 / 25

Connecting to the broadcast

Client generates a session public and private key Client sends the keys to the broadcaster Broadcaster verifies the keys Broadcaster publishes a list of clients (identity, address, public key)

Aleksander Jurkowski (MIM UW) Bar Gossip October 18, 2010 9 / 25

Round

Broadcaster sends the update to nSeeds randomly selected clients nSeeds must be high enough for at least one non-Byzantine client to receive the update Every client cannot receive the update from the broadcaster, delivery to the rest is based on protocols:

Balanced Exchange Optimistic Push

Aleksander Jurkowski (MIM UW) Bar Gossip October 18, 2010 10 / 25

Round

Broadcaster sends the update to nSeeds randomly selected clients nSeeds must be high enough for at least one non-Byzantine client to receive the update Every client cannot receive the update from the broadcaster, delivery to the rest is based on protocols:

Balanced Exchange Optimistic Push

Aleksander Jurkowski (MIM UW) Bar Gossip October 18, 2010 10 / 25

Round

Broadcaster sends the update to nSeeds randomly selected clients nSeeds must be high enough for at least one non-Byzantine client to receive the update Every client cannot receive the update from the broadcaster, delivery to the rest is based on protocols:

Balanced Exchange Optimistic Push

Aleksander Jurkowski (MIM UW) Bar Gossip October 18, 2010 10 / 25

Balanced Exchange

The idea

The updates are traded one by one, meaning that each of the clients sends exactly the same number of updates.

Problems

This protocol itself is insufficient for unlucky (rarely chosen by broadcaster) or facing network failures clients.

Aleksander Jurkowski (MIM UW) Bar Gossip October 18, 2010 11 / 25

Balanced Exchange

The idea

The updates are traded one by one, meaning that each of the clients sends exactly the same number of updates.

Problems

This protocol itself is insufficient for unlucky (rarely chosen by broadcaster) or facing network failures clients.

Aleksander Jurkowski (MIM UW) Bar Gossip October 18, 2010 11 / 25

Optimistic push

Push

In Optimistic Push the client can send more updates than he receives, allowing the fallen behind client to get the data.

Optimistic

This mechanism is considered optimistic because it is based on hope that the benefitting client will do the same favor in return later. Such behavior is not enforced by the protocol.

Aleksander Jurkowski (MIM UW) Bar Gossip October 18, 2010 12 / 25

Optimistic push

Push

In Optimistic Push the client can send more updates than he receives, allowing the fallen behind client to get the data.

Optimistic

This mechanism is considered optimistic because it is based on hope that the benefitting client will do the same favor in return later. Such behavior is not enforced by the protocol.

Aleksander Jurkowski (MIM UW) Bar Gossip October 18, 2010 12 / 25

Balanced Exchange and Optimistic Push

Aleksander Jurkowski (MIM UW) Bar Gossip October 18, 2010 13 / 25

Choosing partner for Balanced Exchange

1 Client S seeds the PRNG (Pseudo Random Number Generator) with

the signature <r, BAL>S, where r is the round number

2 The numbers generated by the PRNG is deterministically mapped

into client ids until S a first partner without an eviction notice - R

3 S sends the seed and the list of eviction notices to R 4 R validates the data:

The seed is a valid signature r is the current round number All supplied eviction notices are valid The seeded PRNG generates R as the first non-evicted client The seeded value has never been presented to R by S

Aleksander Jurkowski (MIM UW) Bar Gossip October 18, 2010 14 / 25

Choosing partner for Balanced Exchange

1 Client S seeds the PRNG (Pseudo Random Number Generator) with

the signature <r, BAL>S, where r is the round number

2 The numbers generated by the PRNG is deterministically mapped

into client ids until S a first partner without an eviction notice - R

3 S sends the seed and the list of eviction notices to R 4 R validates the data:

The seed is a valid signature r is the current round number All supplied eviction notices are valid The seeded PRNG generates R as the first non-evicted client The seeded value has never been presented to R by S

Aleksander Jurkowski (MIM UW) Bar Gossip October 18, 2010 14 / 25

Choosing partner for Balanced Exchange

1 Client S seeds the PRNG (Pseudo Random Number Generator) with

the signature <r, BAL>S, where r is the round number

2 The numbers generated by the PRNG is deterministically mapped

into client ids until S a first partner without an eviction notice - R

3 S sends the seed and the list of eviction notices to R 4 R validates the data:

The seed is a valid signature r is the current round number All supplied eviction notices are valid The seeded PRNG generates R as the first non-evicted client The seeded value has never been presented to R by S

Aleksander Jurkowski (MIM UW) Bar Gossip October 18, 2010 14 / 25

Choosing partner for Balanced Exchange

1 Client S seeds the PRNG (Pseudo Random Number Generator) with

the signature <r, BAL>S, where r is the round number

2 The numbers generated by the PRNG is deterministically mapped

into client ids until S a first partner without an eviction notice - R

3 S sends the seed and the list of eviction notices to R 4 R validates the data:

The seed is a valid signature r is the current round number All supplied eviction notices are valid The seeded PRNG generates R as the first non-evicted client The seeded value has never been presented to R by S

Aleksander Jurkowski (MIM UW) Bar Gossip October 18, 2010 14 / 25

Choosing partner for Balanced Exchange

1 Client S seeds the PRNG (Pseudo Random Number Generator) with

the signature <r, BAL>S, where r is the round number

2 The numbers generated by the PRNG is deterministically mapped

into client ids until S a first partner without an eviction notice - R

3 S sends the seed and the list of eviction notices to R 4 R validates the data:

The seed is a valid signature r is the current round number All supplied eviction notices are valid The seeded PRNG generates R as the first non-evicted client The seeded value has never been presented to R by S

Aleksander Jurkowski (MIM UW) Bar Gossip October 18, 2010 14 / 25

Choosing partner for Balanced Exchange

1 Client S seeds the PRNG (Pseudo Random Number Generator) with

the signature <r, BAL>S, where r is the round number

2 The numbers generated by the PRNG is deterministically mapped

into client ids until S a first partner without an eviction notice - R

3 S sends the seed and the list of eviction notices to R 4 R validates the data:

The seed is a valid signature r is the current round number All supplied eviction notices are valid The seeded PRNG generates R as the first non-evicted client The seeded value has never been presented to R by S

Aleksander Jurkowski (MIM UW) Bar Gossip October 18, 2010 14 / 25

Choosing partner for Balanced Exchange

1 Client S seeds the PRNG (Pseudo Random Number Generator) with

the signature <r, BAL>S, where r is the round number

2 The numbers generated by the PRNG is deterministically mapped

into client ids until S a first partner without an eviction notice - R

3 S sends the seed and the list of eviction notices to R 4 R validates the data:

The seed is a valid signature r is the current round number All supplied eviction notices are valid The seeded PRNG generates R as the first non-evicted client The seeded value has never been presented to R by S

Aleksander Jurkowski (MIM UW) Bar Gossip October 18, 2010 14 / 25

Choosing partner for Balanced Exchange

1 Client S seeds the PRNG (Pseudo Random Number Generator) with

the signature <r, BAL>S, where r is the round number

2 The numbers generated by the PRNG is deterministically mapped

into client ids until S a first partner without an eviction notice - R

3 S sends the seed and the list of eviction notices to R 4 R validates the data:

The seed is a valid signature r is the current round number All supplied eviction notices are valid The seeded PRNG generates R as the first non-evicted client The seeded value has never been presented to R by S

Aleksander Jurkowski (MIM UW) Bar Gossip October 18, 2010 14 / 25

History Exchange

History

A set of the updates ids

Exchange

1 In the first message S sends i.a. a hash of its history - #HS 2 R verifies if it is allowed to communicate with S and sends its history

• HR

3 S sends its history to R 4 R verifies if the previously sent hash is consistent with the provided

history

Aleksander Jurkowski (MIM UW) Bar Gossip October 18, 2010 15 / 25

History Exchange

History

A set of the updates ids

Exchange

1 In the first message S sends i.a. a hash of its history - #HS 2 R verifies if it is allowed to communicate with S and sends its history

• HR

3 S sends its history to R 4 R verifies if the previously sent hash is consistent with the provided

history

Aleksander Jurkowski (MIM UW) Bar Gossip October 18, 2010 15 / 25

History Exchange

History

A set of the updates ids

Exchange

1 In the first message S sends i.a. a hash of its history - #HS 2 R verifies if it is allowed to communicate with S and sends its history

• HR

3 S sends its history to R 4 R verifies if the previously sent hash is consistent with the provided

history

Aleksander Jurkowski (MIM UW) Bar Gossip October 18, 2010 15 / 25

History Exchange

History

A set of the updates ids

Exchange

1 In the first message S sends i.a. a hash of its history - #HS 2 R verifies if it is allowed to communicate with S and sends its history

• HR

3 S sends its history to R 4 R verifies if the previously sent hash is consistent with the provided

history

Aleksander Jurkowski (MIM UW) Bar Gossip October 18, 2010 15 / 25

Update Exchange

1 S and R exchange k most recent updates the other client lack in

signed briefcases containing:

The seed identifying the exchange Plaintext description of the update ids Updates encrypted with #(Kpriv

S

, seed)

2 R and S verify the received messages:

if the briefcase seed number matches the exchange seed if the briefcase updates list matches the expected one

Aleksander Jurkowski (MIM UW) Bar Gossip October 18, 2010 16 / 25

Update Exchange

1 S and R exchange k most recent updates the other client lack in

signed briefcases containing:

The seed identifying the exchange Plaintext description of the update ids Updates encrypted with #(Kpriv

S

, seed)

2 R and S verify the received messages:

if the briefcase seed number matches the exchange seed if the briefcase updates list matches the expected one

Aleksander Jurkowski (MIM UW) Bar Gossip October 18, 2010 16 / 25

Update Exchange

1 S and R exchange k most recent updates the other client lack in

signed briefcases containing:

The seed identifying the exchange Plaintext description of the update ids Updates encrypted with #(Kpriv

S

, seed)

2 R and S verify the received messages:

if the briefcase seed number matches the exchange seed if the briefcase updates list matches the expected one

Aleksander Jurkowski (MIM UW) Bar Gossip October 18, 2010 16 / 25

Key Exchange

Client behavior

Client sends a key request via UDP containing the exchange seed as well as responds to key requests Key respond contains:

the exchange seed value desryption key for prevoiusly received briefcase of updates

Ommiting the phase

If a client receives a briefcase but not the decription key, then the messages constitute a suspected POM

Aleksander Jurkowski (MIM UW) Bar Gossip October 18, 2010 17 / 25

Key Exchange

Client behavior

Client sends a key request via UDP containing the exchange seed as well as responds to key requests Key respond contains:

the exchange seed value desryption key for prevoiusly received briefcase of updates

Ommiting the phase

If a client receives a briefcase but not the decription key, then the messages constitute a suspected POM

Aleksander Jurkowski (MIM UW) Bar Gossip October 18, 2010 17 / 25

Key Exchange

Client behavior

Client sends a key request via UDP containing the exchange seed as well as responds to key requests Key respond contains:

the exchange seed value desryption key for prevoiusly received briefcase of updates

Ommiting the phase

If a client receives a briefcase but not the decription key, then the messages constitute a suspected POM

Aleksander Jurkowski (MIM UW) Bar Gossip October 18, 2010 17 / 25

Filling POMs

Balanced Exchange

Given a client provides different data than described in history exchange it is a base of a POM.

Constructing the POM

Each of the messages the client receives is signed by the sender and has a hash of the previous one. With this information, together with the received data, we can easily show prove that the protocol was violated by this particular client (signature) and the order of messages (previous message hash).

Aleksander Jurkowski (MIM UW) Bar Gossip October 18, 2010 18 / 25

Filling POMs

Balanced Exchange

Given a client provides different data than described in history exchange it is a base of a POM.

Constructing the POM

Each of the messages the client receives is signed by the sender and has a hash of the previous one. With this information, together with the received data, we can easily show prove that the protocol was violated by this particular client (signature) and the order of messages (previous message hash).

Aleksander Jurkowski (MIM UW) Bar Gossip October 18, 2010 18 / 25

Auditor

The auditor is an agent prompting randomly chosen clients for POMs against other clients. If the client does not have any POMs he has to send a dummy message. The POM query responses are of equal size so omitting POMs does not save any bandwidth Clients not responding to auditor queries are considered Byzantine and removed

Aleksander Jurkowski (MIM UW) Bar Gossip October 18, 2010 19 / 25

Auditor

The auditor is an agent prompting randomly chosen clients for POMs against other clients. If the client does not have any POMs he has to send a dummy message. The POM query responses are of equal size so omitting POMs does not save any bandwidth Clients not responding to auditor queries are considered Byzantine and removed

Aleksander Jurkowski (MIM UW) Bar Gossip October 18, 2010 19 / 25

Auditor

The auditor is an agent prompting randomly chosen clients for POMs against other clients. If the client does not have any POMs he has to send a dummy message. The POM query responses are of equal size so omitting POMs does not save any bandwidth Clients not responding to auditor queries are considered Byzantine and removed

Aleksander Jurkowski (MIM UW) Bar Gossip October 18, 2010 19 / 25

Auditor

The auditor is an agent prompting randomly chosen clients for POMs against other clients. If the client does not have any POMs he has to send a dummy message. The POM query responses are of equal size so omitting POMs does not save any bandwidth Clients not responding to auditor queries are considered Byzantine and removed

Aleksander Jurkowski (MIM UW) Bar Gossip October 18, 2010 19 / 25

BAR Gossip reliability

Circumstances BAR Gossip prototype deals with

Robust against Byzantine and selfish behavior even if 40% of rational clients collude Manages deliver the updates timely in an environment where 20% of the clients are Byzantine and the rest is rational

Aleksander Jurkowski (MIM UW) Bar Gossip October 18, 2010 20 / 25

BAR Gossip reliability

Circumstances BAR Gossip prototype deals with

Robust against Byzantine and selfish behavior even if 40% of rational clients collude Manages deliver the updates timely in an environment where 20% of the clients are Byzantine and the rest is rational

Aleksander Jurkowski (MIM UW) Bar Gossip October 18, 2010 20 / 25

Test - probability of receiving an update

Aleksander Jurkowski (MIM UW) Bar Gossip October 18, 2010 21 / 25

Test - average upload bandwidth

Aleksander Jurkowski (MIM UW) Bar Gossip October 18, 2010 22 / 25

Test - probability of receiving an update

Aleksander Jurkowski (MIM UW) Bar Gossip October 18, 2010 23 / 25

References

Harry C. Li, Allen Clement, Edmund L. Wong, Jeff Napper, Indrajit Roy, Lorenzo Alvisi, Michael Dahlin (2006) BAR Gossip.

Aleksander Jurkowski (MIM UW) Bar Gossip October 18, 2010 24 / 25

The End

Aleksander Jurkowski (MIM UW) Bar Gossip October 18, 2010 25 / 25