hybrid fault tolerant consensus in asynchronous and
play

Hybrid Fault-Tolerant Consensus in Asynchronous and Wireless - PowerPoint PPT Presentation

Aug 27, 2023 •257 likes •594 views

Platzhalter fr Bild, Bild auf Titelfolie hinter das Logo einsetzen Hybrid Fault-Tolerant Consensus in Asynchronous and Wireless Embedded Systems 22nd International Conference on Principles of Distributed Systems Wenbo Xu, Signe Rsch, Bijun

  1. Platzhalter für Bild, Bild auf Titelfolie hinter das Logo einsetzen Hybrid Fault-Tolerant Consensus in Asynchronous and Wireless Embedded Systems 22nd International Conference on Principles of Distributed Systems Wenbo Xu, Signe Rüsch, Bijun Li, Rüdiger Kapitza TU Braunschweig 18.12.2018, Hong Kong

  2. Background: (Binary) Byzantine-Fault Tolerant Consensus • Fundamental problem in distributed systems • Totally n node in the group, each proposes a value , 0 or 1 • In the end all nodes should decide the same value → consensus 1 1 1 0 1 Wenbo Xu| Hybrid Fault-Tolerant Consensus in Asynchronous and Wireless Embedded Systems | Page 2

  3. Background: (Binary) Byzantine-Fault Tolerant Consensus • Fundamental problem in distributed systems • Totally n node in the group, each proposes a value , 0 or 1 • In the end all nodes should decide the same value → consensus • At most f faulty nodes – Crash – Byzantine fault: actively work against the algorithm 1 1 0 0 Wenbo Xu| Hybrid Fault-Tolerant Consensus in Asynchronous and Wireless Embedded Systems | Page 3

  4. Background: Asynchronous System • Nodes communicate via messages • Asynchronous network 1 0 – No message omissions – But messages can take arbitrarily long time →Too slow? Or he didn’t send? Cannot wait forever! That guy crashed? • Strong adversary: the worst case  The adversary can inspect the status of every message and node  … then reorder arrivals of messages, and adjust faulty nodes’ behavior  Cannot break cryptography and a trusted subsystem Wenbo Xu| Hybrid Fault-Tolerant Consensus in Asynchronous and Wireless Embedded Systems | Page 4

  5. Background: Hybrid Fault Model • Trusted subsystem, tamperproof • A strict monotonic counter to prevent “two-faced cheating” • Faulty nodes cannot send contradictory messages in one broadcast 1 [42] 0 [42] 1 [43] Wenbo Xu| Hybrid Fault-Tolerant Consensus in Asynchronous and Wireless Embedded Systems | Page 5

  6. Related Work and Motivation • Randomization to bypass FLP impossibility of asynchrony – Crash fault tolerance with n ≥ 2f+1 : Ben-Or’s algorithm [1] – Byzantine fault tolerance requires n ≥ 3f+1 • Limit the Byzantine behavior with a trusted subsystem – Only requires n ≥ 2f+1 – Built upon complex algorithm stacks, e.g. reliable broadcast primitive – Not resilient against strong adversary → not terminate in worst cases 2f+1 consensus , but less complex and suitable in wireless embedded systems Correctness proof under all cases, even strong adversary [1] Michael Ben‐Or. Another advantage of free choice (extended abstract): Completely asynchronous agreement protocols. In Proceedings of the second annual ACM symposium on Principles of distributed computing , 1983. Wenbo Xu| Hybrid Fault-Tolerant Consensus in Asynchronous and Wireless Embedded Systems | Page 6

  7. Outline  Trusted-Ben-Or Algorithm  A Common Issue in the Proof of Termination  Experiment Wenbo Xu| Hybrid Fault-Tolerant Consensus in Asynchronous and Wireless Embedded Systems | Page 7

  8. Original Ben-Or’s Algorithm Round based, 2 phases per round PR: Propose Phase Round Node 1 Node 2 Node 3 Propose a value 0 or 1 PR 0 1 0 1 VO PR 2 VO Wenbo Xu| Hybrid Fault-Tolerant Consensus in Asynchronous and Wireless Embedded Systems | Page 8

  9. Ben-Or’s Algorithm Round based, 2 phases per round PR: Propose Phase Round Node 1 Node 2 Node 3 VO: Vote Phase PR 0 1 0 Wait for (n-f) proposals 1 � � 0 VO If >n/2 propose the same v → Vote for v PR 2 Else VO → Vote for � (default) Wenbo Xu| Hybrid Fault-Tolerant Consensus in Asynchronous and Wireless Embedded Systems | Page 9

  10. Ben-Or’s Algorithm Round based, 2 phases per round PR: Propose Phase Round Node 1 Node 2 Node 3 VO: Vote Phase PR 0 1 0 1 PR: Propose Phase � � 0 VO Wait for (n-f) votes 0, R PR 0, D 0, D If all vote for � 2 VO → Propose ( $, R ), $ is a random value R = Randomly get the value If someone votes for v D = Deterministically get the value → Propose ( v, D ) Wenbo Xu| Hybrid Fault-Tolerant Consensus in Asynchronous and Wireless Embedded Systems | Page 10

  11. Ben-Or’s Algorithm Round based, 2 phases per round PR: Propose Phase Round Node 1 Node 2 Node 3 VO: Vote Phase PR 0 1 0 1 PR: Propose Phase � � 0 VO VO: Vote Phase 0, R PR 0, D 0, D 2 … 0 VO 0 0 If >n/2 vote for the same v decide decide decide → Decide v 0 0 0 Wenbo Xu| Hybrid Fault-Tolerant Consensus in Asynchronous and Wireless Embedded Systems | Page 11

  12. Ben-Or’s Algorithm Round based, 2 phases per round PR: Propose Phase Round Node 1 Node 2 Node 3 VO: Vote Phase PR 0 1 0 1 PR: Propose Phase � � 0 VO VO: Vote Phase 0, R PR 0, D 0, D 2 … 0 VO 0 0 decide decide decide Only tolerate crash fault, no Byzantine fault! 0 0 0 Wenbo Xu| Hybrid Fault-Tolerant Consensus in Asynchronous and Wireless Embedded Systems | Page 12

  13. Trusted-Ben-Or: Tackle Byzantine faults • Message uniqueness per phase → Trusted monotonic counter for message authentication • Unbiased random number → Trusted random number generator (combined with the counter) • Semantic correctness → Message certificate Wenbo Xu| Hybrid Fault-Tolerant Consensus in Asynchronous and Wireless Embedded Systems | Page 13

  14. Message Uniqueness | Unbiased Random | Semantic Correctness • In round k, each node only sends 2 messages • Trusted monotonic counter authentication: – <PR, k, *, *> with counter value [k|0] – <VO, k, *> with counter value [k|1] • Trusted random number generator • Protected by hardware, can only crash but not Byzantine message id AUTH(message|id|c new ) c new secret key int (c new > c)c ← c new bool rand ($) + AUTH(message|id|c new |$) Wenbo Xu| Hybrid Fault-Tolerant Consensus in Asynchronous and Wireless Embedded Systems | Page 14

  15. Message Uniqueness | Unbiased Random | Semantic Correctness • Piggyback received, authenticated messages to proof the correctness • No recursive certificates – Limited message size ( ≤ n+2 messages in one certificate) – Faulty node can include invalid into a certificate >n/2 PR of last round >n/2 VO 1 1 … 1 � � … � � � … � 1 Propose 0, R Propose 1, D Wenbo Xu| Hybrid Fault-Tolerant Consensus in Asynchronous and Wireless Embedded Systems | Page 15

  16. Adaption to Embedded Wireless Systems • Local broadcast instead of peer-to-peer communication • Tackle (limited) omission faults: – Stubborn re-transmission of last message – Round jumping when received a valid message of future round → No specific network protocols / primitives required for reliable communication • HMAC in trusted subsystem instead of digital signature This Photo by Unknown Author is licensed under CC BY‐SA‐NC Wenbo Xu| Hybrid Fault-Tolerant Consensus in Asynchronous and Wireless Embedded Systems | Page 16

  17. Outline  Trusted-Ben-Or Algorithm  A Common Issue in the Proof of Termination  Experiment Wenbo Xu| Hybrid Fault-Tolerant Consensus in Asynchronous and Wireless Embedded Systems | Page 17

  18. Proof of Termination • No valid proposals of (0, D) and (1, D) at the same time � ( � +1)/2 � * 1 � ( � +1)/2 � * 0 PR VO 0, D 1, D • In a lucky round: – All trusted coins of each node toss the same random value v – … which is the same as the valid deterministic value → Terminate in this round This Photo by Unknown Author is licensed under CC BY‐SA Wenbo Xu| Hybrid Fault-Tolerant Consensus in Asynchronous and Wireless Embedded Systems | Page 18

  19. Proof of Termination A corner case of flaw • Firstly let a node R-get v Round Node 1 Node 2 Node 3 PR 0,D 1,D � � VO PR 0,R VO PR Wenbo Xu| Hybrid Fault-Tolerant Consensus in Asynchronous and Wireless Embedded Systems | Page 19

  20. Proof of Termination A corner case of possible flaw • Firstly let a node R-get v Round Node 1 Node 2 Node 3 PR 0,D 1,D 1,D • Then let another node D-get (1-v) � � VO 1 → Turn the lucky value into unlucky PR 0,R 1,D VO PR Wenbo Xu| Hybrid Fault-Tolerant Consensus in Asynchronous and Wireless Embedded Systems | Page 20

  21. Proof of Termination A corner case of possible flaw • Firstly let a node R-get v Round Node 1 Node 2 Node 3 PR 0,D 1,D 1,D • Then let another node D-get (1-v) � � VO 1 → Turn the lucky value into unlucky PR 0,R 1,D � � VO PR 1,R Is 0 still the lucky “Luckiness” should not depend on future events! value here? Marcos K Aguilera and Sam Toueg. The correctness proof of ben‐or’s randomized consensus algorithm. Distributed Computing , 25(5), 2012. Wenbo Xu| Hybrid Fault-Tolerant Consensus in Asynchronous and Wireless Embedded Systems | Page 21

  22. Proof of Termination • In our work, termination is ensured by: – Counter authentication – Trusted random number generator – Semantic certificate – “Luckiness” • Luckiness depends only on the current system state and past events! • For more details please refer to our paper This Photo by Unknown Author is licensed under CC BY‐SA Wenbo Xu| Hybrid Fault-Tolerant Consensus in Asynchronous and Wireless Embedded Systems | Page 22

  23. Outline  Trusted-Ben-Or Algorithm  A Common Issue in the Proof of Termination  Experiment Wenbo Xu| Hybrid Fault-Tolerant Consensus in Asynchronous and Wireless Embedded Systems | Page 23

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Computability Abstractions for Fault-tolerant Asynchronous Distributed Computing Julien Stainer

Computability Abstractions for Fault-tolerant Asynchronous Distributed Computing Julien Stainer

Computability Abstractions for Fault-tolerant Asynchronous Distributed Computing Julien Stainer under the supervision of Michel Raynal March 18 th , 2015 Computability Abstractions for Fault-tolerant Asynchronous Distributed Computing 1 / 51

1.63k views • 147 slides
CS6100: Topics in Design and Analysis of Algorithms Fault Tolerant Consensus CS6100 (Even 2012):

CS6100: Topics in Design and Analysis of Algorithms Fault Tolerant Consensus CS6100 (Even 2012):

CS6100: Topics in Design and Analysis of Algorithms Fault Tolerant Consensus CS6100 (Even 2012): Fault Tolerant Consensus Models Failure Types 1. Clean Crash Failure completely fail 2. (Unclean) Crash Failure fail after some messages

653 views • 16 slides
Presentation of the paper Proof-of-Execution: Reaching Consensus through Fault-Tolerant

Presentation of the paper Proof-of-Execution: Reaching Consensus through Fault-Tolerant

Presentation of the paper Proof-of-Execution: Reaching Consensus through Fault-Tolerant Speculation Presenter: Haojun (Howard) Zhu Background Due to time-tested safe design of PBFT and due to the limiting designs of other BFT protocols,

536 views • 26 slides
Performance of UDP-based Byzantine Fault Tolerant Consensus Final talk for the Bachelors

Performance of UDP-based Byzantine Fault Tolerant Consensus Final talk for the Bachelors

Chair of Network Architectures and Services Department of Informatics Technical University of Munich Performance of UDP-based Byzantine Fault Tolerant Consensus Final talk for the Bachelors Thesis by Lucas Mair advised by Richard von Seck,

523 views • 36 slides
Asynchronous and Fault-Tolerant Recursive Datalog Evalua9on in Shared-Nothing Engines Jingjing

Asynchronous and Fault-Tolerant Recursive Datalog Evalua9on in Shared-Nothing Engines Jingjing

Asynchronous and Fault-Tolerant Recursive Datalog Evalua9on in Shared-Nothing Engines Jingjing Wang, Magdalena Balazinska, Daniel Halperin University of Washington Modern Analy&gt;cs Requires Itera&gt;on Graph applica&gt;ons Graph

321 views • 19 slides
Circumventing Impossibility Partial Synchrony Circumventing Impossibility Consensus is an

Circumventing Impossibility Partial Synchrony Circumventing Impossibility Consensus is an

Circumventing Impossibility Partial Synchrony Circumventing Impossibility Consensus is an important building block for fault-tolerant computing Universal: any deterministic fault-tolerant service can be implemented on top of it

349 views • 12 slides
Lecture 10: Fault Tolerance Fault Tolerant Concurrent Computing The main principles of fault

Lecture 10: Fault Tolerance Fault Tolerant Concurrent Computing The main principles of fault

Lecture 10: Fault Tolerance Fault Tolerant Concurrent Computing The main principles of fault tolerant programming are: Fault Detection - Knowing that a fault exists Fault Recovery - having atomic instructions that can be rolled back in

361 views • 18 slides
Fault-tolerant techniques Fault-tolerant techniques What causes component faults? What are the

Fault-tolerant techniques Fault-tolerant techniques What causes component faults? What are the

EDA421/DIT171 - Parallel and Distributed Real-Time Systems, Chalmers/GU, 2011/2012 Lecture #14 Updated May 2, 2012 Fault-tolerant techniques Fault-tolerant techniques What causes component faults? What are the effects if the

374 views • 9 slides
FAULT-TOLERANT CONTROL Is it possible? JAN MACIEJOWSKI Fault- tolerant control. DPS09,

FAULT-TOLERANT CONTROL Is it possible? JAN MACIEJOWSKI Fault- tolerant control. DPS09,

FAULT-TOLERANT CONTROL Is it possible? JAN MACIEJOWSKI Fault- tolerant control. DPS09, Gdask Canonical Control Engineering Problem Disturbance Controlled output Set-point Filter Controller Plant Sensor Noise This problem is

639 views • 29 slides
Adaptive Fault Tolerant Systems: Adaptive Fault Tolerant Systems: Reflective Design and

Adaptive Fault Tolerant Systems: Adaptive Fault Tolerant Systems: Reflective Design and

1 Adaptive Fault Tolerant Systems: Adaptive Fault Tolerant Systems: Reflective Design and Validation Reflective Design and Validation Marc-Olivier Killijian Dependable Computing and Fault Tolerance Research Group Toulouse - France 2

865 views • 50 slides
Overview Introduction and basic concept ECE 753: FAULT-TOLERANT Fault model and fault

Overview Introduction and basic concept ECE 753: FAULT-TOLERANT Fault model and fault

4/1/2014 Overview Introduction and basic concept ECE 753: FAULT-TOLERANT Fault model and fault coverage COMPUTING Checkpointing and backward error recovery (rollback) Kewal K.Saluja General principles General principles

259 views • 3 slides
Fault-Tolerant Data Collection in Fault-Tolerant Data Collection in Heterogeneous Intelligent

Fault-Tolerant Data Collection in Fault-Tolerant Data Collection in Heterogeneous Intelligent

Fault-Tolerant Data Collection in Fault-Tolerant Data Collection in Heterogeneous Intelligent Monitoring Networks Networks Heterogeneous Intelligent Monitoring Jing Deng Department of Computer Science University of North Carolina at

335 views • 18 slides
A Fault-Tolerant Alternative to Lockstep Triple Modular Redundancy Andrew L. Baldwin, BS 09,

A Fault-Tolerant Alternative to Lockstep Triple Modular Redundancy Andrew L. Baldwin, BS 09,

A Fault-Tolerant Alternative to Lockstep Triple Modular Redundancy Andrew L. Baldwin, BS 09, MS 12 W. Robert Daasch, Professor Integrated Circuits Design and Test Laboratory Problem Statement In a fault tolerant system containing

478 views • 35 slides
A Self-Stabilizing Hybrid Fault-Tolerant Synchronization Protocol Mahyar R. Malekpour

A Self-Stabilizing Hybrid Fault-Tolerant Synchronization Protocol Mahyar R. Malekpour

Langley Research Center A Self-Stabilizing Hybrid Fault-Tolerant Synchronization Protocol Mahyar R. Malekpour NASA-Langley Research Center mahyar.r.malekpour@nasa.gov +1 757-864-1513 http://shemesh.larc.nasa.gov/people/mahyar.htm Langley

241 views • 20 slides
Overview ECE 753: FAULT-TOLERANT Fault Modeling COMPUTING References Introduction

Overview ECE 753: FAULT-TOLERANT Fault Modeling COMPUTING References Introduction

1/21/2014 Overview ECE 753: FAULT-TOLERANT Fault Modeling COMPUTING References Introduction Kewal K.Saluja Kewal K Saluja Fault models at different levels (HW) Department of Electrical and Computer Engineering Error

304 views • 5 slides
1 What makes consensus hard? Fischer, Lynch and Patterson Fundamentally, the issue revolves

1 What makes consensus hard? Fischer, Lynch and Patterson Fundamentally, the issue revolves

Consensus a classic problem Consensus, impossibility Consensus abstraction underlies many results and Paxos distributed systems and protocols N processes They start execution with inputs { 0,1} Ken Birman Asynchronous,

255 views • 8 slides
Model Checking of Fault-Tolerant Distributed Algorithms Igor Konnov joint work with Annu

Model Checking of Fault-Tolerant Distributed Algorithms Igor Konnov joint work with Annu

Model Checking of Fault-Tolerant Distributed Algorithms Igor Konnov joint work with Annu Gmeiner Ulrich Schmid Helmut Veith Josef Widder Igor Konnov Distributed Systems Are they always working? 2/63 No. . . some failing systems

979 views • 72 slides
Distributed Real-Time Fault Tolerance on a Virtualized Multi-Core System Eric Missimer*, Richard

Distributed Real-Time Fault Tolerance on a Virtualized Multi-Core System Eric Missimer*, Richard

Distributed Real-Time Fault Tolerance on a Virtualized Multi-Core System Eric Missimer*, Richard West and Ye Li Computer Science Department Boston University Boston, MA 02215 Email: { missimer,richwest,liye } @cs.bu.edu *VMware, Inc. Eric

614 views • 27 slides
Dependability Engineering of Complex Computing Systems M. Kaniche J.-C. Laprie

Dependability Engineering of Complex Computing Systems M. Kaniche J.-C. Laprie

Dependability Engineering of Complex Computing Systems M. Kaniche J.-C. Laprie J.-P. Blanquart LAAS / LIS LAAS / LIS Astrium / LIS kaaniche@laas.fr laprie@laas.fr blanquar@laas.fr 6th International Conference on Engineering

269 views • 12 slides
Fully Fault Tolerant Real Time Data Pipeline with Docker and Mesos Rahul Kumar Technical Lead

Fully Fault Tolerant Real Time Data Pipeline with Docker and Mesos Rahul Kumar Technical Lead

Fully Fault Tolerant Real Time Data Pipeline with Docker and Mesos Rahul Kumar Technical Lead LinuxCon / ContainerCon - Berlin, Germany Data Pipeline Agenda Mesos + Docker Reactive Data Pipeline Goal Analyzing data always

504 views • 37 slides
COMP9313: Big Data Management Introduction to MapReduce and Spark Motivation of MapReduce

COMP9313: Big Data Management Introduction to MapReduce and Spark Motivation of MapReduce

COMP9313: Big Data Management Introduction to MapReduce and Spark Motivation of MapReduce Word count output the number of occurrence for each word in the dataset. Nave solution: word_count(D): H = new dict For each w in D:

1.15k views • 30 slides
Policy-Driven Fault Management for NFV Eco System Akhil Jain (NEC) akhil.jain@india.nec.com

Policy-Driven Fault Management for NFV Eco System Akhil Jain (NEC) akhil.jain@india.nec.com

April 2019 Policy-Driven Fault Management for NFV Eco System Akhil Jain (NEC) akhil.jain@india.nec.com Eric Kao (VMware) ekcs.openstack@gmail..com Definitions Network Function (NF): A functional building block in a network packet

458 views • 25 slides
Overview Motivation ECE 753: FAULT-TOLERANT About the Course and the Instructor

Overview Motivation ECE 753: FAULT-TOLERANT About the Course and the Instructor

1/20/2014 Overview Motivation ECE 753: FAULT-TOLERANT About the Course and the Instructor Conduct, Outline, Coursepack COMPUTING Introduction Terminology and definitions Sources, Overview and Comments Sources

703 views • 10 slides
Defect Prevention and Removal SE 350 Software Process &amp; Product Quality 1 Objectives

Defect Prevention and Removal SE 350 Software Process &amp; Product Quality 1 Objectives

Defect Prevention and Removal SE 350 Software Process &amp; Product Quality 1 Objectives Provide basic concepts about defects and defect-oriented practices Practices dealing with defects Setting defect removal targets: Cost

841 views • 25 slides

More recommend