towards recoverable hybrid byzantine consensus
play

Towards Recoverable Hybrid Byzantine Consensus Hans P. Reiser 1 , R - PowerPoint PPT Presentation

Jan 01, 2024 •261 likes •603 views

Towards Recoverable Hybrid Byzantine Consensus Hans P. Reiser 1 , R udiger Kapitza 2 1 University of Lisboa, Portugal 2 University of Erlangen-N urnberg, Germany September 22, 2009 Overview Background 1 Why? When? Where? Towards

  1. Towards Recoverable Hybrid Byzantine Consensus Hans P. Reiser 1 , R¨ udiger Kapitza 2 1 University of Lisboa, Portugal 2 University of Erlangen-N¨ urnberg, Germany September 22, 2009

  2. Overview Background 1 Why? When? Where? Towards Recoverable Hybrid Byzantine Consensus 2 Wanted: Recovery Recovery in existing BFT algorithms Recoverable BFT: A State Model Provocative Questions and Conclusions 3 Hans P. Reiser (University of Lisboa) Towards Recoverable Hybrid Byzantine Consensus September 22, 2009 2

  3. Why? Security threats NVD, Bugtraq, etc: Countless vulnerabilities Viruses, botnets, cyber warefare: Countless attacks Pervasive IT systems Everything (incl. critical infrastructures) connected to Internet High security requirements no longer limited to traditional critical infrastructures Hans P. Reiser (University of Lisboa) Towards Recoverable Hybrid Byzantine Consensus September 22, 2009 3

  4. Why? Security threats NVD, Bugtraq, etc: Countless vulnerabilities Viruses, botnets, cyber warefare: Countless attacks Pervasive IT systems Everything (incl. critical infrastructures) connected to Internet High security requirements no longer limited to traditional critical infrastructures Current best practices cannot avoid all faults/intrusions New approaches are needed. Intrusion tolerance might be one key building block for more secure, more dependable systems. Hans P. Reiser (University of Lisboa) Towards Recoverable Hybrid Byzantine Consensus September 22, 2009 3

  5. When? I do not know. Hoping for interesting discussions :-) Hans P. Reiser (University of Lisboa) Towards Recoverable Hybrid Byzantine Consensus September 22, 2009 4

  6. When? I do not know. Hoping for interesting discussions :-) Marketing / political issue How to convince people to pay for intrusion tolerance? Quantifying the benefit? Intrusions harder to predict than traditional faults . . . Hans P. Reiser (University of Lisboa) Towards Recoverable Hybrid Byzantine Consensus September 22, 2009 4

  7. When? I do not know. Hoping for interesting discussions :-) Marketing / political issue How to convince people to pay for intrusion tolerance? Quantifying the benefit? Intrusions harder to predict than traditional faults . . . Do we still need further improvements? new research directions? Cheaper BFT? (R¨ udiger’s f + 1 talk) Missing functionality? (e.g., node recovery ) . . . Hans P. Reiser (University of Lisboa) Towards Recoverable Hybrid Byzantine Consensus September 22, 2009 4

  8. Where? Where to use BFT algorithms in practice? Use it to build intrusion-tolerant systems . . . wherever we will find vulnerabilities & attacks (i.e., almost everywhere) . . . wherever we can afford the cost Hans P. Reiser (University of Lisboa) Towards Recoverable Hybrid Byzantine Consensus September 22, 2009 5

  9. Where? Where to use BFT algorithms in practice? Use it to build intrusion-tolerant systems . . . wherever we will find vulnerabilities & attacks (i.e., almost everywhere) . . . wherever we can afford the cost (don’t forget diversity Hans P. Reiser (University of Lisboa) Towards Recoverable Hybrid Byzantine Consensus September 22, 2009 5

  10. Where? Where to use BFT algorithms in practice? Use it to build intrusion-tolerant systems . . . wherever we will find vulnerabilities & attacks (i.e., almost everywhere) . . . wherever we can afford the cost (don’t forget diversity . . . and determinism) Hans P. Reiser (University of Lisboa) Towards Recoverable Hybrid Byzantine Consensus September 22, 2009 5

  11. Overview Background 1 Why? When? Where? Towards Recoverable Hybrid Byzantine Consensus 2 Wanted: Recovery Recovery in existing BFT algorithms Recoverable BFT: A State Model Provocative Questions and Conclusions 3 Hans P. Reiser (University of Lisboa) Towards Recoverable Hybrid Byzantine Consensus September 22, 2009 6

  12. Wanted: Recovery Using BFT for building intrusion-tolerant systems Function correctly in spite of malicious intrusions Capability of reorganizing itself autonomously Hans P. Reiser (University of Lisboa) Towards Recoverable Hybrid Byzantine Consensus September 22, 2009 7

  13. Wanted: Recovery Using BFT for building intrusion-tolerant systems Function correctly in spite of malicious intrusions Capability of reorganizing itself autonomously Limitation of simple BFT algorithms Sooner or later, attackers might compromise more nodes than the system can tolerate Intrusions usually are hard to detect Hans P. Reiser (University of Lisboa) Towards Recoverable Hybrid Byzantine Consensus September 22, 2009 7

  14. Wanted: Recovery Using BFT for building intrusion-tolerant systems Function correctly in spite of malicious intrusions Capability of reorganizing itself autonomously Limitation of simple BFT algorithms Sooner or later, attackers might compromise more nodes than the system can tolerate Intrusions usually are hard to detect Wanted: Proactive Recovery Replicas should proactively be refreshed periodically, in addition to reactively repairing detected faults. Hans P. Reiser (University of Lisboa) Towards Recoverable Hybrid Byzantine Consensus September 22, 2009 7

  15. Overview Background 1 Why? When? Where? Towards Recoverable Hybrid Byzantine Consensus 2 Wanted: Recovery Recovery in existing BFT algorithms Recoverable BFT: A State Model Provocative Questions and Conclusions 3 Hans P. Reiser (University of Lisboa) Towards Recoverable Hybrid Byzantine Consensus September 22, 2009 8

  16. Recovery in existing BFT algorithms PBFT (Castro et al.): Explicit proactive recovery support Prerequisites for proactive recovery Tamper-free device that periodically triggers recoveries Trusted component that stores private key and creates signatures Means for avoiding message replay after recovery Recovering non-faulty replica must not loose state and Recovering faulty replica must not spread wrong information Hans P. Reiser (University of Lisboa) Towards Recoverable Hybrid Byzantine Consensus September 22, 2009 9

  17. Recovery in existing BFT algorithms Algorithm TCB Recovery support PBFT yes yes Q/U no no HQ no no BFT2F no no Zyzzyva no no A2M yes maybe MinBFT yes no Table: Recovery support in BFT algorithms Hans P. Reiser (University of Lisboa) Towards Recoverable Hybrid Byzantine Consensus September 22, 2009 10

  18. Implications of prerequisites Tamper-free device that triggers recoveries Trusted component that stores private key and creates signatures Means for avoiding message replay after recovery Recovering non-faulty replica must not loose state Recovering faulty replica must not spread wrong information Hans P. Reiser (University of Lisboa) Towards Recoverable Hybrid Byzantine Consensus September 22, 2009 11

  19. Implications of prerequisites Tamper-free device that triggers recoveries Easy: External tamper-free box Trusted component that stores private key and creates signatures Means for avoiding message replay after recovery Recovering non-faulty replica must not loose state Recovering faulty replica must not spread wrong information Hans P. Reiser (University of Lisboa) Towards Recoverable Hybrid Byzantine Consensus September 22, 2009 11

  20. Implications of prerequisites Tamper-free device that triggers recoveries Easy: External tamper-free box Trusted component that stores private key and creates signatures Easy: trusted box + minor implementation changes Means for avoiding message replay after recovery Recovering non-faulty replica must not loose state Recovering faulty replica must not spread wrong information Hans P. Reiser (University of Lisboa) Towards Recoverable Hybrid Byzantine Consensus September 22, 2009 11

  21. Implications of prerequisites Tamper-free device that triggers recoveries Easy: External tamper-free box Trusted component that stores private key and creates signatures Easy: trusted box + minor implementation changes Means for avoiding message replay after recovery Session keys, changes to message format, message filtering? Recovering non-faulty replica must not loose state Recovering faulty replica must not spread wrong information Hans P. Reiser (University of Lisboa) Towards Recoverable Hybrid Byzantine Consensus September 22, 2009 11

  22. Implications of prerequisites Tamper-free device that triggers recoveries Easy: External tamper-free box Trusted component that stores private key and creates signatures Easy: trusted box + minor implementation changes Means for avoiding message replay after recovery Session keys, changes to message format, message filtering? Recovering non-faulty replica must not loose state Highly intrusive: All relevant state on persistent storage Recovering faulty replica must not spread wrong information Hans P. Reiser (University of Lisboa) Towards Recoverable Hybrid Byzantine Consensus September 22, 2009 11

  23. Implications of prerequisites Tamper-free device that triggers recoveries Easy: External tamper-free box Trusted component that stores private key and creates signatures Easy: trusted box + minor implementation changes Means for avoiding message replay after recovery Session keys, changes to message format, message filtering? Recovering non-faulty replica must not loose state Highly intrusive: All relevant state on persistent storage Recovering faulty replica must not spread wrong information Most difficult part: protocol extensions (state validation) Hans P. Reiser (University of Lisboa) Towards Recoverable Hybrid Byzantine Consensus September 22, 2009 11

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Towards Low-Latency Byzantine Agreement Protocols Using RDMA DSN Workshop on Byzantine Consensus

Towards Low-Latency Byzantine Agreement Protocols Using RDMA DSN Workshop on Byzantine Consensus

Towards Low-Latency Byzantine Agreement Protocols Using RDMA DSN Workshop on Byzantine Consensus and Resilient Blockchains Signe Rsch, Ines Messadi, Rdiger Kapitza, 2018-06-25 ruesch@ibr.cs.tu-bs.de Technische Universitt Braunschweig,

781 views • 47 slides
Byzantine Fault Tolerance Consensus Strikes Back Announcements Lab 2 Hopefully everyone has

Byzantine Fault Tolerance Consensus Strikes Back Announcements Lab 2 Hopefully everyone has

Byzantine Fault Tolerance Consensus Strikes Back Announcements Lab 2 Hopefully everyone has started by now, maybe even finished large portions. If not ... you should worry . Please don't change the protobufs. My testing strategy

1.26k views • 76 slides
Advanced Network Security 6. Agreement and consensus II: Byzantine failures Jaap-Henk Hoepman

Advanced Network Security 6. Agreement and consensus II: Byzantine failures Jaap-Henk Hoepman

Advanced Network Security 6. Agreement and consensus II: Byzantine failures Jaap-Henk Hoepman Digital Security (DS) Radboud University Nijmegen, the Netherlands @xotoxot // * jhh@cs.ru.nl // 8 www.cs.ru.nl/~jhh Byzantine failures are real

477 views • 30 slides
Hybrid Consensus: Efficient Consensus in the Permissionless Model Rafael Pass and Elaine Shi

Hybrid Consensus: Efficient Consensus in the Permissionless Model Rafael Pass and Elaine Shi

Hybrid Consensus: Efficient Consensus in the Permissionless Model Rafael Pass and Elaine Shi IC3 1 Blockchains Satoshi Nakamoto, 2009 Public database Shared & maintained between network participants Blockchain agreement protocol

296 views • 15 slides
Byzantine Fault Tolerance Consensus Strikes Back (continued) Announcements Lab 2 Due in

Byzantine Fault Tolerance Consensus Strikes Back (continued) Announcements Lab 2 Due in

Byzantine Fault Tolerance Consensus Strikes Back (continued) Announcements Lab 2 Due in approximately 5 hours. If you haven't started yet then ... I don't really know how to help. Note, even with late days you must submit by 23:59 on

1.34k views • 56 slides
Performance of UDP-based Byzantine Fault Tolerant Consensus Final talk for the Bachelors

Performance of UDP-based Byzantine Fault Tolerant Consensus Final talk for the Bachelors

Chair of Network Architectures and Services Department of Informatics Technical University of Munich Performance of UDP-based Byzantine Fault Tolerant Consensus Final talk for the Bachelors Thesis by Lucas Mair advised by Richard von Seck,

523 views • 36 slides
Reasoning about Byzantine Protocols Ilya Sergey ilyasergey.net Why Distributed Consensus is

Reasoning about Byzantine Protocols Ilya Sergey ilyasergey.net Why Distributed Consensus is

Reasoning about Byzantine Protocols Ilya Sergey ilyasergey.net Why Distributed Consensus is difficult? Arbitrary message delays (asynchronous network) Independent parties (nodes) can go offline (and also back online) Network

1.29k views • 72 slides
Byzantine Vector Consensus in Complete Graphs Nitin Vaidya University of

Byzantine Vector Consensus in Complete Graphs Nitin Vaidya University of

Byzantine Vector Consensus in Complete Graphs Nitin Vaidya University of Illinois at Urbana-Champaign Vijay Garg University of Texas at Austin Assumptions g Complete graph of n processes g f

964 views • 60 slides
RepuCoin: Reputation-based Byzantine Consensus Jeremie Decouchant, Joint work with Jiangshan Yu,

RepuCoin: Reputation-based Byzantine Consensus Jeremie Decouchant, Joint work with Jiangshan Yu,

University of Luxembourg Multilingual. Personalised. Connected. RepuCoin: Reputation-based Byzantine Consensus Jeremie Decouchant, Joint work with Jiangshan Yu, David Kozhaya, Paulo Esteves-Verssimo CritiX, SnT jeremie.decouchant@uni.lu

333 views • 12 slides
ROBUST & SPECULATIVE BYZANTINE RANDOMIZED CONSENSUS WITH CONSTANT TIME COMPLEXITY IN

ROBUST & SPECULATIVE BYZANTINE RANDOMIZED CONSENSUS WITH CONSTANT TIME COMPLEXITY IN

ROBUST & SPECULATIVE BYZANTINE RANDOMIZED CONSENSUS WITH CONSTANT TIME COMPLEXITY IN NORMAL CONDITIONS Nuno Neves Bruno Vavala University of Lisbon, Portugal University of Lisbon, Portugal Carnegie Mellon

407 views • 36 slides
The Byzantine Generals Problem Zixin Chi Julian Angeles Motivation A reliable system must be

The Byzantine Generals Problem Zixin Chi Julian Angeles Motivation A reliable system must be

The Byzantine Generals Problem Zixin Chi Julian Angeles Motivation A reliable system must be fault-tolerant. having some degree of redundancy. Consensus protocol. How can we reach consensus? What is the problem? First proposed by

599 views • 33 slides
Byzantine Fault Tolerance Consensus Strikes Back (continued) Announcements Lab 2 Due in

Byzantine Fault Tolerance Consensus Strikes Back (continued) Announcements Lab 2 Due in

Byzantine Fault Tolerance Consensus Strikes Back (continued) Announcements Lab 2 Due in approximately 5 hours. Lab 2 Due in approximately 5 hours. If you haven't started yet then ... I don't really know how to help. Lab 2 Due in

1.69k views • 119 slides
Consensus and Dissent or: Meta - Consensus Consensus about what we have consensus

Consensus and Dissent or: Meta - Consensus Consensus about what we have consensus

Consensus and Dissent or: Meta - Consensus Consensus about what we have consensus on Building on Bitcoin Lisboa, Portugal -- 4 July 2018 Paul Sztorc Twitter: @truthcoin paul@tierion.com 16C8 1597 E76E 86E6 C01E F037 AA4B 3330

619 views • 37 slides
Federated Byzantine Quorum Systems lvaro Garca-Prez and Alexey Gotsman IMDEA Software

Federated Byzantine Quorum Systems lvaro Garca-Prez and Alexey Gotsman IMDEA Software

Federated Byzantine Quorum Systems lvaro Garca-Prez and Alexey Gotsman IMDEA Software Institute Blockchains Append-only, distributed ledger. Uses a Byzantine fault-tolerant (BFT) consensus algorithm to ensure that distributed nodes

1.12k views • 84 slides
Byzantine Fault Tolerance and Partial Synchrony Stefan Stattelmann Seminar Advanced Topics in

Byzantine Fault Tolerance and Partial Synchrony Stefan Stattelmann Seminar Advanced Topics in

Introduction Consensus and Partial Synchrony Practical Byzantine Fault Tolerance Byzantine Fault Tolerance and Partial Synchrony Stefan Stattelmann Seminar Advanced Topics in Distributed Computing WS 2007/2008, MPI-SWS (Saarland University),

1.12k views • 37 slides
Byzantine Fault Tolerance Consensus Strikes Back Announcements Lab 2 Lab 2 Hopefully

Byzantine Fault Tolerance Consensus Strikes Back Announcements Lab 2 Lab 2 Hopefully

Byzantine Fault Tolerance Consensus Strikes Back Announcements Lab 2 Lab 2 Hopefully everyone has started by now, maybe even finished large portions. Lab 2 Hopefully everyone has started by now, maybe even finished large portions.

1.87k views • 141 slides
More on Malware CS 136 Computer Security Peter Reiher March 4, 2008 Lecture 14 Page 1 CS

More on Malware CS 136 Computer Security Peter Reiher March 4, 2008 Lecture 14 Page 1 CS

More on Malware CS 136 Computer Security Peter Reiher March 4, 2008 Lecture 14 Page 1 CS 136, Winter 2008 Outline Introduction Viruses Trojan horses Trap doors Logic bombs Worms Botnets Spyware Some

701 views • 53 slides
Developing Systems for Cyber Situational Awareness* James Okolica, J. Todd McDonald, Gilbert L.

Developing Systems for Cyber Situational Awareness* James Okolica, J. Todd McDonald, Gilbert L.

Air Force Institute of Technology Develop America's Airmen Today ... for Tomorrow Developing Systems for Cyber Situational Awareness* James Okolica, J. Todd McDonald, Gilbert L. Peterson, Robert F. Mills, and Michael W. Haas Center for

355 views • 19 slides
Network Economics -- Lecture 4: Incen5ves and games

Network Economics -- Lecture 4: Incen5ves and games

Network Economics -- Lecture 4: Incen5ves and games in security Patrick Loiseau EURECOM Fall 2015 1 References J. Walrand. Economics

882 views • 70 slides
TAXONOMY AND CHALLENGES IN MACHINE LEARNING-BASED APPROACHES TO DETECT ATTACKS IN THE INTERNET

TAXONOMY AND CHALLENGES IN MACHINE LEARNING-BASED APPROACHES TO DETECT ATTACKS IN THE INTERNET

The 15th International Conference on Availability, Reliability and Security (ARES 2020) August 25 to August 28, 2020 in Dublin, Ireland ID-86 workshop paper (IoT-SECFOR) TAXONOMY AND CHALLENGES IN MACHINE LEARNING-BASED APPROACHES TO DETECT

583 views • 13 slides
and Compliance Management for Dynamic EDS Carlos Rubio-Medrano , Josephine Lamp , Ziming Zhao and

and Compliance Management for Dynamic EDS Carlos Rubio-Medrano , Josephine Lamp , Ziming Zhao and

A RIZONA S TATE U NIVERSITY Fall 2016 Robust and Scalable Security Monitoring and Compliance Management for Dynamic EDS Carlos Rubio-Medrano , Josephine Lamp , Ziming Zhao and Gail-Joon Ahn 11/18/2016 1 A RIZONA S TATE U NIVERSITY Background

893 views • 40 slides
Systematizing Insider Threat mitigation George Magklaras BSc Hons Mphil Information Security

Systematizing Insider Threat mitigation George Magklaras BSc Hons Mphil Information Security

Systematizing Insider Threat mitigation George Magklaras BSc Hons Mphil Information Security & Network Research Group University of Plymouth, UK http://www.network-research-group.org/ Agenda Basic definitions. Manifestation of

1.07k views • 50 slides
CCW Workshop Technical Session on Mobile Cloud Compu<ng

CCW Workshop Technical Session on Mobile Cloud Compu<ng

CCW Workshop Technical Session on Mobile Cloud Compu<ng Panelists: Dijiang Huang (ASU, Moderator) Mario Gerla (UCLA) Huan

626 views • 30 slides
Evaluation of training Learning objectives Design a possible evaluation procedure for

Evaluation of training Learning objectives Design a possible evaluation procedure for

INF3280, 25 March 2020 Evaluation of training Learning objectives Design a possible evaluation procedure for Assignment 3 Core literature Chapter 9 Auxiliary literature Holton III (1996) The flawed four-level

212 views • 10 slides

More recommend