Robust P2P Primitives Using SGX Enclaves

Peer-to-peer (P2P) systems such as BitTorrent and Bitcoin are susceptible to serious attacks from byzantine nodes that join as peers. Due to well-known impossibility  results for designing P2P primitives in unrestricted byzantine settings, research has explored many adversarial models with additional assumptions, ranging from mild (such as pre-established PKI) to strong (such as the existence of common random coins). One such widely-studied model is the general omission model, which yields simple protocols with good efficiency, but has been considered impractical or unrealizable since it artificially limits the adversary only to omitting messages. In this work, we study the setting of a synchronous network wherein peer nodes have CPUs equipped with a recent trusted computing mechanism called Intel SGX. In this model, we observe that the byzantine adversary reduces to the adversary in the general-omission model. As a first result, we show that by leveraging SGX features, we eliminate any source of advantage for a byzantine adversary beyond that gained by omitting messages, making the general-omission model realizable. Second, we present new protocols that improve the communication complexity of two fundamental primitives — reliable broadcast and common random coins (or beacons) — in the synchronous setting, by utilizing SGX features. Our evaluation of 1000 nodes running on 40 DeterLab machines confirms theoretical efficiency claim

[1]  Matthias Fitzi,et al.  Efficient player-optimal protocols for strong and differential consensus , 2003, PODC '03.

[2]  Victor Shoup,et al.  Secure and Efficient Asynchronous Broadcast Protocols , 2001, CRYPTO.

[3]  Christian Scheideler,et al.  Robust random number generation for peer-to-peer systems , 2006, Theor. Comput. Sci..

[4]  László Babai,et al.  Trading group theory for randomness , 1985, STOC '85.

[5]  Jonathan Katz,et al.  On expected constant-round protocols for Byzantine agreement , 2006, J. Comput. Syst. Sci..

[6]  Marcus Peinado,et al.  T-SGX: Eradicating Controlled-Channel Attacks Against Enclave Programs , 2017, NDSS.

[7]  Yehuda Lindell,et al.  Introduction to Modern Cryptography , 2004 .

[8]  Piotr Berman,et al.  Cloture Votes:n/4-resilient Distributed Consensus int + 1 rounds , 2005, Mathematical systems theory.

[9]  Victor Shoup,et al.  Random Oracles in Constantinople: Practical Asynchronous Byzantine Agreement Using Cryptography , 2000, Journal of Cryptology.

[10]  Ethan Heilman,et al.  Eclipse Attacks on Bitcoin's Peer-to-Peer Network , 2015, USENIX Security Symposium.

[11]  Sam Toueg,et al.  Time and Message Efficient Reliable Broadcasts , 1990, WDAG.

[12]  Jared Saia,et al.  Scalable byzantine computation , 2010, SIGA.

[13]  Marcin Andrychowicz,et al.  Distributed Cryptography Based on the Proofs of Work , 2014, IACR Cryptol. ePrint Arch..

[14]  Marcus Peinado,et al.  Controlled-Channel Attacks: Deterministic Side Channels for Untrusted Operating Systems , 2015, 2015 IEEE Symposium on Security and Privacy.

[15]  Jeremy Clark,et al.  On the Use of Financial Data as a Random Beacon , 2010, EVT/WOTE.

[16]  Srdjan Capkun,et al.  ROTE: Rollback Protection for Trusted Execution , 2017, USENIX Security Symposium.

[17]  Johannes Behl,et al.  Hybrids on Steroids: SGX-Based High Performance BFT , 2017, EuroSys.

[18]  Scott Shenker,et al.  Attested append-only memory: making adversaries stick to their word , 2007, SOSP.

[19]  Yoram Moses,et al.  Fully polynomial Byzantine agreement in t + 1 rounds , 1993, STOC.

[20]  Elaine Shi,et al.  The Honey Badger of BFT Protocols , 2016, CCS.

[21]  Michael O. Rabin,et al.  Transaction Protection by Beacons , 1983, J. Comput. Syst. Sci..

[22]  Srinivas Devadas,et al.  Intel SGX Explained , 2016, IACR Cryptol. ePrint Arch..

[23]  Sam Toueg,et al.  Asynchronous consensus and broadcast protocols , 1985, JACM.

[24]  Miguel Correia,et al.  The Design of a COTSReal-Time Distributed Security Kernel , 2002, EDCC.

[25]  Miguel Correia,et al.  How to tolerate half less one Byzantine nodes in practical distributed systems , 2004, Proceedings of the 23rd IEEE International Symposium on Reliable Distributed Systems, 2004..

[26]  George Cybenko,et al.  Dynamic Load Balancing for Distributed Memory Multiprocessors , 1989, J. Parallel Distributed Comput..

[27]  Michael J. Fischer,et al.  Scalable Bias-Resistant Distributed Randomness , 2017, 2017 IEEE Symposium on Security and Privacy (SP).

[28]  Danny Dolev,et al.  Authenticated Algorithms for Byzantine Agreement , 1983, SIAM J. Comput..

[29]  Michael O. Rabin,et al.  Randomized byzantine generals , 1983, 24th Annual Symposium on Foundations of Computer Science (sfcs 1983).

[30]  Miguel Oom Temudo de Castro,et al.  Practical Byzantine fault tolerance , 1999, OSDI '99.

[31]  Marcus Peinado,et al.  Inferring Fine-grained Control Flow Inside SGX Enclaves with Branch Shadowing , 2016, USENIX Security Symposium.

[32]  Stefano Tessaro,et al.  Asynchronous verifiable information dispersal , 2005, 24th IEEE Symposium on Reliable Distributed Systems (SRDS'05).

[33]  Sam Toueg,et al.  Fault-tolerant broadcasts and related problems , 1993 .

[34]  Gabriel Bracha,et al.  An asynchronous [(n - 1)/3]-resilient consensus protocol , 1984, PODC '84.

[35]  Richard M. Karp,et al.  Load Balancing in Structured P2P Systems , 2003, IPTPS.

[36]  Gabriel Bracha,et al.  Asynchronous Byzantine Agreement Protocols , 1987, Inf. Comput..

[37]  Shafi Goldwasser,et al.  Private coins versus public coins in interactive proof systems , 1986, STOC '86.

[38]  Kartik Nayak,et al.  Stubborn Mining: Generalizing Selfish Mining and Combining with an Eclipse Attack , 2016, 2016 IEEE European Symposium on Security and Privacy (EuroS&P).

[39]  Danny Dolev,et al.  Byzantine Agreement with Optimal Early Stopping, Optimal Resilience and Polynomial Complexity , 2015, STOC.

[40]  Ran Canetti,et al.  Fast asynchronous Byzantine agreement with optimal resilience , 1993, STOC.

[41]  Achour Mostéfaoui,et al.  Signature-free asynchronous byzantine consensus with t < n/3 and o(n2) messages , 2014, PODC.

[42]  Ghassan O. Karame,et al.  Scalable Byzantine Consensus via Hardware-Assisted Secret Sharing , 2016, IEEE Transactions on Computers.

[43]  Shweta Shinde,et al.  Preventing Page Faults from Telling Your Secrets , 2016, AsiaCCS.

[44]  Piotr Berman,et al.  Randomized distributed agreement revisited , 1993, FTCS-23 The Twenty-Third International Symposium on Fault-Tolerant Computing.

[45]  Anne-Marie Kermarrec,et al.  Highly dynamic distributed computing with byzantine failures , 2013, PODC '13.

[46]  Danny Dolev,et al.  Early stopping in Byzantine agreement , 1990, JACM.

[47]  Moni Naor,et al.  Split-ballot voting: Everlasting privacy with distributed trust , 2007, TSEC.

[48]  Silvio Micali,et al.  An Optimal Probabilistic Protocol for Synchronous Byzantine Agreement , 1997, SIAM J. Comput..

[49]  Leslie Lamport,et al.  The Byzantine Generals Problem , 1982, TOPL.

[50]  Sebastian Nowozin,et al.  Oblivious Multi-Party Machine Learning on Trusted Processors , 2016, USENIX Security Symposium.

[51]  Prateek Mittal,et al.  SybilControl: practical sybil defense with computational puzzles , 2012, STC '12.

[52]  George Danezis,et al.  Denial of service or denial of security? , 2007, CCS '07.

[53]  Sam Toueg,et al.  Distributed agreement in the presence of processor and communication faults , 1986, IEEE Transactions on Software Engineering.

[54]  Miguel Correia,et al.  Efficient Byzantine Fault-Tolerance , 2013, IEEE Transactions on Computers.

[55]  Christian Cachin,et al.  Secure INtrusion-Tolerant Replication on the Internet , 2002, Proceedings International Conference on Dependable Systems and Networks.

[56]  Nikita Borisov,et al.  Computational Puzzles as Sybil Defenses , 2006, Sixth IEEE International Conference on Peer-to-Peer Computing (P2P'06).

[57]  Piotr Berman,et al.  Optimal Early Stopping in Distributed Consensus (Extended Abstract) , 1992, WDAG.

[58]  Jacob R. Lorch,et al.  TrInc: Small Trusted Hardware for Large Distributed Systems , 2009, NSDI.

[59]  Leslie Lamport,et al.  Reaching Agreement in the Presence of Faults , 1980, JACM.

[60]  Tal Rabin,et al.  Asynchronous secure computations with optimal resilience (extended abstract) , 1994, PODC '94.

[61]  Vinod Vaikuntanathan,et al.  Randomized algorithms for reliable broadcast , 2009 .

[62]  Jeremy Clark,et al.  On Bitcoin as a public randomness source , 2015, IACR Cryptol. ePrint Arch..

[63]  Hugo Krawczyk,et al.  Secure Distributed Key Generation for Discrete-Log Based Cryptosystems , 1999, Journal of Cryptology.

[64]  Yehuda Lindell,et al.  On the composition of authenticated byzantine agreement , 2002, STOC '02.

[65]  Michel Raynal,et al.  Optimal early stopping uniform consensus in synchronous systems with process omission failures , 2004, SPAA '04.

[66]  Dirk Grunwald,et al.  Low-resource routing attacks against tor , 2007, WPES '07.

[67]  Elaine Shi,et al.  Formal Abstractions for Attested Execution Secure Processors , 2017, EUROCRYPT.

[68]  Oded Goldreich,et al.  A randomized protocol for signing contracts , 1985, CACM.

[69]  Bruce M. Kapron,et al.  Fast asynchronous byzantine agreement and leader election with full information , 2008, SODA '08.

[70]  Prateek Saxena,et al.  A Secure Sharding Protocol For Open Blockchains , 2016, CCS.