Synchronization of Fault-Tolerant Clocks in the Presence of Malicious Failures

The problem of achieving global clock synchronization in fault-tolerant clocks by preventing so-called multiple cliques in the presence of malicious clock failures (i.e. clock failures that are perceived differently by different nonfaulty clocks) is addressed. A solution to the problem, referred to as the averaging rule, is developed, and its use is analytically justified using the notions of clock partitions and generalized clock partitions. Experimental characterization of the multiple cliques problem has been undertaken, and certain conditions that induce their occurrence in practical hardware implementation are identified. The effects of clock-receiver triggering variations and phase-detector operating range on the instantaneous frequencies of the clock modules are investigated. The efficacy of the averaging rule is established not only by analysis but also by means of simulations and experimentation with hardware clock implementations. >