Commensal cuckoo: secure group partitioning for large-scale services

We present commensal cuckoo,* a secure group partitioning scheme for large-scale systems that maintains the correctness of many small groups, despite a Byzantine adversary that controls a constant (global) fraction of all nodes. In particular, the adversary is allowed to repeatedly rejoin faulty nodes to the system in an arbitrary adaptive manner, e.g., to collocate them in the same group. Commensal cuckoo addresses serious practical limitations of the state-ofthe- art scheme, the cuckoo rule of Awerbuch and Scheideler, tolerating 32x--41x more faulty nodes with groups as small as 64 nodes (as compared to the hundreds required by the cuckoo rule). Secure group partitioning is a key component of highly-scalable, reliable systems such as Byzantine faulttolerant distributed hash tables (DHTs).

[1]  John R. Douceur,et al.  The Sybil Attack , 2002, IPTPS.

[2]  Ian Goldberg,et al.  Practical Robust Communication in DHTs Tolerating a Byzantine Adversary , 2010, 2010 IEEE 30th International Conference on Distributed Computing Systems.

[3]  Amos Fiat,et al.  Making Chord Robust to Byzantine Attacks , 2005, ESA.

[4]  John Kubiatowicz,et al.  Asymptotically Efficient Approaches to Fault-Tolerance in Peer-to-Peer Networks , 2003, DISC.

[5]  Leslie Lamport Lower bounds for asynchronous consensus , 2003 .

[6]  Louise E. Moser,et al.  The SecureRing protocols for securing group communication , 1998, Proceedings of the Thirty-First Hawaii International Conference on System Sciences.

[7]  Christian Scheideler,et al.  Towards a Scalable and Robust DHT , 2006, SPAA '06.

[8]  Sangmin Lee,et al.  Upright cluster services , 2009, SOSP '09.

[9]  Mudhakar Srivatsa,et al.  Vulnerabilities and security threats in structured overlay networks: a quantitative analysis , 2004, 20th Annual Computer Security Applications Conference.

[10]  Christian Scheideler,et al.  Robust random number generation for peer-to-peer systems , 2006, Theor. Comput. Sci..

[11]  Victor Shoup,et al.  Practical Threshold Signatures , 2000, EUROCRYPT.

[12]  Christian Scheideler,et al.  How to spread adversarial nodes?: rotate! , 2005, STOC '05.

[13]  Rodrigo Seromenho Miragaia Rodrigues,et al.  Robust services in dynamic systems , 2005 .

[14]  David R. Karger,et al.  Consistent hashing and random trees: distributed caching protocols for relieving hot spots on the World Wide Web , 1997, STOC '97.

[15]  Jacob R. Lorch,et al.  TrInc: Small Trusted Hardware for Large Distributed Systems , 2009, NSDI.

[16]  Christian Scheideler,et al.  Group Spreading: A Protocol for Provably Secure Distributed Name Service , 2004, ICALP.

[17]  Jacob R. Lorch,et al.  Farsite: federated, available, and reliable storage for an incompletely trusted environment , 2002, OSDI '02.

[18]  Bobby Bhattacharjee,et al.  Large-scale byzantine fault tolerance: safe but not always live , 2007 .

[19]  Matthew K. Wright,et al.  Salsa: a structured approach to large-scale anonymity , 2006, CCS '06.

[20]  Ben Y. Zhao,et al.  OceanStore: an architecture for global-scale persistent storage , 2000, SIGP.

[21]  Ramakrishna Kotla,et al.  Zyzzyva: speculative byzantine fault tolerance , 2007, TOCS.

[22]  Apu Kapadia,et al.  Halo: High-Assurance Locate for Distributed Hash Tables , 2008, NDSS.

[23]  Brent Waters,et al.  Defeating Vanish with Low-Cost Sybil Attacks Against Large DHTs , 2010, NDSS.

[24]  Miguel Castro,et al.  Secure routing for structured peer-to-peer overlay networks , 2002, OSDI '02.

[25]  Maxwell Young,et al.  Reducing communication costs in robust peer-to-peer networks , 2008, Inf. Process. Lett..

[26]  Arun Venkataramani,et al.  Separating agreement from execution for byzantine fault tolerant services , 2003, SOSP '03.

[27]  Robbert van Renesse,et al.  Fireflies: scalable support for intrusion-tolerant network overlays , 2006, EuroSys.

[28]  Prateek Mittal,et al.  ShadowWalker: peer-to-peer anonymous communication using redundant structured topologies , 2009, CCS.

[29]  Dan S. Wallach,et al.  Denial of Service via Algorithmic Complexity Attacks , 2003, USENIX Security Symposium.

[30]  Miguel Oom Temudo de Castro,et al.  Practical Byzantine fault tolerance , 1999, OSDI '99.

[31]  Ian Goldberg,et al.  Distributed Key Generation for the Internet , 2009, 2009 29th IEEE International Conference on Distributed Computing Systems.

[32]  Indranil Gupta,et al.  Kelips: Building an Efficient and Stable P2P DHT through Increased Memory and Background Overhead , 2003, IPTPS.

[33]  Atul Singh,et al.  Eclipse Attacks on Overlay Networks: Threats and Defenses , 2006, Proceedings IEEE INFOCOM 2006. 25TH IEEE International Conference on Computer Communications.

[34]  Michael Dahlin,et al.  FlightPath: Obedience vs. Choice in Cooperative Services , 2008, OSDI.

[35]  Fred B. Schneider,et al.  Implementing fault-tolerant services using the state machine approach: a tutorial , 1990, CSUR.

[36]  Tal Rabin,et al.  Verifiable secret sharing and multiparty protocols with honest majority , 1989, STOC '89.

[37]  Rodrigo Rodrigues,et al.  Rosebud: A Scalable Byzantine-Fault-Tolerant Storage Architecture , 2003 .

[38]  Scott Shenker,et al.  Attested append-only memory: making adversaries stick to their word , 2007, SOSP.

[39]  Michael K. Reiter,et al.  The Rampart Toolkit for Building High-Integrity Services , 1994, Dagstuhl Seminar on Distributed Systems.

[40]  Christian Scheideler,et al.  Towards Scalable and Robust Overlay Networks , 2007, IPTPS.

[41]  Liuba Shrira,et al.  The design of a robust peer-to-peer system , 2002, EW 10.

[42]  Dan R. K. Ports,et al.  Census: Location-Aware Membership Management for Large-Scale Distributed Systems , 2009, USENIX Annual Technical Conference.