How to tolerate half less one Byzantine nodes in practical distributed systems

The application of dependability concepts and techniques to the design of secure distributed systems is raising a considerable amount of interest in both communities under the designation of intrusion tolerance. However, practical intrusion-tolerant replicated systems based on the state machine approach (SMA) can handle at most f Byzantine components out of a total of n = 3f + 1, which is the maximum resilience in asynchronous systems. This paper extends the normal asynchronous system with a special distributed oracle called TTCB. Using this extended system we manage to implement an intrusion-tolerant service based on the SMA with only 2f + 1 replicas. Albeit a few other papers in the literature present intrusion-tolerant services with this approach, this is the first time the number of replicas is reduced from 3f + 1 to 2f + 1. Another interesting characteristic of the described service is a low time complexity.

[1]  Fred B. Schneider,et al.  COCA: a secure distributed online certification authority , 2002 .

[2]  Victor Shoup,et al.  Random Oracles in Constantinople: Practical Asynchronous Byzantine Agreement Using Cryptography , 2000, Journal of Cryptology.

[3]  Miguel Castro,et al.  Practical byzantine fault tolerance and proactive recovery , 2002, TOCS.

[4]  Louise E. Moser,et al.  The SecureRing group communication system , 2001, TSEC.

[5]  Leslie Lamport,et al.  Time, clocks, and the ordering of events in a distributed system , 1978, CACM.

[6]  Sam Toueg,et al.  Unreliable failure detectors for reliable distributed systems , 1996, JACM.

[7]  Yvo Desmedt,et al.  Threshold Cryptosystems , 1989, CRYPTO.

[8]  Miguel Correia,et al.  Intrusion-Tolerant Architectures: Concepts and Design , 2002, WADS.

[9]  Michael K. Reiter,et al.  Unreliable intrusion detection in distributed computations , 1997, Proceedings 10th Computer Security Foundations Workshop.

[10]  Danny Dolev,et al.  On the minimal synchronism needed for distributed consensus , 1983, 24th Annual Symposium on Foundations of Computer Science (sfcs 1983).

[11]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[12]  Leslie Lamport,et al.  Using Time Instead of Timeout for Fault-Tolerant Distributed Systems. , 1984, TOPL.

[13]  Michael K. Reiter,et al.  The Rampart Toolkit for Building High-Integrity Services , 1994, Dagstuhl Seminar on Distributed Systems.

[14]  Michael K. Reiter,et al.  Distributing trust with the Rampart toolkit , 1996, CACM.

[15]  Nancy A. Lynch,et al.  Impossibility of distributed consensus with one faulty process , 1983, PODS '83.

[16]  Miguel Oom Temudo de Castro,et al.  Practical Byzantine fault tolerance , 1999, OSDI '99.

[17]  Fred B. Schneider,et al.  Synchronization in Distributed Programs , 1982, TOPL.

[18]  Fred B. Schneider,et al.  Implementing fault-tolerant services using the state machine approach: a tutorial , 1990, CSUR.

[19]  LamportLeslie Time, clocks, and the ordering of events in a distributed system , 1978 .

[20]  Antonio Casimiro,et al.  The Timely Computing Base Model and Architecture , 2002, IEEE Trans. Computers.

[21]  Miguel Correia,et al.  The Design of a COTS Real-Time Distributed Security Kernel (Extended Version) , 2001 .

[22]  Paul D. Ezhilchelvan,et al.  From crash tolerance to authenticated byzantine tolerance: a structured approach, the cost and benefits , 2003, 2003 International Conference on Dependable Systems and Networks, 2003. Proceedings..

[23]  Sadie Creese,et al.  Conceptual Model and Architecture of MAFTIA , 2003 .

[24]  Christian Cachin,et al.  Secure INtrusion-Tolerant Replication on the Internet , 2002, Proceedings International Conference on Dependable Systems and Networks.

[25]  Péter Urbán,et al.  Solving Agreement Problems with Weak Ordering Oracles , 2002, EDCC.

[26]  Louise E. Moser,et al.  Byzantine Fault Detectors for Solving Consensus , 2003, Comput. J..

[27]  Miguel Correia,et al.  Efficient Byzantine-resilient reliable multicast on a hybrid failure model , 2002, 21st IEEE Symposium on Reliable Distributed Systems, 2002. Proceedings..

[28]  Sam Toueg,et al.  A Modular Approach to Fault-Tolerant Broadcasts and Related Problems , 1994 .

[29]  William H. Sanders,et al.  Quantifying the cost of providing intrusion tolerance in group communication systems , 2002, Proceedings International Conference on Dependable Systems and Networks.

[30]  Miguel Castro,et al.  Proactive recovery in a Byzantine-fault-tolerant system , 2000, OSDI.

[31]  L.E. Moser,et al.  The SecureGroup group communication system , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[32]  Paulo Veríssimo Uncertainty and predictability: can they be reconciled? , 2003 .

[33]  Robbert van Renesse,et al.  COCA: a secure distributed online certification authority , 2002, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[34]  Michael K. Reiter,et al.  Persistent objects in the Fleet system , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[35]  Sam Toueg,et al.  Asynchronous consensus and broadcast protocols , 1985, JACM.

[36]  Miguel Correia,et al.  The Design of a COTSReal-Time Distributed Security Kernel , 2002, EDCC.

[37]  Leslie Lamport,et al.  The Byzantine Generals Problem , 1982, TOPL.

[38]  Michael K. Reiter,et al.  Secure and scalable replication in Phalanx , 1998, Proceedings Seventeenth IEEE Symposium on Reliable Distributed Systems (Cat. No.98CB36281).

[39]  Bruno Dutertre,et al.  Intrusion-tolerant Enclaves , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.