EEC 693793 Special Topics in Electrical Engineering Secure
- Slides: 29
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 15 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University wenbing@ieee. org
2 Outline • Reminder: – Project Progress Report due this Friday midnight • Byzantine general problem – By Leslie Lamport, Robert Shostak, & Marshall Pease – http: //berkeley. intel-research. net/maniatis/p 382 lamport. pdf • Practical Byzantine fault tolerance – By Miguel Castro and Barbara Liskov, OSDI’ 99 – http: //www. pmg. csail. mit. edu/papers/osdi 99. pdf Spring 2008 EEC 693: Secure & Dependable Computing Wenbing Zhao
3 The Byzantine Generals Problem • Abstract model of a computer system that may have faulty components • Faulty components may send conflicting information to different parts of the system • Scenario where Byzantine Generals must reach agreement in the presence of traitors Spring 2008 EEC 693: Secure & Dependable Computing Wenbing Zhao
The Byzantine Generals Scenario General Commanding Lieutenant General Byzantine Army Division Enemy City General Lieutenant General Traitorous General Byzantine Army Division Spring 2008 EEC 693: Secure & Dependable Computing Wenbing Zhao 4
Byzantine Generals Problem • A commanding general must send an order to his n-1 lieutenants such that – IC 1. All loyal lieutenants obey the same order – IC 2. If the commanding general is loyal, then every loyal lieutenant obeys the order he sends • IC 1 = Agreement clause • IC 2 = Validity clause • IC 1 and IC 2 are called interactive consistency Conditions Spring 2008 EEC 693: Secure & Dependable Computing Wenbing Zhao 5
Byzantine Agreement Protocol • Assumption: – Every message that is sent is delivered correctly • Traitors cannot interfere with messages they do not sent – The receiver of a message knows who sent it • Traitors cannot spoof messages – The absence of a message can be detected • Traitors cannot prevent an agreement by not sending => Synchronous system + no spoofing Spring 2008 EEC 693: Secure & Dependable Computing Wenbing Zhao 6
7 Byzantine Agreement Protocol (f=1) • Round 1: the commander sends a value to each of the lieutenants • Round 2: each of the lieutenants sends the value it received to its peers • At the end of round 2, each lieutenant check to see if there is a majority opinion (attack or retreat). We have a solution if there is • Question is: how many generals needed to tolerate f number of traitors? Spring 2008 EEC 693: Secure & Dependable Computing Wenbing Zhao
8 Unsolvable Situations – N=3, f=1 Attack lieutenant Commander Attack He said Retreat lieutenant Commander Attack lieutenant Spring 2008 Retreat He said Retreat EEC 693: Secure & Dependable Computing lieutenant Wenbing Zhao
9 Byzantine Agreement Protocol (f=1) Commander Attack lieutenant Retreat He said Retreat lieutenant He said Attack He said Retreat He said Attack lieutenant He said Attack • If there are f traitors, then there must be at least 3 f + 1 total generals for IC 1 and IC 2 to hold Spring 2008 EEC 693: Secure & Dependable Computing Wenbing Zhao
10 Byzantine Agreement Protocol (f=1) • Under our assumption, if message digital signature is used and assuming the signature cannot be forged, we need only N=2 f+1 to tolerate f traitors – The commander still can send different information to different lieutenant, but a lieutenant cannot lie about what the commander has told him • In asynchronous systems, N=2 f+1 is not sufficient – We have to stop after collecting f+1 input because the f faulty traitor could simply refrain from sending – Unfortunately there might be f inputs from traitors Spring 2008 EEC 693: Secure & Dependable Computing Wenbing Zhao
Introduction to BFT Paper • The growing reliance of industry and government on online information services • Malicious attacks become more serious and successful • More software errors due to increased size and complexity of software • This paper presents “practical” algorithm for state machine replication that works in asynchronous systems like the Internet Spring 2008 EEC 693: Secure & Dependable Computing Wenbing Zhao 11
12 Assumptions • Asynchronous distributed system • The network may fail to deliver, delay, duplicate or deliver them out of order • Faulty nodes may behave arbitrarily • Independent node failures • The adversary cannot delay correct nodes indefinitely • All messages are cryptographically signed by their sender and these signatures cannot be subverted by the adversary Spring 2008 EEC 693: Secure & Dependable Computing Wenbing Zhao
13 Service Properties • A (deterministic) service is replicated among ≥ 3 f+1 processors. Resilient to ≤ f failures • Safety: All non-faulty replicas guaranteed to process the same requests in the same order • Liveness: Clients eventually receive replies to their requests Spring 2008 EEC 693: Secure & Dependable Computing Wenbing Zhao
14 Optimal Resiliency • Imagine non-faulty processors trying to agree upon a piece of data by telling each other what they believe the data to be • A non-faulty processor must be sure about a piece of data before it can proceed • f replicas may refuse to send messages, so each processor must be ready to proceed after having received (n-1)-f messages – Total of n-1 other replicas Spring 2008 EEC 693: Secure & Dependable Computing Wenbing Zhao
15 Optimal Resiliency • But what if f of the (n-1)-f messages come from faulty replicas? • To avoid confusion, the majority of messages must come from non-faulty nodes, i. e, (n-f-1)/2 ≥ f => Need a total of ≥ 3 f+1 replicas Spring 2008 EEC 693: Secure & Dependable Computing Wenbing Zhao
BFT Algorithm in a Nutshell Backup f + 1 Match (OK) Client Primary Backup Spring 2008 EEC 693: Secure & Dependable Computing Wenbing Zhao 16
17 Replicas and Views Set of replicas (R): |R| ≥ 3 f + 1 R 0 R 1 R 2 ……… R|R-1| 0 View 1 For view v: primary p is assigned such that p= v mod |R| Spring 2008 EEC 693: Secure & Dependable Computing Wenbing Zhao
18 Safeguards • If the client does not receive replies soon enough, it broadcasts the request to all replicas • If the request has already been processed, the replicas simply re-send the reply (replicas remember the last reply message they sent to each client) • If the primary does not multicast the request to the group, it will eventually be suspected to be faulty by enough replicas to cause a view change Spring 2008 EEC 693: Secure & Dependable Computing Wenbing Zhao
19 Normal Case Operation Client {REQUEST, o, t, c} Primary o – Operation t – Timestamp c - Client Timestamps are totally ordered such that later requests have higher timestamps than earlier ones Spring 2008 EEC 693: Secure & Dependable Computing Wenbing Zhao
20 Normal Case Operation • Primary p receives a client request m , it starts a three-phase protocol • Three phases are: pre-prepare, commit Spring 2008 EEC 693: Secure & Dependable Computing Wenbing Zhao
21 Pre-Prepare Phase Backup Primary <<PRE-PREPARE, v, n, d> , m> v – view number n – sequence number d – digest of the message D(m) m – message Spring 2008 EEC 693: Secure & Dependable Computing Backup Wenbing Zhao
22 Prepare Phase • A backup accepts the PRE-PREPARE message only if: – The signatures are valid and the digest matches m – It is in view v – It has not accepted a PRE-PREPARE for the same v and n – Sequence number is within accepted bounds Spring 2008 EEC 693: Secure & Dependable Computing Wenbing Zhao
23 Prepare Phase • If backup i accepts the pre-prepare message it enters prepare phase by multicasting <PREPARE, v, n, d, i> to all other replicas and adds both messages to its log • Otherwise does nothing • Replica (including primary) accepts prepare message and adds them to its log, provided that – Signatures are correct – View numbers match the current view – Sequence number is within accepted bounds Spring 2008 EEC 693: Secure & Dependable Computing Wenbing Zhao
24 Prepare Phase • • At replica i, prepared (m, v, n, i) = true, iff 2 f PREPARE from different backups (not including replica i) that match the pre-prepare When prepared = true, replica i multicasts <COMMIT, v, n, d , i> to other replicas Spring 2008 EEC 693: Secure & Dependable Computing Wenbing Zhao
25 Agreement Achieved • If primary is non-faulty then all 2 f+1 non-faulty replicas agree on the sequence number • If primary is faulty – Either ≥f+1 non-faulty replicas (majority) agree on some other sequence and the rest realize that the primary is faulty – Or, all non-faulty replicas will suspect the primary is faulty • When a faulty primary is replaced, the minority of confused non-faulty replicas are brought up to date up by the majority Spring 2008 EEC 693: Secure & Dependable Computing Wenbing Zhao
26 Commit Phase • Replicas accept commit messages and insert them in their log provided signatures are same • Define committed and committed-local predicates as – Committed (m, v, n) = true, iff prepared (m, v, n, i) is true for all i in some set of f+1 non-faulty replicas – Committed-local (m, v, n, i) = true iff the replica has accepted 2 f+1 commit message from different replicas that match the pre-prepare for m • If Committed-local (m, v, n, i) is true for some nonfaulty replica i, then committed (m, v, n) is true Spring 2008 EEC 693: Secure & Dependable Computing Wenbing Zhao
27 Commit Phase • Replica i executes the operation requested by m after committed-local (m, v, n, i) = true and i’s state reflects the sequential execution of all requests with lower sequence numbers • The PRE-PREPARE and PREPARE phases of the protocol ensure agreement on the total order of requests within a view • The PREPARE and COMMIT phases ensure total ordering across views Spring 2008 EEC 693: Secure & Dependable Computing Wenbing Zhao
28 Normal Operation Reply • All replicas sends the reply <REPLY, v, t, c, i, r>, directly to the client v = current view number t = timestamp of the corresponding request i = replica number r = result of executing the requested operation c = client id • Client waits for f+1 replies with valid signatures from different replicas, and with same t and r, before accepting the result r Spring 2008 EEC 693: Secure & Dependable Computing Wenbing Zhao
Normal Case Operation: Summery Request Pre-prepare Prepare Commit Reply C Primary: 0 1 2 Faulty: 3 Spring 2008 X EEC 693: Secure & Dependable Computing Wenbing Zhao 29
- Special topics in software engineering
- Eec engineering meaning
- 3232 special investigative topics
- Dena schlosser
- Bts eec programme
- Ford eec
- Eec members
- Eec 22215
- Brc program
- Beethoven eec
- Eec members
- Https://www.eecusa.com
- Ccfa eec
- Eec diode
- Directive 86/609/eec
- Uiuc cs 527
- Software engineering important topics
- Drawing chapter 1
- Engineering management topics
- Engineering meeting topics
- Ku leuven financial engineering
- Vector electrical engineering
- Gwu electrical engineering
- Tel aviv university electrical engineering
- Electrical engineering northwestern
- Klipsch school of electrical and computer engineering
- Electrical engineering department
- Umd ece faculty
- What is estimation in electrical engineering
- Electrical engineering environmental issues