SYSTEMS SECURE AND FAULT TOLERANT VOTING IN DISTRIBUTED INFORMATION

advertisement
University at Buffalo
CSE Department
SPIDER Lab
Shambhu Upadhyaya
14 September 2001
SECURE AND FAULT
TOLERANT VOTING IN
DISTRIBUTED INFORMATION
SYSTEMS
•
•
– Distributed monitoring and voter isolation
Techniques Used
Buffalo)
– Replication and voting for fault tolerance
– Secure voting is essential (AFRL/IF & University at
Problem Addressed
Overview
2
the Bush”?
“stop beating around
Just get an answer and
“Al Gore” - ithm?
Execute an
What About Voting?
3
Eliminating single point of failure in the voting
complex
Correctness and completion of the new voting
algorithm -- a formal methodology
Implementation and application
•
•
•
Requirements of Secure Voting
4
Voters exchange their votes and determine a majority
result; an arbitrary voter then commits that result to
the user
Fault-Tolerance: what if the committing voter
experiences a failure during committal?
Security: what if the committing voter is
compromised?
•
•
•
2-phase Commit Protocols
5
LAUNCH
User is sent
majority result -
majority result
User waits for
faulty
majority fault-free
6
• Phase 2: processor in the
majority commits result to the
user
• Phase 1: processors
distribute their results and
vote on them such that each
processor determines the
majority
2-Phase Commit Protocol
f(t)
time (t)
Time duration of committal
Safe Operation
7
SELF-DESTRUCT
User is sent
malicious result -
majority result
User waits for
majority trustworthy
8
• Phase 2: processor in the
majority commits result to the
user
• Phase 1: processors
distribute their results and
vote on them such that each
processor determines the
majority
Danger of
2-Phase Commit Protocol
and buffer released
Integrity restored
Suspect results
buffered
untrustworthy
trustworthy
– Prevents disastrous
commit phase - unlikely
for classical fault
tolerance but not
9
information attack
– Instead of voting then
committing - commits
first (to buffer) then votes
(period of dissension)
• Reverses 2-phase commit
protocol
• Buffer until “silence is
consent”
• Addresses “last mile” of
distributed voting
(Ref: Hardekopf, Kwiat, Upadhyaya, IEEE Aero 2001)
Timed-Buffer Distributed Voting
Used TLA+ to write a formal specification of the
algorithm
Used the specification and TLA to prove both partial
correctness and termination
•
•
(Ref: Hardekopf, Kwiat, Upadhyaya, SPECTS 2001)
Correctness
10
•
Stack for the Software Radio Development System
(SoRDS)
– Instantiation of TB-DVA in Configurable Protocol
Being transferred to Assured Communications
Research Center
Implementation and Application
11
GATEWAY
WIRELESS
CLIENT
SECURE WIRELESS LINK
• Apply fault tolerance techniques to protect, detect,
and react to attacks and enable service restoration
(when translated from IP standards to wireless and vice-a-versa)
SECURE DATA IS EXPOSED
SECURE WIRED LINK
SECURE SERVER
ACRC Application of TB-DVA
12
WIRELESS
CLIENT
Timed-buffer
distributed voting
algorithm assures
integrity, availability,
and helps curtail
confidentiality leaks
SECURE WIRELESS LINK
GATEWAY
SECURE WIRED LINK
SECURE SERVER
Multiple Wireless Hubs
13
•
•
distributed monitoring and voter isolation
– Guaranteeing owner’s intended result by
Techniques Used
– Security enhancement in distributed voting
Problems Addressed
Conclusion
14
Download