Intrusion Tolerant Consensus in Wireless Ad hoc Networks Henrique Moniz, Nuno Neves, Miguel Correia LASIGE Dep. Informática da Faculdade de Ciências Universidade de Lisboa

Consensus

Abstracting the Ad hoc Network

Environment

Communication Medium open and natural broadcasting environment where the cost of transmitting to multiple nodes can be the same of transmitting to a single one

Model n nodes communicate by broadcasting messages Dynamic omission transmission faults Byzantine process failures Asynchronous system

Impossibility Results Fischer, Lynch and Paterson, Impossibility of Distributed Consensus with One Faulty Process, 1985 Consensus is impossible in an asynchronous system if only one process can crash Santoro and Widmayer, Time is not a Healer, 1989 Consensus is impossible in a synchronous system if n−2 transmission omission faults can occur per communication step

Impossibility Results Fischer, Lynch and Paterson, Impossibility of Distributed Consensus with One Faulty Process, 1985 Consensus is impossible in an asynchronous system if only one process can crash Santoro and Widmayer, Time is not a Healer, 1989 Consensus is impossible in a synchronous system if n−2 transmission omission faults can occur per communication step

The Turquois Protocol

Desirable Features Ensure liveness when the number of omissions is within a certain upper bound σ Maintain safety despite any number of omissions Ensure both liveness and safety if the number of Byzantine nodes is within an upper bound f Terminate in three communication rounds in executions with benign fault patterns

k -consensus Validity Agreement Termination k correct processes decide with (asymptotic) probability 1 no two correct processes decide different values no correct process decides a value that wasn’t proposed by some correct process k out of n processes decide on a binary value 0 or 1

ConvergeLock Phase Decide phase mod 3 = 1 phase mod 3 = 2 phase mod 3 = 0

ConvergeLock Phase Decide phase mod 3 = 1 phase mod 3 = 2 phase mod 3 =

ConvergeLock Phase Decide phase mod 3 = 1 phase mod 3 = 2 phase mod 3 = 0 Processes increment their phase if they receive messages from a strong majority (more than [n+f]/2 ) of processes with the same phase value or from a process with a higher phase value

ConvergeLock Phase Decide phase mod 3 = 1 phase mod 3 = 2 phase mod 3 = 0 Set the proposal value to the value v that appears in a majority of the received messages

ConvergeLock Phase Decide phase mod 3 = 1 phase mod 3 = 2 phase mod 3 = 0 Set the proposal value to the value v that appears in a majority of the received messages Yes. Set the proposal value to v. No. Set the proposal value to a meaningless value ⊥. Is the same value v in a strong majority of messages?

ConvergeLock Phase Decide phase mod 3 = 1 phase mod 3 = 2 phase mod 3 = 0 Set the proposal value to the value v that appears in a majority of the received messages Is the same value v in a strong majority of messages? Yes. Set the proposal value to v. No. Set the proposal value to a meaningless value ⊥. Is the same value v in a strong majority of messages? A strong majority. Decide v. At least one. Set the proposal value to v. None. Set the proposal value to a random value 0 or 1. How many processes have proposed the same value v ∊ {0, 1} ?

If we ensure that this cycle continues to happen, then processes will decide eventually ConvergeLock Phase phase mod 3 = 1 phase mod 3 = 2 Decide phase mod 3 = 0

Limiting the Actions of Byzantine Processes

Validation of Messages Authenticity validation  Ensures that a message m was actually generated by the process at the source of a transmission Semantic validation  Ensures that the contents of a message m are congruent with the execution of the protocol

How many faults can we tolerate? Omission Faults (liveness): Byzantine Nodes: Omission Faults (safety): ∞

Performance Evaluation

The performance of Turquois was compared against two existing (randomized) binary Byzantine consensus algorithms Bracha’s consensus (Bracha, 1984) Expected running time to termination: O(2 n ) Message complexity: O(n 3 ) No public-key cryptography ABBA (Cachin, Kursawe, Shoup, 2001) Termination in one or two rounds Message complexity: O(n 2 ) Resorts to asymmetric cryptography

Performance Evaluation Testbed b wireless ad hoc network 4 to 16 nodes Pentium III computers with Linux Experimental Parameters Initial proposal values - unanimous - divergent Faultload - no faulty nodes - less than one third of Byzantine nodes

n Bracha’s ABBA Turquois Average latency (in ms) with no faulty nodes and unanimous proposals

n Bracha’s ABBA Turquois Average latency (in ms) with no faulty nodes and unanimous proposals

n Bracha’s ABBA Turquois Average latency (in ms) with no faulty nodes and divergent proposals

n Bracha’s ABBA Turquois Average latency (in ms) with Byzantine nodes and unanimous proposals

n Bracha’s ABBA Turquois Average latency (in ms) with Byzantine nodes and divergent proposals

Conclusions The first consensus protocol that tolerates a combination of: ➡ Byzantine nodes ➡ Dynamic omission transmission faults The first protocol that circumvents the impossibility results of FLP and SW A novel mechanism for broadcast message authentication that relies on hashing operations during normal execution Our modeling assumptions paid off! Turquois was shown to be faster, in many cases by more than an order of magnitude