Byzantine fault-tolerant confidentiality

  • 格式:pdf
  • 大小:68.53 KB
  • 文档页数:5

ByzantineFault-TolerantConfidentiality

JianYinArunVenkataramaniJean-PhillipeMartinLorenzoAlvisiMikeDahlin

1Introduction

Astheworldbecomesincreasinglyinterconnected,moreand

moreimportantservicessuchasbusinesstransactionsarede-

ployedasaccessanywhereservices–servicesthatareac-

cessiblebyremotedevicesthroughtheInternetandmobile

networks.Suchservicesoftenmustaccessconfidentialdata

toprovideservice.Forexample,anonlinebankservicemust

accessauser’scheckingaccounttoprocessanonlinetrans-

ferrequest.Insuchascenario,guaranteesofavailability,

integrity,andconfidentialityareessential.Byavailability,

wemeanthatservicesmustprovideservice24/7withoutin-

terruption.Byintegrity,wemeanthatservicesmustprocess

clients’requestscorrectly.Byconfidentiality,wemeanthat

servicesmustrestrictwhoseeswhatdata.

Unfortunately,softwareforprovidingaccessanywhereser-

vicesmaycontainbugs,andhackersmayexploitthesebugs

todisruptserviceorstealconfidentialdata.Onesolutionis

toeliminatebugsbyusingbettersoftwareengineeringprac-

ticeorformalmethods[12].However,thecomplexityofreal

worldsystemsandapplicationsoftwaremakesitdifficultto

producebug-freeimplementationswithexistingtechniques.

Apromisingapproachistouseredundancytohardenser-

vicesagainstbugs.AtraditionalByzantinefault-tolerant

(BFT)systemrunsdifferentimplementationsofthesame

serviceonseveralreplicasandensuresthatcorrectcomputa-

tionisperformedbyenoughcorrectreplicastomaskincor-

rectreplicas[1,2,4,14,15,16,17].Recentresearchhas

shownthatBFTsystemscanbepracticalforseveralimpor-

tantservicesastheycanbeimplementedwithlowoverheads

comparedtotheunreplicatedservices[3].

However,althoughtraditionalBFTsystemsimproveavail-

abilityandintegritythroughredundancy,existingBFTar-

chitecturesmakesuchsystemsmorepronetocompromising

confidentiality.InatraditionalBFTsystem,replicassendall

repliesdirectlytoclients.Thus,ifahackermanagestocom-

promiseoneofthereplicas,hecanstealconfidentialdata.

Moreover,intraditionalBFTsystems,thereisafundamen-

taltradeoffbetweenincreasingavailabilityandintegrityon

onehandandstrengtheningconfidentialityontheother.BFT

systemsuseseveralreplicastoprovideavailability,basedon

thereasoningthatthereplicasaredifferentanditisthere-

foreunlikelythattheyallfailsimultaneously.However,be-

causeitissufficientforanattackertocompromiseasinglereplica,thisapproachalsoincreasesthechancethatatleast

onereplicacontainsanexploitablebug,allowingtheattacker

togainaccesstotheconfidentialdatathattheserviceuses.

Thispaperdiscusshowtouseredundancytosimultaneously

improveavailability,integrity,andconfidentiality.Wepro-

poseanarchitectureforsuchasystem-ConfidentialBFT

(CBFT).InCBFT,servicereplicasconnecttoa“privacy

firewall”andcansendmessagestotheoutsideworldonly

throughit.Thefirewallrunsamajorityvotingalgorithmjust

liketheclientsofatraditionalBFTsystemandfiltersout

faultymessagesthatmaycontainconfidentialdata.

Thisapproachhasseveraladvantages,stemmingfromthe

factthattheprivacyfirewallisaseparatecomponentfrom

thereplicatedservice.Thefirstadvantageissimplythegen-

eralityoftheapproach:sincevirtuallyallreplicatedservices

canbemodelledasareplicatedstatemachine,theprivacy

firewallcanprotectalmostanyreplicatedservicethatexists

today.Second,oncebuilt,aprivacyfirewallcanveryeasily

beusedforavarietyofreplicatedservices,withonlyminor

modificationtotheservice(ornoneatall).Thus,CBFT’s

privacyfirewallcanbeadaptedtolegacyapplications,pro-

vidingthemwithconfidentialityafterthefact.Thethirdad-

vantageisthattheeffortspentintobuildingtheprivacyfire-

wallcanbeamortizedoverseveralreplicatedservices:once

theprivacyfirewallisbuilt,itcaneasilybeduplicatedtopro-

tectadditionalservices.Thisversatilitymakesitimaginable

thatcompanieswouldbuildprivacyfirewallsandthensell

turnkeysolutions.

Thefirewallsystemhastobecorrecttoprovideconfidential-

ity.Eventhoughthefirewallissimple,buildingaformally

verifiedbug-freefirewallmaynotbefeasible.However,re-

dundancycanbeusedtoimprovetherobustnessofthefire-

wall.Suchafirewallsystemconsistsofagroupofnodesthat

areinterconnectedsuchthatanypathfromaservicereplica

totheoutsideworldislongerthanathreshold,.Thus,any

communicationfromanyservicereplicatotheoutsideworld

mustgothroughatleaseonecorrectnodeaslongasthere

arefewerthanfaultyfirewallnodes.Moreover,acor-

rectnodeinafirewallchaincanindependentlyensurethat

auniquesequenceofrepliesresultsfromasequenceofre-

questsjustasifthissequenceofrequestswereprocessedby

asinglecorrectserver.Thus,faultymachinesareprevented

fromusingsteganographytoleakconfidentialdata.

Insummary,thispaperinvestigateshowtobuildavailable,

high-integrity,andconfidentialaccessanywhereservicesby

1