Byzantine fault-tolerant confidentiality
- 格式:pdf
- 大小:68.53 KB
- 文档页数:5
ByzantineFault-TolerantConfidentiality
JianYinArunVenkataramaniJean-PhillipeMartinLorenzoAlvisiMikeDahlin
1Introduction
Astheworldbecomesincreasinglyinterconnected,moreand
moreimportantservicessuchasbusinesstransactionsarede-
ployedasaccessanywhereservices–servicesthatareac-
cessiblebyremotedevicesthroughtheInternetandmobile
networks.Suchservicesoftenmustaccessconfidentialdata
toprovideservice.Forexample,anonlinebankservicemust
accessauser’scheckingaccounttoprocessanonlinetrans-
ferrequest.Insuchascenario,guaranteesofavailability,
integrity,andconfidentialityareessential.Byavailability,
wemeanthatservicesmustprovideservice24/7withoutin-
terruption.Byintegrity,wemeanthatservicesmustprocess
clients’requestscorrectly.Byconfidentiality,wemeanthat
servicesmustrestrictwhoseeswhatdata.
Unfortunately,softwareforprovidingaccessanywhereser-
vicesmaycontainbugs,andhackersmayexploitthesebugs
todisruptserviceorstealconfidentialdata.Onesolutionis
toeliminatebugsbyusingbettersoftwareengineeringprac-
ticeorformalmethods[12].However,thecomplexityofreal
worldsystemsandapplicationsoftwaremakesitdifficultto
producebug-freeimplementationswithexistingtechniques.
Apromisingapproachistouseredundancytohardenser-
vicesagainstbugs.AtraditionalByzantinefault-tolerant
(BFT)systemrunsdifferentimplementationsofthesame
serviceonseveralreplicasandensuresthatcorrectcomputa-
tionisperformedbyenoughcorrectreplicastomaskincor-
rectreplicas[1,2,4,14,15,16,17].Recentresearchhas
shownthatBFTsystemscanbepracticalforseveralimpor-
tantservicesastheycanbeimplementedwithlowoverheads
comparedtotheunreplicatedservices[3].
However,althoughtraditionalBFTsystemsimproveavail-
abilityandintegritythroughredundancy,existingBFTar-
chitecturesmakesuchsystemsmorepronetocompromising
confidentiality.InatraditionalBFTsystem,replicassendall
repliesdirectlytoclients.Thus,ifahackermanagestocom-
promiseoneofthereplicas,hecanstealconfidentialdata.
Moreover,intraditionalBFTsystems,thereisafundamen-
taltradeoffbetweenincreasingavailabilityandintegrityon
onehandandstrengtheningconfidentialityontheother.BFT
systemsuseseveralreplicastoprovideavailability,basedon
thereasoningthatthereplicasaredifferentanditisthere-
foreunlikelythattheyallfailsimultaneously.However,be-
causeitissufficientforanattackertocompromiseasinglereplica,thisapproachalsoincreasesthechancethatatleast
onereplicacontainsanexploitablebug,allowingtheattacker
togainaccesstotheconfidentialdatathattheserviceuses.
Thispaperdiscusshowtouseredundancytosimultaneously
improveavailability,integrity,andconfidentiality.Wepro-
poseanarchitectureforsuchasystem-ConfidentialBFT
(CBFT).InCBFT,servicereplicasconnecttoa“privacy
firewall”andcansendmessagestotheoutsideworldonly
throughit.Thefirewallrunsamajorityvotingalgorithmjust
liketheclientsofatraditionalBFTsystemandfiltersout
faultymessagesthatmaycontainconfidentialdata.
Thisapproachhasseveraladvantages,stemmingfromthe
factthattheprivacyfirewallisaseparatecomponentfrom
thereplicatedservice.Thefirstadvantageissimplythegen-
eralityoftheapproach:sincevirtuallyallreplicatedservices
canbemodelledasareplicatedstatemachine,theprivacy
firewallcanprotectalmostanyreplicatedservicethatexists
today.Second,oncebuilt,aprivacyfirewallcanveryeasily
beusedforavarietyofreplicatedservices,withonlyminor
modificationtotheservice(ornoneatall).Thus,CBFT’s
privacyfirewallcanbeadaptedtolegacyapplications,pro-
vidingthemwithconfidentialityafterthefact.Thethirdad-
vantageisthattheeffortspentintobuildingtheprivacyfire-
wallcanbeamortizedoverseveralreplicatedservices:once
theprivacyfirewallisbuilt,itcaneasilybeduplicatedtopro-
tectadditionalservices.Thisversatilitymakesitimaginable
thatcompanieswouldbuildprivacyfirewallsandthensell
turnkeysolutions.
Thefirewallsystemhastobecorrecttoprovideconfidential-
ity.Eventhoughthefirewallissimple,buildingaformally
verifiedbug-freefirewallmaynotbefeasible.However,re-
dundancycanbeusedtoimprovetherobustnessofthefire-
wall.Suchafirewallsystemconsistsofagroupofnodesthat
areinterconnectedsuchthatanypathfromaservicereplica
totheoutsideworldislongerthanathreshold,.Thus,any
communicationfromanyservicereplicatotheoutsideworld
mustgothroughatleaseonecorrectnodeaslongasthere
arefewerthanfaultyfirewallnodes.Moreover,acor-
rectnodeinafirewallchaincanindependentlyensurethat
auniquesequenceofrepliesresultsfromasequenceofre-
questsjustasifthissequenceofrequestswereprocessedby
asinglecorrectserver.Thus,faultymachinesareprevented
fromusingsteganographytoleakconfidentialdata.
Insummary,thispaperinvestigateshowtobuildavailable,
high-integrity,andconfidentialaccessanywhereservicesby
1