Bounded WaitFree Byzantine Storage With Information Theoretic Security PowerPoint PPT Presentation
1 / 84
Title: Bounded WaitFree Byzantine Storage With Information Theoretic Security
1
Bounded Wait-Free Byzantine StorageWith
Information Theoretic Security
- Amitanand S. Aiyer, UT-Austin
- Prof. Lorenzo Alvisi, UT-Austin
- Prof. Rida A. Bazzi, ASU
TexPoint fonts used in EMF. Read the TexPoint
manual before you delete this box. AAAAA
2
Byzantine Storage
- Nodes
- Storage System
3
Byzantine Storage
- Nodes
- Storage System
- Tolerate faults
- up to f
4
Byzantine Storage
- Atomic Semantics
- Wait-Free
- Asynchronous n/w
- No server-server communication
5
State of the Art
6
State of the Art
7
State of the Art
8
State of the Art
9
State of the Art
10
State of the Art
11
State of the Art
12
State of the Art
13
State of the Art
14
State of the Art
15
State of the Art
16
State of the Art
17
Information Theoretic Security
against Byzantine Readers
- Existing approaches
- Use PKI
- Based on unproven assumptions
- May not hold
- Use Secret Sharing
- Informational theoretic security
18
Outline
- Single writer protocol
- Bounded, atomic and wait-free
- Benign writer and readers
- Tolerate Byzantine readers
- Without cryptography
- Need private channels to the writer
- Can support multiple writers
- using standard techniques
19
Outline
- Single writer protocol
- Bounded, atomic and wait-free
- Benign writer and readers
- Tolerate Byzantine readers
- Without cryptography
- Need private channels to the writer
- Can support multiple writers
- using standard techniques
20
Model
- One writer
- servers
- may be Byzantine
- A finite set of readers
21
Model
- Channels between Servers and Clients
- Asynchronous
- Reliable
- Authenticated
- No server-server communication
- Readers/Writer may crash
- are not malicious.
22
Basic Write Protocol
23
Basic Write Protocol
Byzantine Disk Paxos Optimal Resilience with
Byzantine Shared Memory Abraham et al. Dist
Comp. Nov 2006
24
Basic Write Protocol
25
Basic Write Protocol
26
Basic Write Protocol
27
Basic Write Protocol
Wait-Freedom
Boundness?
28
Concurrent Reader Detection
x x in ( f 1 ) different
Bounded Wait-Free f-resilient Atomic Byzantine
Data Storage Systems for an Unbounded Number of
Clients. Bazzi Ding DISC 2006
29
Concurrent Reader Detection
x x in ( f 1 ) different
30
Write Protocol
Detect Concurrent Readers
Wait-Freedom
Boundness
31
Write Protocol
Detect Concurrent Readers
Wait-Freedom
Boundness
32
Write Protocol
Detect Concurrent Readers
Wait-Freedom
Boundness
33
Write Protocol
Detect Concurrent Readers
Wait-Freedom
Boundness
34
Read protocol
- Write-Read atomicity
- written by writer
- ( f 1 ) matching responses
- not older than the latest completed write
- Timestamp ( 2f 1 ) smallest timestamp
- servers not in sync with writer
- f servers may be malicious
- Read-Read atomicity
- Reader does a write back
35
Read protocol
Register
Collect Values
Write Back
Write Back
36
Read protocol
Register
Collect Values
37
Read protocol
Register
Collect Values
38
Read protocol
Register
Collect Values
39
Read protocol
Register
Collect Values
40
Read protocol
Register
Collect Values
41
Read protocol
Register
Collect Values
42
Read protocol
Register
Collect Values
43
Read protocol
Register
Collect Values
44
Read protocol
Register
Collect Values
45
Read protocol
Register
Collect Values
46
Read protocol
Register
Collect Values
47
Read protocol
Register
Collect Values
Minimal Byzantine Storage Martin et al. DISC2002
48
Read protocol
Register
Collect Values
Minimal Byzantine Storage Martin et al. DISC2002
49
Read protocol
Register
Collect Values
Minimal Byzantine Storage Martin et al. DISC2002
50
Read protocol
Register
Collect Values
Minimal Byzantine Storage Martin et al. DISC2002
51
Read protocol
Register
Collect Values
52
Read protocol
Register
Collect Values
53
Read protocol
Register
Collect Values
54
Read protocol
Register
Collect Values
55
Read protocol
Register
Collect Values
Write Back
Write Back
56
Read protocol
Register
Collect Values
Write Back
Write Back
57
Protocol Guarantees
- Atomic Semantics
- Wait-Free
- Bounded
- Size
- Number
58
Read protocol
Register
Collect Values
Write Back
Write Back
59
Read protocol
Register
Collect Values
Write Back
Write Back
60
Outline
- Single writer protocol
- Bounded, atomic and wait-free
- Benign writer and readers
- Tolerate Byzantine readers
- Without cryptography
- Need private channels to the writer
- Can support multiple writers
- using standard techniques
61
Outline
- Single writer protocol
- Bounded, atomic and wait-free
- Benign writer and readers
- Tolerate Byzantine readers
- Without cryptography
- Need private channels to the writer
- Can support multiple writers
- using standard techniques
62
Byzantine Readers
- Byzantine Readers
- Write back a wrong value
- Not wait for enough ACKs
- Options
- No write back
- Require proofs for write back
63
Byzantine Readers
- Byzantine Readers
- Write back a wrong value
- Not wait for enough ACKs
- Options
- No write back
- Require proofs for write back
64
Byzantine Readers
- Byzantine Readers
- Write back a wrong value
- Not wait for enough ACKs
- Options
- No write back
- Require proofs for write back
Efficient replication of large data objects Fan
Lynch DISC 2003
65
Write back Proofs
- Option 1 PKI
- Collect signatures
- Based on computational hardness of factoring etc.
- Unproven assumptions
- Option 2 Secret Sharing
- Information theoretic security
66
Write back Proofs
- Option 1 PKI
- Collect signatures
- Based on computational hardness of factoring etc.
- Unproven assumptions
- Option 2 Secret Sharing
- Information theoretic security
67
Proof Structure
- Show that servers responded with a particular
message M - Secret Sharing
- with threshold
- reconstruction iff shares are received
68
Write back proofs
- To accept a WB-1 message
- Show that servers responded with
- To accept a WB-2 message
- Show that servers
responded to the WB-1 message
69
Proofs using Secret Sharing
- Generate and share a random secret
- Using Tompa Wools secret sharing scheme
- shares required to reconstruct
- Servers reveal share only on sending
- Reconstruct the secret
- iff received t shares
- iff received t messages
How to share a secret with cheaters Tompa Wool
J. Crypto 88
70
New Write protocol
- Generate Two Secrets
- For WB-1, reconstructed by ( f 1 shares
- For WB-2, reconstructed by ( n f shares
- Send this along with the values
- Before starting the actual write
71
New Write Protocol
Phase 1
Phase 2
72
New Write Protocol
Phase 0
Phase 1
Phase 2
73
New Write Protocol
Private Channel
Phase 0
Phase 1
Phase 2
74
New Read Protocol
- Collect shares1 along with the values
- proof for WB-1
- Similarly collect shares2 with the Ack for WB-1
- proof for WB-2
- Retry until succeed
75
Read Protocol
Register
Collect Values
Write Back Vals
Write Back TS
76
Read Protocol
Register
Collect Values
Write Back Vals
Write Back TS
77
New Read Protocol
Register
Collect Values
Write Back Vals
Write Back TS
78
New Read Protocol
Register
Collect Values
Write Back Vals
Write Back TS
79
New Read Protocol
Register
Collect Values
Write Back Vals
Write Back TS
80
New Read Protocol
Register
Collect Values
Write Back Vals
Write Back TS
81
New Read Protocol
Register
Collect Values
Write Back Vals
Write Back TS
82
New Read Protocol
Register
Collect Values
Write Back Vals
Write Back TS
83
New Read Protocol
Register
Collect Values
Write Back Vals
Write Back TS
84
New Read Protocol
Register
Collect Values
Write Back Vals
Write Back TS
85
Outline
- Single writer protocol
- Bounded, atomic and wait-free
- Benign writer and readers
- Tolerate Byzantine readers
- Without cryptography
- Need private channels to the writer
- Can support multiple writers
- using standard techniques
86
Outline
- Single writer protocol
- Bounded, atomic and wait-free
- Benign writer and readers
- Tolerate Byzantine readers
- Without cryptography
- Need private channels to the writer
- Can support multiple writers
- using standard techniques
87
Conclusion
- Atomic and wait-free register
- Bounded
- Optimal replicas
- Tolerate Byzantine readers
- Information Theoretically
88
(No Transcript)
Recommended
