Reliable Local Broadcast in a Wireless Network Prone to Byzantine Failures

1
Reliable Local Broadcast in a Wireless Network
Prone to Byzantine Failures

• Vartika Bhandari Nitin H. Vaidya

DIALM-POMC 2007
2
Reliable Broadcast Problem

• A communication network a designated source s

If source s sends a message All non-faulty
nodes must agree on a single value for that
message If s is non-faulty, the agreed value
must be the one sent by s
s
3
Background

• Well-known problem
• Many results for various network/communication/fau
  lt models
• Recent interest in wireless networks
• Results for idealized radio network model
• Reliable local broadcast assumption

4
Reliable Local Broadcast?

• Many past theoretical results on reliable
  broadcast in wireless networks have assumed that
  the medium itself supports reliable local
  broadcast KooPODC04, BVPODC05, KBKVPODC06,
  BVInfocom07, etc.
• If a node transmits a message, all its neighbors
  will receive it correctly

c
v
a
b
5
The Reality of Wireless

• Practical Reality Highly unreliable wireless
  channel
• Fading (time-variation in received signal
  strength due to multi-path effects) can lead to
  significant packet loss probability
• Some neighbors receive the message, some do not
• Algorithms that assume reliable local broadcast
  will fail to work
• Interference (unintentional or deliberate) can
  further accentuate the problem

c
v
a
b
6
Need for a Reliable Local Broadcast (RLB)
Primitive

• Arent re-transmissions enough?
• If Byzantine Sending Node
• Can exploit losses to cause confusion
• Global broadcast protocols assuming RLB fail to
  work
• Need a RLB protocol
• A probabilistic proof-of-concept approach
• Reliable local broadcast achieved with high
  probability

7
Utility of a RLB Primitive
Global Broadcast Protocol (assumes reliable local
broadcast)
Local Broadcast Action
RLB Primitive
RLB Primitive can provide the abstraction of
reliable local broadcast
8
Why a probabilistic primitive?
Often battery-operated energy is a precious
resource
Shared medium further exacerbates congestion due
to large number of messages
Wireless Devices

• Impractical to have nodes transmit large number
  of messages for a single local broadcast
• May be preferable to trade-off message overhead
  for a small probability of error

Scalability is crucial!
9
Fault Model

• Byzantine failures
• Faults reside above MAC/PHY
• Thus, no deliberate collision-causing/no spoofing
  of MAC addresses
• Fault occurrence model
• Locally bounded
• At most b faulty nodes in any single neighborhood

Both these assumptions have been utilized in past
theoretical work
10
Faulty Sender Causing Confusion
v faulty a, b, c non-faulty
Time t1 v sends 0
Time t2gtt1 v sends 1
c
c
v
v
a
a
b
b
a, b know that v sent two values c thinks v sent
only 1
a, b receive value 0 c receives nothing
Want to avoid such confusion!
11
Basic Idea (1) Receipt Order Condition

• Receive-Timestamp
• A node is assumed capable of noting its
  local physical clock value just after it finishes
  receiving a message (timestamping could be
  implemented in hardware/firmware).
• Receipt-Order Condition
• If a node v sends a message m1, followed by a
  message m2, then for all non-faulty nodes u, w
  (in vs neighborhood)
• the receive-timestamp observed by u for m2 is
  greater than the receive-timestamp observed by w
  for m1.

12
Basic Idea (2) Realizing the Receipt-Order
Condition

• System Assumption message transit time is lower
  and upper bounded by Tl and Tu respectively
• Identified two situations in which the condition
  can be realized
• Externally Synchronized Nodes
• If the physical clocks of all non-faulty
  nodes in the system are externally synchronized
  within bound D, and if 2Tl-Tu gt 2D
• Internally Synchronized Nodes
• An interval of time in the system in which
  no non-faulty node adjusts its physical clock,
  the physical clocks of all non-faulty nodes stay
  internally synchronized within bound D, and
  drift-rate is upper-bounded by d. Interested in
  messages sent and received entirely during this
  interval. If 2Tl - Tu - d(2Tl Tu) gt D.

13
Basic Idea (3) Ensuring the Condition Holds

• Suppose nodes with external synchronization bound
  D
• Want 2Tl-Tu gt 2D
• Tl is minimum time on channel (packet-length/tx-r
  ate)
• TuTl Td (Td is upper bound on propagation
  delay and timestamping delay)
• Achievable by making Tl suitably large
• Option 1 Pad messages with extra-bits to make
  packet TX-time large enough
• Option 2 Use lower TX-rate for same message-size
  

Can thus realize the Receipt Order Condition
14
Network Model

• Focus on a local broadcast domain in a wireless
  network
• Sender node s and its neighbors, i.e., nbd(s)
• nbd(s)d
• Min nbd-overlap do
• External synchronization condition for Receipt
  Order Condition is satisfied within this domain

15
Communication Model

• Each node successfully receives a transmission
  with independent probability ps
• At most b nodes in any neighborhood exhibit
  Byzantine failure
• A node eventually gets to transmit a queued
  packet, but time-bound may possibly be unknown
  (e.g., if using a CSMA MAC)
• However, for a chosen target access probability
  palt1 there exists timeout T, such that within
  time T from queueing a packet, a node gets to
  transmit it with probability pa
• Message assumed to be binary w. l. o. g. (result
  can be generalized)
• All nodes use same packet-size and TX-rate

16
Agreement Condition

• If a local broadcast source s sends a message
• All its non-faulty neighbors should agree on a
  single value for this message
• If s is non-faulty, this agreed-upon value
  should be the one actually sent by s
• If s is faulty and sends multiple conflicting
  versions of the message, the protocol is designed
  to enable nodes to choose the first value that s
  sent.

17
Achievability Result

• In the given local broadcast domain, if node s
  transmits (one or more versions of) a message,
  then if the Receipt-Order Condition is satisfied,
  and if at most b a /(1a) do nodes in any
  single neighborhood are faulty (a paps2-e,
  egt0), then the proposed algorithm ensures that
  the agreement condition is achieved with an error
  probability at most
• which is small when do is large and do gtgt
  ln(d)

18
The Algorithm (1)

• On receiving message m from s, if no earlier
  version of m received from s, a neighbor u
  records it with its receive timestamp, and sends
  a REPEAT with the timestamp
• A node records REPEATs from different neighbors
  (witnesses) for a single message m
• After a timeout, a time-stamp filtration rule is
  applied to eliminate some copies
• Finally a majority vote is applied to determine
  message value

19
The Algorithm (2)

• Timestamp Filtration Rule
• c1 value with highest repeat count
• c2 other value
• If num-copies(c2)b
• Jump to majority determination step
• If num-copies(c2)gtb
• Discard any copies of c1 with timestamp t greater
  than timestamps of more than b copies of c2
• Now find majority value

20
Why the Algorithm Works

• At most b copies can be spurious REPEATs and/or
  have spurious timestamps
• If timestamps are legitimate
• All legitimate copies of first value have
  timestamp smaller than legitimate copies of the
  second value
• If legitimate copies of first value gtb
• Even if initially in majority, copies of second
  value with legitimate timestamps get filtered
  out, leaving at most b copies with spurious
  timestamps
• Correct/first value is chosen
• Simple application of Chernoff and Union bounds
  yields error probability expression

21
Possible Approach to Using Primitive in Multi-hop

• View multi-hop network as a set of local
  broadcast domains
• Global broadcast protocol requires a certain
  number of broadcast messages, and hence that
  number of successful runs of the RLB algorithm
• Can thus analyze for error probability of global
  broadcast

22
Open Issues

• Realizing the Receipt-Order Condition using
  internal synchronization
• Handling scenarios where the success probability
  exhibits correlation between nearby nodes
• Eliminating the need for timeout estimation
• Transforming this proof-of-concept algorithm to
  an usable protocol implementation

23
Thank You!
24
Simple Illustration(Why do timestamp filtration)
v faulty a, b, c non-faulty
Time t1 v sends 0
Time t2gtt1 v sends 1
c
c
v
v
a
a
b
b
a, b do not repeat value 1 c repeats it
a, b repeat value 0