Intrusion Tolerant Consensus
in Wireless Ad hoc Networks
Henrique Moniz, Nuno Neves, Miguel Correia
LASIGE
Dep. Informática da Faculdade de Ciências
Universidade de Lisboa
Consensus
01
01
1
1
1
Abstracting the Ad
hoc Network
Environment
Communication Medium
open and natural broadcasting environment
where the cost of transmitting to multiple
nodes can be the same of transmitting to a
single one
Model
• n nodes communicate by broadcasting
messages
• Dynamic omission transmission faults
• Byzantine process failures
• Asynchronous system
Impossibility Results
Fischer, Lynch and Paterson,
Impossibility of Distributed Consensus with One Faulty Process, 1985
Consensus is impossible in an asynchronous
system if only one process can crash
Santoro and Widmayer,
Time is not a Healer, 1989
Consensus is impossible in a synchronous
system if n−2 transmission omission faults
can occur per communication step
Impossibility Results
Fischer, Lynch and Paterson,
Impossibility of Distributed Consensus with One Faulty Process, 1985
Consensus is impossible in an asynchronous
system if only one process can crash
Santoro and Widmayer,
Time is not a Healer, 1989
Consensus is impossible in a synchronous
system if n−2 transmission omission faults
can occur per communication step
The Turquois
Protocol
Desirable Features
• Ensure liveness when the number of omissions
is within a certain upper bound σ
• Maintain safety despite any number of
omissions
• Ensure both liveness and safety if the number
of Byzantine nodes is within an upper bound f
• Terminate in three communication rounds in
executions with benign fault patterns
k-consensus
k out of n processes decide on a binary value 0 or 1
• Validity
no correct process decides a value
that wasn’t proposed by some correct
process
• Agreement
no two correct processes decide
different values
• Termination
k correct processes decide with
(asymptotic) probability 1
Phase
Converge
phase mod 3 = 1
Lock
phase mod 3 = 2
Decide
phase mod 3 = 0
Phase
Converge
Lock
Decide
phase mod 3 = 1
phase mod 3 = 2
phase mod 3 = 0
1
4
7
10
...
2
5
8
11
...
3
6
9
12
...
Phase
Converge
Lock
Decide
phase mod 3 = 1
phase mod 3 = 2
phase mod 3 = 0
1
4
7
10
...
2
5
8
11
...
3
6
9
12
...
Processes increment their phase if they receive
messages from a strong majority (more than
[n+f]/2) of processes with the same phase value
or from a process with a higher phase value
Phase
Converge
phase mod 3 = 1
Set the proposal
value to the value v
that appears in a
majority of the
received messages
Lock
phase mod 3 = 2
Decide
phase mod 3 = 0
Phase
Converge
Lock
phase mod 3 = 1
phase mod 3 = 2
Set the proposal
value to the value v
that appears in a
majority of the
received messages
Is the same value v
in a strong majority
of messages?
Yes. Set the
proposal value to v.
No. Set the proposal
value to a
meaningless value ⊥.
Decide
phase mod 3 = 0
Phase
Converge
Lock
Decide
phase mod 3 = 1
phase mod 3 = 2
phase mod 3 = 0
Set the proposal
value to the value v
that appears in a
majority of the
received messages
Is the same value
Is the same value v
v in a strong
in a strong majority
majority of
of messages?
messages?
How many
processes have
proposed the same
value v∊{0, 1}?
Yes. Set the
proposal value to v.
No. Set the proposal
value to a
meaningless value ⊥.
A strong majority.
Decide v.
At least one. Set
the proposal value to
v.
None. Set the
proposal value to a
random value 0 or
1.
Phase
Converge
phase mod 3 = 1
Lock
phase mod 3 = 2
Decide
phase mod 3 = 0
If we ensure that this cycle continues to
happen, then processes will decide
eventually
Limiting the Actions of
Byzantine Processes
Validation of Messages
• Authenticity validation
 Ensures that a message m was actually
generated by the process at the source of a
transmission
• Semantic validation
 Ensures that the contents of a message m are
congruent with the execution of the protocol
How many faults can we
tolerate?
Omission Faults
(safety):
∞
Omission Faults
(liveness):
n 
 
 2
f
(n

k

f
)
k

2

nn 11 

Byzantine Nodes: f f    
3

3


Performance Evaluation
Performance Evaluation
• The performance of Turquois was compared against
two existing (randomized) binary Byzantine consensus
algorithms
• Bracha’s consensus (Bracha, 1984)
•
•
•
Expected running time to termination: O(2n)
Message complexity: O(n3)
No public-key cryptography
• ABBA (Cachin, Kursawe, Shoup, 2001)
•
•
•
Termination in one or two rounds
Message complexity: O(n2)
Resorts to asymmetric cryptography
Performance Evaluation
• Testbed
• 802.11b wireless ad hoc network
• 4 to 16 nodes
• Pentium III computers with Linux 2.6.18
• Experimental Parameters
• Initial proposal values
- unanimous
- divergent
• Faultload
- no faulty nodes
- less than one third of Byzantine nodes
Average latency (in ms) with no faulty nodes and
unanimous proposals
Bracha’s
ABBA
Turquois
n
Average latency (in ms) with no faulty nodes and
unanimous proposals
Bracha’s
ABBA
Turquois
n
Average latency (in ms) with no faulty nodes and
divergent proposals
Bracha’s
ABBA
Turquois
n
Average latency (in ms) with Byzantine nodes and
unanimous proposals
Bracha’s
ABBA
Turquois
n
Average latency (in ms) with Byzantine nodes and
divergent proposals
Bracha’s
ABBA
Turquois
n
Conclusions
•
The first consensus protocol that tolerates a combination of:
➡
Byzantine nodes
➡
Dynamic omission transmission faults
•
The first protocol that circumvents the impossibility results of
FLP and SW
•
A novel mechanism for broadcast message authentication that
relies on hashing operations during normal execution
•
Our modeling assumptions paid off! Turquois was shown to be
faster, in many cases by more than an order of magnitude