Authentication in a reconfigurable Byzantine fault tolerant system

Chen, Kathryn (Kathryn Chi-ting)

Author(s)

Chen, Kathryn (Kathryn Chi-ting)

DownloadFull printable version (2.484Mb)

Other Contributors

Massachusetts Institute of Technology. Dept. of Electrical Engineering and Computer Science.

Advisor

Barbara Liskov.

Terms of use

M.I.T. theses are protected by copyright. They may be viewed from this source for any purpose, but reproduction or distribution in any format is prohibited without written permission. See provided URL for inquiries about permission. http://dspace.mit.edu/handle/1721.1/7582

Metadata

Show full item record

Abstract

Byzantine (i.e. arbitrary) faults occur as a result of software errors and malicious attacks; they are increasingly a problem as people come to depend more and more on online services. Systems that provide critical services must behave correctly in the face of Byzantine faults. Correct service in the presence of failures is achieved through replication: the service runs at a number of replica servers and as more than a third of the replicas are non-faulty, the group as a whole continues to behave correctly. We would like the service to be able to authenticate data. Authenticated data is data that more than a third of the service is willing to sign. If a long-lived replicated service can tolerate f failures, then we do not want the adversary to have the lifetime of the system to compromise more than f replicas. One way to limit the amount of time an adversary has to compromise more than f replicas is to reconfigure the system, moving the responsibility for the service from one group of servers to a new group of servers.Reconfiguration allows faulty servers to be removed from service and replaced with newly introduced correct servers. Reconfiguration is also desirable because the servers can become targets for malicious attacks, and moving the service thwarts such attacks. In a replicated service, we would like the service to be able to authenticate data. Authenticated data is data that more than a third of the service is willing to sign. Any party that knows a public key can verify the signature. Such a scheme is a threshold signature scheme. The signers in a threshold signature scheme each know some part of a secret. Because we would like to reconfigure the system, we need to transfer the knowledge of the secret to the new servers and we want to disable the old servers from signing in the future. Such a scheme is called secret refreshing.This thesis describes TSPSS, a threshold signing and proactive secret sharing protocol. TSPSS can be used by asynchronous reconfigurable Byzantine fault tolerant service replicas to perform threshold signing and secret refreshing. TSPSS uses com- binatorial secret sharing, which involves an exponential number of shares in f. We implement TSPSS to evaluate how well it scales and whether it performs well enough to be used in practice. We find that TSPSS performs well enough to be used for f = 1, is arguably good enough for f = 2, and is impractical for f = 3. Thus, a better solution to this problem is needed.

Description

Thesis (M. Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2004.

Includes bibliographical references (leaves 57-58).

Date issued

2004

URI

http://hdl.handle.net/1721.1/33126

Department

Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science

Publisher

Massachusetts Institute of Technology

Keywords

Electrical Engineering and Computer Science.

Collections

Graduate Theses