Authentication in a reconfigurable Byzantine fault tolerant system

• dc.contributor.advisor: Barbara Liskov.
• dc.contributor.author: Chen, Kathryn (Kathryn Chi-ting)
• dc.contributor.other: Massachusetts Institute of Technology. Dept. of Electrical Engineering and Computer Science.
• dc.date.copyright: 2004
• dc.date.issued: 2004
• dc.identifier.uri: http://hdl.handle.net/1721.1/33126
• dc.description: Thesis (M. Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2004.
• dc.description: Includes bibliographical references (leaves 57-58).
• dc.description.abstract: Byzantine (i.e. arbitrary) faults occur as a result of software errors and malicious attacks; they are increasingly a problem as people come to depend more and more on online services. Systems that provide critical services must behave correctly in the face of Byzantine faults. Correct service in the presence of failures is achieved through replication: the service runs at a number of replica servers and as more than a third of the replicas are non-faulty, the group as a whole continues to behave correctly. We would like the service to be able to authenticate data. Authenticated data is data that more than a third of the service is willing to sign. If a long-lived replicated service can tolerate f failures, then we do not want the adversary to have the lifetime of the system to compromise more than f replicas. One way to limit the amount of time an adversary has to compromise more than f replicas is to reconfigure the system, moving the responsibility for the service from one group of servers to a new group of servers.Reconfiguration allows faulty servers to be removed from service and replaced with newly introduced correct servers. Reconfiguration is also desirable because the servers can become targets for malicious attacks, and moving the service thwarts such attacks. In a replicated service, we would like the service to be able to authenticate data. Authenticated data is data that more than a third of the service is willing to sign. Any party that knows a public key can verify the signature. Such a scheme is a threshold signature scheme. The signers in a threshold signature scheme each know some part of a secret. Because we would like to reconfigure the system, we need to transfer the knowledge of the secret to the new servers and we want to disable the old servers from signing in the future. Such a scheme is called secret refreshing.This thesis describes TSPSS, a threshold signing and proactive secret sharing protocol. TSPSS can be used by asynchronous reconfigurable Byzantine fault tolerant service replicas to perform threshold signing and secret refreshing. TSPSS uses com- binatorial secret sharing, which involves an exponential number of shares in f. We implement TSPSS to evaluate how well it scales and whether it performs well enough to be used in practice. We find that TSPSS performs well enough to be used for f = 1, is arguably good enough for f = 2, and is impractical for f = 3. Thus, a better solution to this problem is needed.
• dc.description.statementofresponsibility: by Kathryn Chen.
• dc.format.extent: 58 leaves
• dc.format.extent: 2650194 bytes
• dc.format.extent: 2651594 bytes
• dc.format.mimetype: application/pdf
• dc.format.mimetype: application/pdf
• dc.language.iso: eng
• dc.publisher: Massachusetts Institute of Technology
• dc.subject: Electrical Engineering and Computer Science.
• dc.type: Thesis
• dc.description.degree: M.Eng.
• dc.contributor.department: Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science
• dc.identifier.oclc: 62240969