BFT replication resistant to MAC attacks
AbstractOver the last decade numerous Byzantine fault-tolerant (BFT) replication protocols have been proposed in the literature. However, the vast majority of these solutions reuse the same authentication scheme, which makes them susceptible to a so called MAC attack. Such vulnerability enables malicious clients to undetectably prevent the replicated service from processing incoming client requests, and consequently making it permanently unavailable. While some BFT protocols attempted to address this issue by using di�erent authentication mechanisms, they at the same time signi�cantly degraded the performance achieved in correct environments. This article presents a novel adaptive authentication mechanism which can be combined with practically any Byzantine fault-tolerant replication protocol. Unlike previous solutions, the proposed scheme dynamically switches between two operation modes to combine high performance in correct environments and liveness during MAC attacks. The experiment results presented in the article demonstrate that the proposed mechanism can su�ciently tolerate MAC attacks without introducing any observable overhead whenever no faults are present.
|Publication size in sheets||0.5|
|Book||Romaniuk Ryszard (eds.): Proc. SPIE. 10031, Photonics Applications in Astronomy, Communications, Industry, and High-Energy Physics Experiments 2016, vol. 10031, 2016, SPIE , ISBN 9781510604858, [781510604865 (electronic) ], 1170 p., DOI:10.1117/12.2257157|
|Keywords in English||Byzantine fault tolerance, state machine replication, MAC attack, adaptive authentication, distributed systems, dependability|
|project||Development of new algorithms in the areas of software and computer architecture, artificial intelligence and information systems and computer graphics . Project leader: Rybiński Henryk,
, Phone: +48 22 234 7731, start date 18-05-2015, end date 30-11-2016, II/2015/DS/1, Completed
|Score|| = 15.0, 27-03-2017, BookChapterMatConf|
= 15.0, 27-03-2017, BookChapterMatConf
* presented citation count is obtained through Internet information analysis and it is close to the number calculated by the Publish or Perish system.