Fault Injection into Railway Target

1
Digital Signaturesin Fault-Tolerant Protocols
Klaus Echtle ICB, University of
Duisburg-Essenechtle_at_dc.uni-due.de
2
Reason for using signatures
Who has sent what ?

• Security, protection against attacks
• Safety, fault tolerance, protection against
  faults

Yes and no.
Common objectives ?
Common techniques ?
Yes
no.
and
3
Objective 1 in fault tol. Origin
Identify origin of (wrong or correct)
information. Fault in original sender ?
4
Objective 1 in fault tol. Origin
... otherwise (without signatures)
?
detection
5
Objective 2 in fault tol. Forwarding
Fault in forwarding node ?
Distant fault detection.
6
Objective 2 in fault tol. Forwarding
... otherwise (without signatures)
detection
7
Objective 3 in fault tol. Replication
Replication fault by original sender ?(Byzantine
behaviour)
s
s
8
Objective 3 in fault tol. Replication
... otherwise(withoutsignatures)
9
Usage of signatures in protocols

• Signed messages agreement protocol
• Membership protocol of Flaviu Cristian
• Reliable broadcast protocol of Flaviu Cristian
• Pendulum protocol for agreement
• and many others

10
Benefit of signatures
Agreement protocols, n nodes, f of which are
faulty.
Protocol execution by m messages in p phases.
11
Benefit of signatures
12
Benefit of signatures
n 11 nodes
13
Signature techniques for fault tolerance

• Cryptographically strong signatures
• Efficient signaturesno intelligent attacks
  just arbitrary stupid faults

14
Simple CRC-based signature
not individual
NeverthelessUndetectable modificationis very
unlikely
Send signatured message
contents
sender id
Check signature
15
Signature based on multiplication
individual
Generate
Choose a and b, calculate c a ? b
mod 2d
16
Signature schemes for fault tolerance
17
Relative signature
firstletter
secondletter
thirdletter
18
Relative signature
f, g global
actual sign.
f ', g, ?' global
authenticator
Check
19
Properties of relative signatures
All functions are global ? no key distribution.
? appropriate for dynamic networks(nodes
entering and leaving),applied in network
membership protocols)
Functions are one way? faulty nodes cannot
steal sender identifiers.
Nodes create identifiers themselves? redundant
identifier space and creation during startup
only prevent creation of multiple identifiers
per node
20
Relative signatures
If receiver finds faulty message contents then
all messages from respective sendermay be
ignored.
Similarities in security field ? restriction to
relative comparison,no key distribution,etc.
21
Unique signature UniSig
Guarantee both signed messagesare identical (in
the context of a sequence number) no message
exchange among the receivers !
22
UniSig
23
UniSig functions
Choose 60-bit number odd b.Calculate d
(p q) ? a ? b mod 260.
24
UniSig functions
c(n) (p q) ? a ? n
s x ? (p q) ? a ? nnew
25
UniSig functions
Sent
26
Properties of UniSig
Unique signed message for each sequence number.

• Implementation such that violations are very
  unlikely,no copies of pair (n, c) etc.
• absolute adressing
• UniSig program created by redundant nodes
• once pair (n, c) is lost? recovery by redundant
  nodes
• etc.

27
Applying UniSig to protocol SM

• Distribute values (as in original SM)

• No need to distribute deviating values? fewer
  messages (in the presence of faults)

• Co-signatures are necessary (need not be UniSig)

• f 1 phases (same as original SM),however
  phases can be shorter (less messages)? protocol
  can execute faster

28
Applying UniSig to protocol SM
Worst-case 2n(n 1)(n 2)without UniSig n(n
1)2with UniSig
29
UniSig
If receiver obtains UniSigned message, then it
knowns other receivers will not get a different
message in the same context.
Similarities in security field ? need for this
property ?chance to implement it ?
30
Conclusion