Byzantine Faults in Wireless Networks - PowerPoint PPT Presentation

1 / 76
About This Presentation
Title:

Byzantine Faults in Wireless Networks

Description:

Byzantine Faults in Wireless Networks Nitin Vaidya University of Illinois at Urbana-Champaign Acknowledgements Talk based on joint work with Vartika Bhandari, UIUC ... – PowerPoint PPT presentation

Number of Views:138
Avg rating:3.0/5.0
Slides: 77
Provided by: NitinV6
Category:

less

Transcript and Presenter's Notes

Title: Byzantine Faults in Wireless Networks


1
Byzantine Faults in Wireless Networks
  • Nitin Vaidya
  • University of Illinois at Urbana-Champaign

2
Acknowledgements
  • Talk based on joint work with
  • Vartika Bhandari, UIUC
  • Guanfeng Liang, UIUC
  • Rachit Agrawal, UIUC
  • Pradeep Kyasanur, UIUC
  • Chandrakanth Chereddi, UIUC
  • Chiu-Yuen Koo, University of Maryland
  • Jonathan Katz, University of Maryland
  • Research funded in part by
  • US National Science Foundation
  • US Army Research Office
  • Vodafone

3
Wireless Networks
  • Wireless paradigms
  • Single hop versus Multi-hop
  • Multi-hop networks
  • Mesh networks, ad hoc networks, sensor networks

4
Network Performance
5
What Makes Wireless Networks Interesting?
  • Broadcast medium path loss

6
What Makes Wireless Networks Interesting?
  • Many forms of diversity
  • Time
  • Route
  • Antenna
  • Path
  • Channel

7
What Makes Wireless Networks Interesting?
  • Time diversity

8
What Makes Wireless Networks Interesting?
  • Channel diversity

High interference
D
B
C
A
D
B
C
A
Low interference
9
Improving Wireless Performance
  • Exploit physical resources diversity
  • Requires appropriate cross-layer protocols
  • Routing
  • Scheduling
  • Medium access control

10
Example
  • Multi-channel wireless networks

2
3
4

c
1
11
Practical Scenario
  • A host can only be on use a subset of channels at
    any time

1
m
c
12
Need for New Protocols
4 Channels 2 Radios per node
1,2
13
Net-XTheory to Practice
Linux box
14
Performance Security
15
Security Performance
  • How to ______ secure performance ?
  • Define
  • Analyze
  • Improve
  • How to exploit wireless properties ?

16
Byzantine Faults in Wireless Networks
17
Byzantine Fault Model
Arbitrary behavior
18
Byzantine Faults
  • Arbitrary behavior may be constrained
  • Examples
  • Transmit power (and range) constrained by
    physical design of a wireless device
  • Misbehavior may be limited to the programmable
    components of a wireless device

19
Byzantine Agreement
If source s sends a message All non-faulty
nodes must agree on a single value for that
message If s is non-faulty, the agreed value
must be the one sent by s
s
20
Byzantine Agreement
http//en.wikipedia.org/wiki/FilePlum_tree_with_f
ruit.jpg
21
Is Wireless Different?
  • Broadcast medium hinders duplicity

Time u gt t
Time t
y
B
B
S
S
x
A
A
22
Is Wireless Different
  • Many forms of diversity
  • Time
  • Route
  • Antenna
  • Path
  • Channel

Diversity weakensbroadcast capability
23
Is Wireless Different?
  • Path loss limits range
  • Not all nodes in the same broadcast domain
  • ? Misbehaving node cannot cause collision
    everywhere
  • ? Multi-hop network

24
Is Wireless Different?
  • f failures anywhere in the network
  • ? n gt 3f connectivity gt
    2f
  • In multi-hop networks,
  • connectivity small compared to n
  • ? f may not scale with n
  • ? Alternative fault distribution models may
    provide new insights

25
Some Results
26
Network Models
Random deployment
Grid network
27
Grid Network
  • Degree nodes at distance r in each direction
  • Connectivity bounded by number of neighbors

2r1
L8 distance metric
28
Grid Network
  • Local fault model at most f faults in each
    neighborhood
  • Byzantine agreement iff
  • f lt ½ r(2r1)
  • Potentially, network-wide faults linear in n
  • Traditional model f faults network-wide
  • Degree gt 2f
  • Number of faults in the entire network

lt degree / 2
degree / 4
29
Proof Outline
  • Induction
  • All neighbors of (a, b) can commit to correct
    value
  • ? all neighbors of (a-1, b),(a1, b), (a, b-1),
    (a, b1) also can
  • Base case
  • All neighbors of source hear message directly
    and can commit to it

(a, b)
30
Grid Network
  • Assumptions leading to improved fault-tolerance
  • Locally bounded faults
  • Reliable local broadcast
  • No MAC layer cheating collisions
  • address spoofing

31
Grid Network
  • Probabilistic failure model failure
    probability p lt ½
  • Reliable broadcast probability ? 1 whenn ? 8 ,
    iff node degree
  • Expected number of faults linear in n
  • Local fault model at most f faults in each
    neighborhood
  • Byzantine agreement iff
  • f lt ½ r(2r1)
  • Potentially, network-wide faults linear in n

32
Reliable Local Broadcast ?
  • In reality
  • Unreliable wireless channel
  • If MAC layer is compromised, nodes maycause
    collisions or spoof addresses

33
Relaxing the Assumptions
  • Unreliable channel non-faulty MAC
  • Local broadcast with probabilistic guarantees
  • Bounded number of collisions reliable channel
  • A transformation that converts algorithm for
    collision-free case to bounded-collision-resilient
    algorithm
  • Other related work Gilbert Pelc

34
Byzantine Agreement
  • One shot analysis
  • Connectivity requirements
  • Number of messages
  • Number of rounds
  • Longer timescale analysis
  • Throughput with fault-tolerance

35
Throughput Analysis
  • Multicast Single source, multiple destinations
  • Unicast Single source , single destination
    Requirement deliver data correctly
    when source destination fault-free
  • We will consider unicast

36
Related Work
  • Significant related work
  • Byzantine agreement Pease-Shostak-Lamport
  • Information dispersal Rabin
  • System level diagnosis Preparata-Metze-Chien
  • Network coding Koetter,Medard

37
Fault-Tolerance Objective
  • Tolerate failures
  • Detect failures
  • Let us focus on detection of single failure
  • Source destination fault-free

38
Secure Capacity
  • What is the maximum rate of reliable delivery
  • in such that
  • a single failure is detected ?

39
Two Approaches
  • Where is the failure (or attack) detected ?
  • At the destination
  • At intermediate nodes

40
Detection at Destination
41
Unicast with Byzantine Failure
  • Attack not detected
  • ? Detection requires connectivity 2

A
S
D
42
Unicast with Byzantine Failure
  • Attack not detected
  • ? Detection requires connectivity 2
  • Capacity 0

R2
A
R1
S
D
43
Unicast with Byzantine Failures
  • Forward data through A and W
  • Compare at D to detect single failure
  • f must have inverse f(x) x suffices

x
x
A
S
D
f(x)
f(x)
W
44
Unicast with Byzantine Failures
  • Forward data through A and W
  • Compare at D to detect single failure
  • Capacity min (R1, R2, R3, R4)

R2
A
R1
S
D
R3
R4
W
45
Unicast with Byzantine Failures
  • Forward data through A and W
  • Compare at D to detect single failure
  • What happens with broadcast links ?

R2
A
R1
S
D
R3
R4
W
46
Unicast with Byzantine Failure
  • S constrained to broadcast same informationto A
    and W
  • Duplicate along two routes, and compare at D
  • Capacity min (R, R2, R4)

R2
A
S
D
y
x
x
R
R4
W
47
Example 2
  • Capacity 2

1
A
a, b
a
  • Each faulty node can
  • Tamper 1 packet
  • Capacity min-cut 1
  • Network-coding
  • Things more interesting,when each nodes
  • capability different

b
S
D
B
1
1
2
C
ab
48
Example 3
  • Capacity 4

2
A
a1,a2
a1,a2
D
4
a1,a2 b1,b2
b1,b2
C
b1,b2
S
D
2
a1,a2 c1,c2
E
4
c1,c2
4
B
2
c1a1b1 c2a2b2
49
Common Feature Code-then-Replicate
  • Source broadcasts packets to one-hop neighbors
  • One-hop neighbors
  • Either forward some of the packets unmodified
  • Or forward linear combination of the packets
  • All other nodes
  • Forward packets to neighbor, possibly replicating
    the packets
  • No other coding

50
Link Failures versus Node Failures
  • If an adversary can only attack only f packets
    (independent of its output rate)min-cut of
    fc adequate to support capacity c
  • With node failures, situation more complex
  • Characterized achievable rate forcode-then-replic
    ate strategy with a node failure

51
Detection in the Network
52
Recall
  • S constrained to broadcast same informationto A
    and W
  • Duplicate along two routes, and compare at D
  • Capacity min (R, R2, R4)

R2
A
S
D
y
x
x
R
R4
W
53
Unicast with Byzantine Failure
  • What if As transmission is a broadcast too ?
  • Can do much better

A
S
D
W
54
Watchdog Approach
  • What if As transmission is a broadcast too ?

A
S
D
x
y
Alarm!
W
55
Shared Wireless Channel
  • If AD WD share a channel, throughput with
    watchdog almost same as without watchdog

A
S
D
R-1
R-1
1
Binary value
W
R
A
R
S
D
56
Shared Wireless Channel
  • If AD WD share a channel, throughput with
    watchdog almost same as without watchdog

A
S
D
R-1
R-1
1
Binary value
W
Much better than linear coding
57
Watchdog Approach
  • Watchdog function Non-linear
  • Superior to linear coding strategies
  • Can be generalized to multiple watchdogs

58
Limitations of Wireless Channel
  • Unreliable transmissions
  • Watchdog cannot watch every transmission
  • Solution Coding Watchdog

A
S
D
unreliable
W
59
Detection at Destination
  • Detection at destination,if not too many errors
    introduced by attacker

a,b,x,abc
a,b,c,abc
A
S
D
?
abx abc
W
60
Detection at Watchdog
  • Suppose the watchdog can observe 75 packets from
    attacker A

a,z,x,abc
a,b,c,abc
A
S
D
Alarm!
W
a,b,c,abc
61
Coding Watchdog
  • How much redundancy in transmission from S
    enough?
  • Assume (n,k) maximum distance separable code
    with distance n-k1
  • Attack by A detected by D if A tampers n-k
    packets
  • Attacker A must tamper at least n-k1 packets to
    be undetected by D
  • Attack by W detected trivially

62
Caveat
  • Fault detection Fault identification

?
63
Coding Watchdog
  • Suppose watchdog can detect packet tampering with
    probability q
  • Probability of not being detected by W

64
  • Construct (n,k) MDS code with
  • ?
  • Example

can be made small
65
Trade-off Between Throughput Fault-Tolerance
  • A and B collide at W
  • Greater throughput ? Lower observability at W

66
Locating Faulty Nodes
  • Multiple watchdogs can also be used to identify a
    faulty node (the watchdog may itself be faulty)

67
On-Going Work
  • Characterizing capacity with watchdogs
  • Code-then-replicate strategy promising

68
Wrap-Up
69
Distributed Algorithms
Wireless Networking
Fault Diagnosis / Tolerance
70
Thanks !
71
Thanks !
72
Thanks !
73
Thanks !
74
Grid Network
  • Probabilistic failure model failure
    probability p lt ½
  • Critical node degree for reliable broadcast
    probability ? 1 when n ? 8
  • Expected number of faults linear in n

75
Necessary Condition Proof Outline
If some fault-free nodes havegt half faulty
neighbors,reliable broadcast may fail
Show that if node degree
lt
broadcast failureprobability ? 1 as n ? 8
76
Sufficiency Condition Constructive Proof
Algorithm Majority vote of a quarter
neighborhood
Claim If all fault-free nodes in a
neighborhood have committed to the correct
value, so can all nodes in the periphery of
this region
d/4
Inductive proof Each peripheral node has at
least d/4 neighbors in above region. Less than
half of these are faulty w.h.p. as n ?8 Thus
majority over these d/4 neighbors suffices!
Write a Comment
User Comments (0)
About PowerShow.com