Modern Security with Traditional Distributed Algorithms

Several manufacturers have recently started to equip their hardware with security modules. These typically consist of smart cards or special microprocessors. Examples include the “Embedded Security Subsystem” within the recent IBM Thinkpad or the IBM 4758 secure co-processor board [4]. In fact, a large body of computer and device manufacturers has founded the Trusted Computing Group (TCG) [9] to promote this idea. In short, the computer hosts, besides its regular processor that can potentially be controlled by a malicious user, a trusted security module (Fig. 1). Because its hardware is tamper proof, the software running within a security module is certified and security modules can communicate through secure channels. However, communication goes through the untrusted hosts and dishonest ones can drop messages exchanged between the underlying security modules. As a consequence, the security modules form a distributed system of processes that can suffer from general omission failures [7] (i.e., either send or receive omission failures). In other words, the very existence of security modules transforms malicious behavior into omissions. These omissions are not however random but can be committed by dishonest hosts at specific points of the computation. In the following, we illustrate the transformation and some of the underlying issues through the problem of multi-party fair exchange. This problem is key to trading electronic items in systems of mutually untrusted parties. Each party expects to trade an item for another one, and each item has a description that is supposed to match this item. Each party hosts a security module and we assume here a synchronous model of computation, i.e., communication between security modules is synchronous and secure [3, 6], yet omissions can be committed.