Secure and Fault-Tolerant Voting in Distributed Systems

Concerns about both security and fault-tolerance have had an important impact on the design and use of distributed information systems in the past. As such systems become more prevalent, as well as more pervasive, these concerns will become even more immediately relevant. From national defense, to commercial interests, to private citizens, distributed systems are making an ever greater impact on our lives. We will focus here on integrating security and fault-tolerance into one, general-purpose protocol for secure distributed voting. Distributed voting is a well-known fault-tolerance technique [4]. For the most part, however, security had not been a concern in systems that used voting. More recently, several protocols have been proposed to shore up this lack. These protocols, however, have limitations which make them particularly unsuitable for many aerospace applications, because those applications require very flexible voting schemes (e.g., voting among real-world sensor data). We present a new, more general voting protocol that reduces the vulnerability of the voting process to both attacks and faults. The algorithm is contrasted with the traditional 2phase commit protocols typically used in distributed voting and with other proposed secure voting schemes. Our algorithm is applicable to exact and inexact voting in networks where atomic broadcast and predetermined message delays are present, such as local area networks. For wide area networks without these properties, we describe yet another approach that satisfies our goals of obtaining security and fault tolerance for a broad range of aerospace information systems. 0-7803-6599-2/01/$10.00 c 2001 IEEE Author affiliated with SUNY Buffalo; work performed while under the Air Force Research Laboratory/Information Directorate’s 2000 Summer Faculty Research Program. TABLE OF CONTENTS