Byzantine Failures and Security: Arbitrary is not (always) Random

• " Obvious analogies " [?] – Faults = attacks – Attack detection and response • " When opposites attract " [Lorenzo Alvisi] – Availability vs. confidentiality • Two different communities with different languages • One common thing: the Byzantine failure model – Security people use it to model malicious attackers – Fault-tolerance people know it, apply it, and think about Byzantine-tolerant systems as secure systems • In what sense are fault-tolerance people right? In what sense are Byzantine-tolerant systems secure? • Talk outline: 1. Recap Byzantine failure model 2. Critique 1: the coverage problem 3. Critique 2: the secrecy problem • Warning: no pictures (sorry) • Setting: – An army consisting of n individual divisions is besieging a large town, ready to attack. – Every army has a commander, one of the commanders is the general. – Communication is through messengers which travel on foot between the armies (every commander can directly talk with every other commander). – A certain fraction (maximal t out of n) commanders can be traitors (including the general). • Task: Attack town, but all non-traitors must attack at the same time for the attack to succeed. – General sends out time to attack. – All commanders must attack at the same time. – If the general is not a traitor, then they all will attack at the time he commands. • Traitors can act in arbitrary ways. • Root of the problem: if the general is a traitor, he could send conflicting time values to commanders 6/21 Application • Replicated processors must act in unison despite the fact that they get different inputs. – Commanders are replicated processes which must decide which step to take next • Equivalent problem: Byzantine Agreement (BA) – Every process proposes a value – All non-faulty processes decide on the same value – The decided value was proposed by some process • Results: – BA is impossible if t ≥ n/3 [Pease et al. 1980] – There exists an algorithm which solves BA for t < n/3 [Lamport et al. 1982] * t rounds of message exchange and relay: " q said that p said that. . .