Richeng Jin,Yufan Huang,Zhaoyang Zhang,Huaiyu Dai

DOI: https://doi.org/10.1109/tnse.2023.3247626

IF: 6.6

2023-01-01

IEEE Transactions on Network Science and Engineering

Abstract:Recently, the privacy guarantees of information dissemination protocols have attracted increasing research interests, among which the gossip protocols assume vital importance in various information exchange applications. In this article, we study the privacy guarantees of gossip protocols in general networks in terms of differential privacy and prediction uncertainty. First, lower bounds of the differential privacy guarantees are derived for gossip protocols in general networks in both synchronous and asynchronous settings. The prediction uncertainty of the source node given a uniform prior is also determined. For the private gossip algorithm, the differential privacy and prediction uncertainty guarantees are derived in closed forms in the asynchronous setting. Moreover, considering that these two metrics may be restrictive in some scenarios, the relaxed variants are proposed. It is found that source anonymity is closely related to some key network structure parameters in the general network setting. Then, we investigate information spreading in wireless networks with unreliable communications, and quantify the tradeoff between differential privacy guarantees and information spreading efficiency. Finally, considering that the attacker may not be present at the beginning of the information dissemination process, the scenario of delayed monitoring is studied and the corresponding differential privacy guarantees are evaluated.

Erwan Mahe,Rouwaida Abdallah,Sara Tucci-Piergiovanni,Pierre-Yves Piriou

2024-04-03

Abstract:This paper presents a novel adversary model specifically tailored to distributed systems, aiming to assess the security of blockchain networks. Building upon concepts such as adversarial assumptions, goals, and capabilities, our proposed adversary model classifies and constrains the use of adversarial actions based on classical distributed system models, defined by both failure and communication models. The objective is to study the effects of these allowed actions on the properties of distributed protocols under various system models. A significant aspect of our research involves integrating this adversary model into the Multi-Agent eXperimenter (MAX) framework. This integration enables fine-grained simulations of adversarial attacks on blockchain networks. In this paper, we particularly study four distinct fairness properties on Hyperledger Fabric with the Byzantine Fault Tolerant Tendermint consensus algorithm being selected for its ordering service. We define novel attacks that combine adversarial actions on both protocols, with the aim of violating a specific client-fairness property. Simulations confirm our ability to violate this property and allow us to evaluate the impact of these attacks on several order-fairness properties that relate orders of transaction reception and delivery.

Cryptography and Security,Distributed, Parallel, and Cluster Computing,Multiagent Systems

Renaud Gaucher,Hadrien Hendrikx,Aymeric Dieuleveut

2024-05-06

Abstract:Distributed approaches have many computational benefits, but they are vulnerable to attacks from a subset of devices transmitting incorrect information. This paper investigates Byzantine-resilient algorithms in a decentralized setting, where devices communicate directly with one another. We leverage the so-called dual approach to design a general robust decentralized optimization method. We provide both global and local clipping rules in the special case of average consensus, with tight convergence guarantees. These clipping rules are practical, and yield results that finely characterize the impact of Byzantine nodes, highlighting for instance a qualitative difference in convergence between global and local clipping thresholds. Lastly, we demonstrate that they can serve as a basis for designing efficient attacks.

Machine Learning

Berk Cirisci,Constantin Enea,Suha Orhun Mutluergil

DOI: https://doi.org/10.48550/arXiv.2301.09946

2023-01-24

Abstract:Distributed algorithms solving agreement problems like consensus or state machine replication are essential components of modern fault-tolerant distributed services. They are also notoriously hard to understand and reason about. Their complexity stems from the different assumptions on the environment they operate with, i.e., process or network link failures, Byzantine failures etc. In this paper, we propose a novel abstract representation of the dynamics of such protocols which focuses on quorums of responses (votes) to a request (proposal) that form during a run of the protocol. We show that focusing on such quorums, a run of a protocol can be viewed as working over a tree structure where different branches represent different possible outcomes of the protocol, the goal being to stabilize on the choice of a fixed branch. This abstraction resembles the description of recent protocols used in Blockchain infrastructures, e.g., the protocol supporting Bitcoin or HotStuff. We show that this abstraction supports reasoning about the safety of various algorithms, e.g., Paxos, PBFT, Raft, and HotStuff, in a uniform way. In general, it provides a novel induction based argument for proving that such protocols are safe.

Distributed, Parallel, and Cluster Computing

Sijing Tu,Stefan Neumann,Aristides Gionis

2023-09-13

Abstract:In recent years, online social networks have been the target of adversaries who seek to introduce discord into societies, to undermine democracies and to destabilize communities. Often the goal is not to favor a certain side of a conflict but to increase disagreement and polarization. To get a mathematical understanding of such attacks, researchers use opinion-formation models from sociology, such as the Friedkin--Johnsen model, and formally study how much discord the adversary can produce when altering the opinions for only a small set of users. In this line of work, it is commonly assumed that the adversary has full knowledge about the network topology and the opinions of all users. However, the latter assumption is often unrealistic in practice, where user opinions are not available or simply difficult to estimate accurately. To address this concern, we raise the following question: Can an attacker sow discord in a social network, even when only the network topology is known? We answer this question affirmatively. We present approximation algorithms for detecting a small set of users who are highly influential for the disagreement and polarization in the network. We show that when the adversary radicalizes these users and if the initial disagreement/polarization in the network is not very high, then our method gives a constant-factor approximation on the setting when the user opinions are known. To find the set of influential users, we provide a novel approximation algorithm for a variant of MaxCut in graphs with positive and negative edge weights. We experimentally evaluate our methods, which have access only to the network topology, and we find that they have similar performance as methods that have access to the network topology and all user opinions. We further present an NP-hardness proof, which was an open question by Chen and Racz [IEEE Trans. Netw. Sci. Eng., 2021].

Social and Information Networks,Data Structures and Algorithms,Machine Learning

Xiaohu Li,Paul Parker,Shouhuai Xu

DOI: https://doi.org/10.1007/s11424-009-9149-7

2009-01-01

Abstract:Gossiping is a popular technique for probabilistic reliable multicast (or broadcast). However, it is often difficult to understand the behavior of gossiping algorithms in an analytic fashion. Indeed, existing analyses of gossip algorithms are either based on simulation or based on ideas borrowed from epidemic models while inheriting some features that do not seem to be appropriate for the setting of gossiping. On one hand, in epidemic spreading, an infected node typically intends to spread the infection an unbounded number of times (or rounds); whereas in gossiping, an infected node (i.e., a node having received the message in question) may prefer to gossip the message a bounded number of times. On the other hand, the often assumed homogeneity in epidemic spreading models (especially that every node has equal contact to everyone else in the population) has been silently inherited in the gossiping literature, meaning that an expensive membership protocol is often needed for maintaining nodes’ views. Motivated by these observations, the authors present a characterization of a popular class of fault-tolerant gossip schemes (known as “push-based gossiping”) based on a novel probabilistic model, while taking the afore-mentioned factors into consideration.

Mohit Tekriwal,Avi Tachna-Fram,Jean-Baptiste Jeannin,Manos Kapritsos,Dimitra Panagou

2024-01-31

Abstract:Distributed architectures are used to improve performance and reliability of various systems. Examples include drone swarms and load-balancing servers. An important capability of a distributed architecture is the ability to reach consensus among all its nodes. Several consensus algorithms have been proposed, and many of these algorithms come with intricate proofs of correctness, that are not mechanically checked. In the controls community, algorithms often achieve consensus asymptotically, e.g., for problems such as the design of human control systems, or the analysis of natural systems like bird flocking. This is in contrast to exact consensus algorithm such as Paxos, which have received much more recent attention in the formal methods community. This paper presents the first formal proof of an asymptotic consensus algorithm, and addresses various challenges in its formalization. Using the Coq proof assistant, we verify the correctness of a widely used consensus algorithm in the distributed controls community, the Weighted-Mean Subsequence Reduced (W-MSR) algorithm. We formalize the necessary and sufficient conditions required to achieve resilient asymptotic consensus under the assumed attacker model. During the formalization, we clarify several imprecisions in the paper proof, including an imprecision on quantifiers in the main theorem.

Programming Languages,Optimization and Control

Xin Xiao,Yuanchun Shi,Yun Tang,Nan Zhang

DOI: https://doi.org/10.1093/ietcom/e91-b.9.2856

2008-01-01

IEICE Transactions on Communications

Abstract:During recent years, there has been a rapid growth in deployment of gossip-based protocol in many multicast applications. In a typical gossip-based protocol, each node acts as dual roles of receiver and sender, independently exchanging data with its neighbors to facilitate scalability and resilience. However, most of previous work in this literature seldom considered cheating issue of end users, which is also very important in face of the fact that the mutual cooperation inherently determines overall system performance. In this paper, we investigate the dishonest behaviors in decentralized gossip-based protocol through extensive experimental study. Our original contributions come in two-fold: In the first part of cheating study, we analytically discuss two typical cheating strategies, that is, intentionally increasing subscription requests and untruthfully calculating forwarding probability, and further evaluate their negative impacts. The results indicate that more attention should be paid to defending cheating behaviors in gossip-based protocol. In the second part of anti-cheating study, we propose a receiver-driven measurement mechanism, which evaluates individual forwarding traffic from the perspective of receivers and thus identifies cheating nodes with high incoming/outgoing ratio. Furthermore, we extend our mechanism by introducing reliable factor to further improve its accuracy. The experiments under various conditions show that it performs quite well in case of serious cheating and achieves considerable performance in other cases.

Hugo Rincon Galeana,Ulrich Schmid

2024-05-24

Abstract:Whereas distributed computing research has been very successful in exploring the solvability/impossibility border of distributed computing problems like consensus in representative classes of computing models with respect to model parameters like failure bounds, this is not the case for characterizing necessary and sufficient communication requirements. In this paper, we introduce network abstractions as a novel approach for modeling communication requirements in asynchronous distributed systems. A network abstraction of a run is a sequence of directed graphs on the set of processes, where the $i$-th graph specifies some ``potential'' message chains that can be guaranteed to arise in the $i$-th portion of the run. Formally, they are defined via associating message sending times with the end-to-end delays that would arise if the message was indeed sent by the sender's protocol. Network abstractions also allow to reason about future causal cones that might arise in a run, hence also facilitate reasoning about liveness properties, and are inherently compatible with temporal epistemic reasoning frameworks. We demonstrate the utility of our approach by providing necessary and sufficient network abstractions for solving the canonical firing rebels with relay (FRR) problem, and variants thereof, in asynchronous message-passing systems with up to $f$ byzantine processes connected via point-to-point links. FRR is not only a basic primitive in clock synchronization and consensus algorithms, but also integrates several distributed computing problems, namely triggering events, agreement and even stabilizing agreement, in a single problem instance.

Distributed, Parallel, and Cluster Computing,Discrete Mathematics,Logic in Computer Science

Na Ruan,Hanyi Sun,Zenan Lou,Jie Li

DOI: https://doi.org/10.1109/tnet.2022.3201493

2023-01-01

IEEE/ACM Transactions on Networking

Abstract:Decentralized cryptocurrency systems have become primary targets for attackers due to substantial profit gain and economic rewards. A number of attack models have been proposed during last few years. However, the evaluation and comparison of those attack models remain problematic due to the lack of systematic framework to analyze them. In this work, we propose a general quantitative analysis framework for attack models in the network and consensus layer of blockchain. We identify the problem statement and evolution process. And we show how to apply our general framework in previous attacks such as selfish mining and bribery attack. We also explained that the framework is suitable for other attacks in blockchain. For further exploration, we simulate the success rate and benefits of different attacks through experiments. We provide several defensive strategies, and study how these strategies against previous attack models.

Priyanka Kaswan,Sennur Ulukus

2023-03-21

Abstract:We consider a semantics-aware communication system, where timeliness is the semantic measure, with a source which maintains the most current version of a file, and a network of $n$ user nodes with the goal to acquire the latest version of the file. The source gets updated with newer file versions as a point process, and forwards them to the user nodes, which further forward them to their neighbors using a memoryless gossip protocol. We study the average version age of the network in the presence of $\tilde{n}$ jammers that disrupt inter-node communications, for the connectivity-constrained ring topology and the connectivity-rich fully connected topology. For the ring topology, we construct an alternate system model of mini-rings and prove that the version age of the original model can be sandwiched between constant multiples of the version age of the alternate model. We show in a ring network that when the number of jammers scales as a fractional power of the network size, i.e., $\tilde n= cn^\alpha$, the version age scales as $\sqrt{n}$ when $\alpha < \frac{1}{2}$, and as $n^{\alpha}$ when $\alpha \geq \frac{1}{2}$. As version age of a ring network without any jammers scales as $\sqrt{n}$, our result implies that version age with gossiping is robust against upto $\sqrt{n}$ jammers in a ring network. We then study the connectivity-rich fully connected topology, where we derive a greedy approach to place $\tilde{n}$ jammers to maximize age of the resultant network, which uses jammers to isolate as many nodes as possible, thereby consolidating all links into a single mini-fully connected network. We show in this network that version age scales as $\log{n}$ when $\tilde{n}=cn\log{n}$ and as $n^{\alpha-1}$, $1<\alpha\leq2$ when $\tilde{n}=cn^{\alpha}$, implying the network is robust against $n\log{n}$ jammers, since the age in a fully connected network without jammers scales as $\log{n}$.

Information Theory,Networking and Internet Architecture,Signal Processing

Yun Tang,Nan Zhang,Yuanchun Shi,Shiqiang Yang,Yuzhuo Zhong

DOI: https://doi.org/10.1109/ICC.2007.287

2007-01-01

Abstract:The Internet has witnessed a rapid growth in deployment of gossip-based protocol in many multicast applications. In a typical gossip-based protocol, each node independently exchanges data with its neighbors, acting as dual roles of receiver and sender to facilitate scalability and resilience. However, most of previous work in this literature seldom considered cheating issue of end users, which is also very important in face of the fact that the mutual cooperation inherently determines overall system performance.In this paper, we mainly investigate the dishonest behaviors in decentralized gossip-based protocol through extensive experimental study. Our original contributions come in two-fold: In the first part of cheating study, we analytically discuss two typical cheating strategies, that is, intentionally increasing subscription requests and untruthfully calculating forwarding probability, and further evaluate their negative impacts. The results indicate that more attention should be paid on defending cheating behaviors in gossip-based protocol. In the second part of anti-cheating study, we propose a simple receiver-driven measurement mechanism, which evaluates individual forwarding traffic from the perspective of receivers and thus identifies cheating nodes with high incoming/outgoing ratio. The experiments under various conditions show that it performs quite well in case of serious cheating and achieves considerable performance in other cases.

Yang Xiao,Ning Zhang,Wenjing Lou,Y. Thomas Hou

DOI: https://doi.org/10.1109/INFOCOM41043.2020.9155451

2020-09-01

Abstract:Blockchain, the technology behind the popular Bitcoin, is considered a "security by design" system as it is meant to create security among a group of distrustful parties yet without a central trusted authority. The security of blockchain relies on the premise of honest-majority, namely, the blockchain system is assumed to be secure as long as the majority of consensus voting power is honest. And in the case of proof-of-work (PoW) blockchain, adversaries cannot control more than 50% of the network's gross computing power. However, this 50% threshold is based on the analysis of computing power only, with implicit and idealistic assumptions on the network and node behavior. Recent researches have alluded that factors such as network connectivity, presence of blockchain forks, and mining strategy could undermine the consensus security assured by the honest-majority, but neither concrete analysis nor quantitative evaluation is provided. In this paper we fill the gap by proposing an analytical model to assess the impact of network connectivity on the consensus security of PoW blockchain under different adversary models. We apply our analytical model to two adversarial scenarios: 1) honest-but-potentially-colluding, 2) selfish mining. For each scenario, we quantify the communication capability of nodes involved in a fork race and estimate the adversary's mining revenue and its impact on security properties of the consensus protocol. Simulation results validated our analysis. Our modeling and analysis provide a paradigm for assessing the security impact of various factors in a distributed consensus system.

Cryptography and Security

Xiaokun Luan,Meng Sun

DOI: https://doi.org/10.1109/qrs-c55045.2021.00100

2021-01-01

Abstract:Blockchain has been prospering for the last decade. Despite the tremendous success of block chain, it is still vulnerable due to the complexity of distributed execution environment. Malicious attacks that exploit these vulnerabilities can lead to serious losses. Common Knowledge Base (CKB) is a public permissionless blockchain and the base layer of N ervos Network, which is gaining popularity in recent years. It adopts a novel con-sensus protocol to overcome two shortcomings of Bitcoin: the low transaction processing throughput and the vulnerability to selfish mining attacks. Considering the high-security requirements in CKB application scenarios, it is essential to provide formalization and verification of the safety and security properties of the CKB blockchain. In this paper, we provide a formal model of CKB consensus protocol in the theorem prover Coq. Fundamental components of the protocol are implemented, including the block structure, the two-step transaction confirmation mechanism, and the peer-to-peer asynchronous network. We also use Coq to establish the quiescent consistency property of the consensus protocol, which is a kind of eventual consensus that all the participants agree on the same ledger when there are no inflight messages.

Manuel Bravo,Gregory Chockler,Alexey Gotsman

DOI: https://doi.org/10.48550/arXiv.2202.06679

2022-10-05

Abstract:Byzantine state-machine replication (SMR) ensures the consistency of replicated state in the presence of malicious replicas and lies at the heart of the modern blockchain technology. Byzantine SMR protocols often guarantee safety under all circumstances and liveness only under synchrony. However, guaranteeing liveness even under this assumption is nontrivial. So far we have lacked systematic ways of incorporating liveness mechanisms into Byzantine SMR protocols, which often led to subtle bugs. To close this gap, we introduce a modular framework to facilitate the design of provably live and efficient Byzantine SMR protocols. Our framework relies on a view abstraction generated by a special SMR synchronizer primitive to drive the agreement on command ordering. We present a simple formal specification of an SMR synchronizer and its bounded-space implementation under partial synchrony. We also apply our specification to prove liveness and analyze the latency of three Byzantine SMR protocols via a uniform methodology. In particular, one of these results yields what we believe is the first rigorous liveness proof for the algorithmic core of the seminal PBFT protocol.

Distributed, Parallel, and Cluster Computing

Jacob Ginesin,Max von Hippel,Evan Defloor,Cristina Nita-Rotaru,Michael Tüxen

2024-03-09

Abstract:SCTP is a transport protocol offering features such as multi-homing, multi-streaming, and message-oriented delivery. Its two main implementations were subjected to conformance tests using the PacketDrill tool. Conformance testing is not exhaustive and a recent vulnerability (CVE-2021-3772) showed SCTP is not immune to attacks. Changes addressing the vulnerability were implemented, but the question remains whether other flaws might persist in the protocol design. We study the security of the SCTP design, taking a rigorous approach rooted in formal methods. We create a formal Promela model of SCTP, and define 10 properties capturing the essential protocol functionality based on its RFC specification and consultation with the lead RFC author. Then we show using the Spin model checker that our model satisfies these properties. We define 4 attacker models - Off-Path, where the attacker is an outsider that can spoof the port and IP of a peer; Evil-Server, where the attacker is a malicious peer; Replay, where an attacker can capture and replay, but not modify, packets; and On-Path, where the attacker controls the channel between peers. We modify an attack synthesis tool designed for transport protocols, Korg, to support our SCTP model and four attacker models. We synthesize 14 unique attacks using the attacker models - including the CVE vulnerability in the Off-Path attacker model, 4 attacks in the Evil-Server attacker model, an opportunistic ABORT attack in the Replay attacker model, and eight connection manipulation attacks in the On-Path attacker model. We show that the proposed patch eliminates the vulnerability and does not introduce new ones according to our model and protocol properties. Finally, we identify and analyze an ambiguity in the RFC, which we show can be interpreted insecurely. We propose an erratum and show that it eliminates the ambiguity.

Cryptography and Security

David Basin,Cas Cremers

DOI: https://doi.org/10.1007/978-3-642-15205-4_1

2010-01-01

Abstract:We present a symbolic framework, based on a modular operational semantics, for formalizing different notions of compromise relevant for the analysis of cryptographic protocols. The framework’s rules can be combined in different ways to specify different adversary capabilities, capturing different practically-relevant notions of key and state compromise. We have extended an existing security-protocol analysis tool, Scyther, with our adversary models. This is the first tool that systematically supports notions such as weak perfect forward secrecy, key compromise impersonation, and adversaries capable of state-reveal queries. We also introduce the concept of a protocol-security hierarchy, which classifies the relative strength of protocols against different forms of compromise. In case studies, we use Scyther to automatically construct protocol-security hierarchies that refine and correct relationships between protocols previously reported in the cryptographic literature.

Varul Srivastava,Sujit Gujar

DOI: https://doi.org/10.48550/arXiv.2302.06136

2023-02-13

Abstract:Security analysis of blockchain technology is an active domain of research. There has been both cryptographic and game-theoretic security analysis of Proof-of-Work (PoW) blockchains. Prominent work includes the cryptographic security analysis under the Universal Composable framework and Game-theoretic security analysis using Rational Protocol Design. These security analysis models rely on stricter assumptions that might not hold. In this paper, we analyze the security of PoW blockchain protocols. We first show how assumptions made by previous models need not be valid in reality, which attackers can exploit to launch attacks that these models fail to capture. These include Difficulty Alternating Attack, under which forking is possible for an adversary with less than 0.5 mining power, Quick-Fork Attack, a general bound on selfish mining attack and transaction withholding attack. Following this, we argue why previous models for security analysis fail to capture these attacks and propose a more practical framework for security analysis pRPD. We then propose a framework to build PoW blockchains PRAGTHOS, which is secure from the attacks mentioned above. Finally, we argue that PoW blockchains complying with the PRAGTHOS framework are secure against a computationally bounded adversary under certain conditions on the reward scheme.

Cryptography and Security,Distributed, Parallel, and Cluster Computing,Computer Science and Game Theory

Quentin Kniep,Maxime Laval,Jakub Sliwinski,Roger Wattenhofer

2024-09-04

Abstract:This work examines the resilience properties of the Snowball and Avalanche protocols that underlie the popular Avalanche blockchain. We experimentally quantify the resilience of Snowball using a simulation implemented in Rust, where the adversary strategically rebalances the network to delay termination. We show that in a network of $n$ nodes of equal stake, the adversary is able to break liveness when controlling $\Omega(\sqrt{n})$ nodes. Specifically, for $n = 2000$, a simple adversary controlling $5.2\%$ of stake can successfully attack liveness. When the adversary is given additional information about the state of the network (without any communication or other advantages), the stake needed for a successful attack is as little as $2.8\%$. We show that the adversary can break safety in time exponentially dependent on their stake, and inversely linearly related to the size of the network, e.g. in 265 rounds in expectation when the adversary controls $25\%$ of a network of 3000. We conclude that Snowball and Avalanche are akin to Byzantine reliable broadcast protocols as opposed to consensus.

Distributed, Parallel, and Cluster Computing

Renaud Gaucher,Aymeric Dieuleveut,Hadrien Hendrikx

2024-10-14

Abstract:Distributed approaches have many computational benefits, but they are vulnerable to attacks from a subset of devices transmitting incorrect information. This paper investigates Byzantine-resilient algorithms in a decentralized setting, where devices communicate directly with one another. We investigate the notion of breakdown point, and show an upper bound on the number of adversaries that decentralized algorithms can tolerate. We introduce $\mathrm{CG}^+$, an algorithm at the intersection of $\mathrm{ClippedGossip}$ and $\mathrm{NNA}$, two popular approaches for robust decentralized learning. $\mathrm{CG}^+$ meets our upper bound, and thus obtains optimal robustness guarantees, whereas neither of the existing two does. We provide experimental evidence for this gap by presenting an attack tailored to sparse graphs which breaks $\mathrm{NNA}$ but against which $\mathrm{CG}^+$ is robust.

Optimization and Control,Machine Learning