Building and verifying a quasi-certification entity over Distributed Hash Tables F. Kordon - Université P. & M. Curie - CC2016 Join work with X. Bonnaire, R. Cortes & O. Marin UPMC (France), UFSM (Chile), NYUS (China) Fabrice.Kordon@lip6.fr
Certification, why? 2 Motivations Digital filling for tax purpose ‣ Certify that somebody did it before a given deadline Certified emails ‣ Use emails for legal purposes F. Kordon - Université P. & M. Curie - CC2016 Online game refereeing e-voting, etc.
Certification, why? 2 Motivations Digital filling for tax purpose ‣ Certify that somebody did it before a given deadline Certified emails ‣ Use emails for legal purposes F. Kordon - Université P. & M. Curie - CC2016 Online game refereeing e-voting, etc. Existing Solutions Centralized ‣ Public Key Infrastructures (traditional PKI) ‣ Scaling problem/prone to faults/implementation (atomic multicast) Decentralized ‣ Certification on top of Distributed Hash Tables (DHT) ‣ Rapidly brings Byzantine consensus (for a 100.0% guarantee)
Certification, why? 2 Motivations Digital filling for tax purpose ‣ Certify that somebody did it before a given deadline Certified emails ‣ Use emails for legal purposes Objective F. Kordon - Université P. & M. Curie - CC2016 Online game refereeing ( q u a s i ) - c e r t i f y t h a t a g i v e n a c t i o n h a s b e e e-voting, etc. n p e r f o r m e d a t a c e r t a i n t i m e D i s t r Existing Solutions i b u t e d c o n t e x t ( D H T ) Centralized ‣ Public Key Infrastructures (traditional PKI) ‣ Scaling problem/prone to faults/implementation (atomic multicast) Decentralized ‣ Certification on top of Distributed Hash Tables (DHT) ‣ Rapidly brings Byzantine consensus (for a 100.0% guarantee)
DHT in a nutshell 3 Retrieve data (key + value) put (v,k) get(k) → v F. Kordon - Université P. & M. Curie - CC2016 Figure 3.6.
DHT in a nutshell 3 Retrieve data (key + value) a c c e s s i n l put (v,k) o g ( n ) Totally decentralized + built)in get(k) → v redundancy for fault tolerance F. Kordon - Université P. & M. Curie - CC2016 Figure 3.6.
DHT in a nutshell 3 Retrieve data (key + value) put (v,k) get(k) → v F. Kordon - Université P. & M. Curie - CC2016 R o o t n o d e
DHT in a nutshell 3 Retrieve data (key + value) put (v,k) get(k) → v t e f s a e L F. Kordon - Université P. & M. Curie - CC2016 t ) o o r + ( e s d o n e o s l c L R o o t n o d e
DHT in a nutshell 3 Retrieve data (key + value) put (v,k) get(k) → v t e f s a e L F. Kordon - Université P. & M. Curie - CC2016 t ) o o r + ( e s d o n e o s l c L R o o t n o d e L r o f e s u l a v l a c s i a s l C ) s t e ( b 2 3 , 1 6 , 8
Quasi-certification — entities 4 A → an actor performing a service F. Kordon - Université P. & M. Curie - CC2016 A
Quasi-certification — entities 4 A → an actor performing a service S → leafset hash(service) offering the service F. Kordon - Université P. & M. Curie - CC2016 1 - request init answers S A
Quasi-certification — entities 4 A → an actor performing a service S → leafset hash(service) offering the service F. Kordon - Université P. & M. Curie - CC2016 1 - request init answers S A 2 - transaction End ack
Quasi-certification — entities 4 A → an actor performing a service S → leafset hash(service) offering the service C → certification authority leafset hash(A/service) F. Kordon - Université P. & M. Curie - CC2016 3 - transaction ack 1 - request init C answers S A 2 - transaction End ack
Quasi-certification — entities 4 A → an actor performing a service S → leafset hash(service) offering the service C → certification authority leafset hash(A/service) F. Kordon - Université P. & M. Curie - CC2016 3 - transaction ack 1 - request init C answers S A 4 - certificate generation Certificate 2 - transaction End ack Log Entry
Quasi-certification — protocol structure 5 5 A S C F. Kordon - Université P. & M. Curie - CC2016
Quasi-certification — protocol structure 5 5 A S C A requests leaf set receive leaf set A requests cert. service F. Kordon - Université P. & M. Curie - CC2016 ack cert. service
Quasi-certification — protocol structure 5 5 A S C A requests leaf set receive leaf set A requests cert. service F. Kordon - Université P. & M. Curie - CC2016 ack cert. service the service
Quasi-certification — protocol structure 5 5 A S C A requests leaf set receive leaf set A requests cert. service F. Kordon - Université P. & M. Curie - CC2016 ack cert. service the service nodes request leaf set nodes receive leaf set nodes ack transaction
Quasi-certification — protocol structure 5 5 A S C } A requests leaf set receive leaf set 1 : A & S secure exchanges A requests cert. service F. Kordon - Université P. & M. Curie - CC2016 ack cert. service } 2 : exchanges to perform the service the service } 3 : S get trustset from C nodes request leaf set nodes receive leaf set } 4 : C elaborates the nodes ack transaction side certificate
Quasi-certification — protocol structure 5 5 A S C } A requests leaf set receive leaf set 1 : A & S secure exchanges A requests cert. service F. Kordon - Université P. & M. Curie - CC2016 ack cert. service } 2 : exchanges to perform the service the service } 3 : S get trustset from C nodes request leaf set nodes receive leaf set } 4 : C elaborates the y t i r o j a M nodes ack transaction side certificate ⇒ L/2+1 answers
Quasi-certification — protocol structure 5 5 A S C } A requests leaf set receive leaf set 1 : A & S secure exchanges D i v e A requests cert. service r s i t y r o u F. Kordon - Université P. & M. Curie - CC2016 t i n g ack cert. service To serre the leafset } 2 : exchanges to perform the service the service } 3 : S get trustset from C nodes request leaf set nodes receive leaf set } 4 : C elaborates the y t i r o j a M nodes ack transaction side certificate ⇒ L/2+1 answers
The verification process 6 Proof (by any method?) Proven to be undecidable [FLP 85] F. Kordon - Université P. & M. Curie - CC2016
The verification process 6 Proof (by any method?) Proven to be undecidable [FLP 85] So what? F. Kordon - Université P. & M. Curie - CC2016 Being pragmatic Going for «quasi»
The verification process 6 Proof (by any method?) Proven to be undecidable [FLP 85] So what? F. Kordon - Université P. & M. Curie - CC2016 Being pragmatic Going for «quasi» Two steps 1. modeling the protocol in a perfect world (no error) Use of Petri nets 2. Probabilistic analysis to evaluate the failure rate Use of a classical fault model, building a formula + numeric evaluation
Modeling the protocol (step 1) 7 Hypotheses H 1 : perfect world H 2 : service reduced to 1 interaction H 3 : L+1 answer requested instead of L/2+1 F. Kordon - Université P. & M. Curie - CC2016 ‣ Symmetric net with Bags?
Modeling the protocol (step 1) 7 s e b l a i a r v d n a s e p y T L ; . 0 . s i d i t s e p t y ; > i d s t d , i t s < s i d s i t d x i t s e p t y ; i d s t i n i r v a F. Kordon - Université P. & M. Curie - CC2016
Modeling the protocol (step 1) 7 Types and variables Sstart Astart <i> <i> malS1 <tsid.all> AreqTS <i> type tsid is 0..L; malA1 type tsidxtsid is <tsid, tsid>; n1 a1 SsendTS AgetTS <tsid.all> <i> <i> var i in tsid; malA2 malS2 n2 a2 s2 <i> <i> <tsid.all> AreqCS <i> F. Kordon - Université P. & M. Curie - CC2016 n3 malA3 a3 SackCS AackCS <tsid.all> <i> <i> malA4 malS3 n4 a4 s3 <i> malicious_reservoir
Modeling the protocol (step 1) 7 Types and variables Sstart Astart <i> <i> malS1 <tsid.all> AreqTS <i> type tsid is 0..L; malA1 type tsidxtsid is <tsid, tsid>; n1 a1 SsendTS AgetTS <tsid.all> <i> <i> var i in tsid; malA2 malS2 n2 a2 s2 <i> <i> <tsid.all> AreqCS <i> F. Kordon - Université P. & M. Curie - CC2016 n3 malA3 a3 SackCS AackCS <tsid.all> <i> <i> <i> malA4 malA4 malS3 malS3 n4 a4 a4 s3 <i> s3 <i> malicious_reservoir malicious_reservoir <i> AstartCS <tsid.all> <i> SstopAbort malA5 n5 Sperform a5 <i> malS4 <tsid.all> AendCS <i> s4 <i> n6 AstopOK AstopAbort
Recommend
More recommend