building and verifying a quasi certification entity over
play

Building and verifying a quasi-certification entity over - PowerPoint PPT Presentation

Building and verifying a quasi-certification entity over Distributed Hash Tables F. Kordon - Universit P. & M. Curie - CC2016 Join work with X. Bonnaire, R. Cortes & O. Marin UPMC (France), UFSM (Chile), NYUS (China)


  1. Building and verifying a quasi-certification entity over Distributed Hash Tables F. Kordon - Université P. & M. Curie - CC2016 Join work with X. Bonnaire, R. Cortes & O. Marin UPMC (France), UFSM (Chile), NYUS (China) Fabrice.Kordon@lip6.fr

  2. Certification, why? 2 Motivations Digital filling for tax purpose ‣ Certify that somebody did it before a given deadline Certified emails ‣ Use emails for legal purposes F. Kordon - Université P. & M. Curie - CC2016 Online game refereeing e-voting, etc.

  3. Certification, why? 2 Motivations Digital filling for tax purpose ‣ Certify that somebody did it before a given deadline Certified emails ‣ Use emails for legal purposes F. Kordon - Université P. & M. Curie - CC2016 Online game refereeing e-voting, etc. Existing Solutions Centralized ‣ Public Key Infrastructures (traditional PKI) ‣ Scaling problem/prone to faults/implementation (atomic multicast) Decentralized ‣ Certification on top of Distributed Hash Tables (DHT) ‣ Rapidly brings Byzantine consensus (for a 100.0% guarantee)

  4. Certification, why? 2 Motivations Digital filling for tax purpose ‣ Certify that somebody did it before a given deadline Certified emails ‣ Use emails for legal purposes Objective F. Kordon - Université P. & M. Curie - CC2016 Online game refereeing ( q u a s i ) - c e r t i f y t h a t a g i v e n a c t i o n h a s b e e e-voting, etc. n p e r f o r m e d a t a c e r t a i n t i m e D i s t r Existing Solutions i b u t e d c o n t e x t ( D H T ) Centralized ‣ Public Key Infrastructures (traditional PKI) ‣ Scaling problem/prone to faults/implementation (atomic multicast) Decentralized ‣ Certification on top of Distributed Hash Tables (DHT) ‣ Rapidly brings Byzantine consensus (for a 100.0% guarantee)

  5. DHT in a nutshell 3 Retrieve data (key + value) put (v,k) get(k) → v F. Kordon - Université P. & M. Curie - CC2016 Figure 3.6.

  6. DHT in a nutshell 3 Retrieve data (key + value) a c c e s s i n l put (v,k) o g ( n ) Totally decentralized + built)in get(k) → v redundancy for fault tolerance F. Kordon - Université P. & M. Curie - CC2016 Figure 3.6.

  7. DHT in a nutshell 3 Retrieve data (key + value) put (v,k) get(k) → v F. Kordon - Université P. & M. Curie - CC2016 R o o t n o d e

  8. DHT in a nutshell 3 Retrieve data (key + value) put (v,k) get(k) → v t e f s a e L F. Kordon - Université P. & M. Curie - CC2016 t ) o o r + ( e s d o n e o s l c L R o o t n o d e

  9. DHT in a nutshell 3 Retrieve data (key + value) put (v,k) get(k) → v t e f s a e L F. Kordon - Université P. & M. Curie - CC2016 t ) o o r + ( e s d o n e o s l c L R o o t n o d e L r o f e s u l a v l a c s i a s l C ) s t e ( b 2 3 , 1 6 , 8

  10. Quasi-certification — entities 4 A → an actor performing a service F. Kordon - Université P. & M. Curie - CC2016 A

  11. Quasi-certification — entities 4 A → an actor performing a service S → leafset hash(service) offering the service F. Kordon - Université P. & M. Curie - CC2016 1 - request init answers S A

  12. Quasi-certification — entities 4 A → an actor performing a service S → leafset hash(service) offering the service F. Kordon - Université P. & M. Curie - CC2016 1 - request init answers S A 2 - transaction End ack

  13. Quasi-certification — entities 4 A → an actor performing a service S → leafset hash(service) offering the service C → certification authority leafset hash(A/service) F. Kordon - Université P. & M. Curie - CC2016 3 - transaction ack 1 - request init C answers S A 2 - transaction End ack

  14. Quasi-certification — entities 4 A → an actor performing a service S → leafset hash(service) offering the service C → certification authority leafset hash(A/service) F. Kordon - Université P. & M. Curie - CC2016 3 - transaction ack 1 - request init C answers S A 4 - certificate generation Certificate 2 - transaction End ack Log Entry

  15. Quasi-certification — protocol structure 5 5 A S C F. Kordon - Université P. & M. Curie - CC2016

  16. Quasi-certification — protocol structure 5 5 A S C A requests leaf set receive leaf set A requests cert. service F. Kordon - Université P. & M. Curie - CC2016 ack cert. service

  17. Quasi-certification — protocol structure 5 5 A S C A requests leaf set receive leaf set A requests cert. service F. Kordon - Université P. & M. Curie - CC2016 ack cert. service the service

  18. Quasi-certification — protocol structure 5 5 A S C A requests leaf set receive leaf set A requests cert. service F. Kordon - Université P. & M. Curie - CC2016 ack cert. service the service nodes request leaf set nodes receive leaf set nodes ack transaction

  19. Quasi-certification — protocol structure 5 5 A S C } A requests leaf set receive leaf set 1 : A & S secure exchanges A requests cert. service F. Kordon - Université P. & M. Curie - CC2016 ack cert. service } 2 : exchanges to perform the service the service } 3 : S get trustset from C nodes request leaf set nodes receive leaf set } 4 : C elaborates the nodes ack transaction side certificate

  20. Quasi-certification — protocol structure 5 5 A S C } A requests leaf set receive leaf set 1 : A & S secure exchanges A requests cert. service F. Kordon - Université P. & M. Curie - CC2016 ack cert. service } 2 : exchanges to perform the service the service } 3 : S get trustset from C nodes request leaf set nodes receive leaf set } 4 : C elaborates the y t i r o j a M nodes ack transaction side certificate ⇒ L/2+1 answers

  21. Quasi-certification — protocol structure 5 5 A S C } A requests leaf set receive leaf set 1 : A & S secure exchanges D i v e A requests cert. service r s i t y r o u F. Kordon - Université P. & M. Curie - CC2016 t i n g ack cert. service To serre the leafset } 2 : exchanges to perform the service the service } 3 : S get trustset from C nodes request leaf set nodes receive leaf set } 4 : C elaborates the y t i r o j a M nodes ack transaction side certificate ⇒ L/2+1 answers

  22. The verification process 6 Proof (by any method?) Proven to be undecidable [FLP 85] F. Kordon - Université P. & M. Curie - CC2016

  23. The verification process 6 Proof (by any method?) Proven to be undecidable [FLP 85] So what? F. Kordon - Université P. & M. Curie - CC2016 Being pragmatic Going for «quasi»

  24. The verification process 6 Proof (by any method?) Proven to be undecidable [FLP 85] So what? F. Kordon - Université P. & M. Curie - CC2016 Being pragmatic Going for «quasi» Two steps 1. modeling the protocol in a perfect world (no error) Use of Petri nets 2. Probabilistic analysis to evaluate the failure rate Use of a classical fault model, building a formula + numeric evaluation

  25. Modeling the protocol (step 1) 7 Hypotheses H 1 : perfect world H 2 : service reduced to 1 interaction H 3 : L+1 answer requested instead of L/2+1 F. Kordon - Université P. & M. Curie - CC2016 ‣ Symmetric net with Bags?

  26. Modeling the protocol (step 1) 7 s e b l a i a r v d n a s e p y T L ; . 0 . s i d i t s e p t y ; > i d s t d , i t s < s i d s i t d x i t s e p t y ; i d s t i n i r v a F. Kordon - Université P. & M. Curie - CC2016

  27. Modeling the protocol (step 1) 7 Types and variables Sstart Astart <i> <i> malS1 <tsid.all> AreqTS <i> type tsid is 0..L; malA1 type tsidxtsid is <tsid, tsid>; n1 a1 SsendTS AgetTS <tsid.all> <i> <i> var i in tsid; malA2 malS2 n2 a2 s2 <i> <i> <tsid.all> AreqCS <i> F. Kordon - Université P. & M. Curie - CC2016 n3 malA3 a3 SackCS AackCS <tsid.all> <i> <i> malA4 malS3 n4 a4 s3 <i> malicious_reservoir

  28. Modeling the protocol (step 1) 7 Types and variables Sstart Astart <i> <i> malS1 <tsid.all> AreqTS <i> type tsid is 0..L; malA1 type tsidxtsid is <tsid, tsid>; n1 a1 SsendTS AgetTS <tsid.all> <i> <i> var i in tsid; malA2 malS2 n2 a2 s2 <i> <i> <tsid.all> AreqCS <i> F. Kordon - Université P. & M. Curie - CC2016 n3 malA3 a3 SackCS AackCS <tsid.all> <i> <i> <i> malA4 malA4 malS3 malS3 n4 a4 a4 s3 <i> s3 <i> malicious_reservoir malicious_reservoir <i> AstartCS <tsid.all> <i> SstopAbort malA5 n5 Sperform a5 <i> malS4 <tsid.all> AendCS <i> s4 <i> n6 AstopOK AstopAbort

Recommend


More recommend