This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
A Parsimonious Approach for Obtaining Resource-Efficient and Trustworthy Execution
January-March 2007 (vol. 4 no. 1)
pp. 1-17
ASCII Text
x 
 
HariGovind V. Ramasamy, Adnan Agbaria, William H. Sanders, "A Parsimonious Approach for Obtaining Resource-Efficient and Trustworthy Execution," IEEE Transactions on Dependable and Secure Computing, vol. 4, no. 1, pp. 1-17, January-March, 2007.
 
 
BibTex
x
 
@article{ 10.1109/TDSC.2007.2,
author = {HariGovind V. Ramasamy and Adnan Agbaria and William H. Sanders},
title = {A Parsimonious Approach for Obtaining Resource-Efficient and Trustworthy Execution},
journal ={IEEE Transactions on Dependable and Secure Computing},
volume = {4},
number = {1},
issn = {1545-5971},
year = {2007},
pages = {1-17},
doi = {http://doi.ieeecomputersociety.org/10.1109/TDSC.2007.2},
publisher = {IEEE Computer Society},
address = {Los Alamitos, CA, USA},
}
 
 
RefWorks Procite/RefMan/Endnote
x 
 
TY - JOUR
JO - IEEE Transactions on Dependable and Secure Computing
TI - A Parsimonious Approach for Obtaining Resource-Efficient and Trustworthy Execution
IS - 1
SN - 1545-5971
SP1
EP17
EPD - 1-17
A1 - HariGovind V. Ramasamy,
A1 - Adnan Agbaria,
A1 - William H. Sanders,
PY - 2007
KW - Distributed systems
KW - fault tolerance
KW - Byzantine faults.
VL - 4
JA - IEEE Transactions on Dependable and Secure Computing
ER -
 
We propose a resource-efficient way to execute requests in Byzantine-fault-tolerant replication that is particularly well-suited for services in which request processing is resource-intensive. Previous efforts took a failure masking all-active approach of using all execution replicas to execute all requests; at least 2t+1 execution replicas are needed to mask t Byzantine-faulty ones. We describe an asynchronous protocol that provides resource-efficient execution by combining failure masking with imperfect failure detection and checkpointing. Our protocol is parsimonious since it uses only t+1 execution replicas, called the primary committee or {\cal PC}, to execute the requests under normal conditions characterized by a stable network and no misbehavior by {\cal PC} replicas; thus, a trustworthy reply can be obtained with the same latency, but with only about half of the overall resource use of the all-active approach. However, a request that exposes faults among the {\cal PC} replicas will cause the protocol to switch to a recovery mode, in which all 2t+1 replicas execute the request and send their replies; then, after selecting a new {\cal PC}, the protocol switches back to parsimonious execution. Such a request will incur a higher latency using our approach than the all-active approach, mainly because of fault detection latency. Practical observations point to the fact that failures and instability are the exception rather than the norm. That motivated our decision to optimize resource efficiency for the common case, even if it means paying a slightly higher performance cost during periods of instability.

[1] G. Li, “Efficient Network Authentication Protocols: Lower Bounds and Optimal Implementations,” Distributed Computing, vol. 9, no. 3, pp. 131-145, 1995.
[2] A. Kehne, J. Schonwalder, and H. Langendorfer, “A Nonce-Based Protocol for Multiple Authentications,” ACM Operating Systems Rev., vol. 26, no. 4, pp. 84-89, 1992.
[3] M. Bellare and P. Rogaway, “Provably Secure Session Key Distribution: The Three Party Case,” Proc. 27th ACM Symp. Theory of Computing, pp. 57-66, 1995.
[4] J. Nam, S. Cho, S. Kim, and D. Won, “Simple and Efficient Group Key Agreement Based on Factoring,” Proc. Int'l Conf. Computational Science and Its Applications (ICCSA '04), pp. 645-654, 2004.
[5] H.A. Wen, T.F. Lee, and T. Hwang, “A Provably Secure Three-Party Password-Based Authenticated Key Exchange Protocol Using Weil Pairing,” IEE Proc. Comm., vol. 152, no. 2, pp. 138-143, 2005.
[6] J.T. Kohl, “The Evolution of the Kerberos Authentication Service,” EurOpen Conf. Proc., pp. 295-313, 1991.
[7] B. Neuman and T. Ts'o, “Kerberos: An Authentication Service for Computer Networks,” IEEE Comm., vol. 32, no. 9, pp. 33-38, 1994.
[8] W. Stallings, Cryptography and Network Security: Principles and Practice 3/e. Prentice Hall, 2003.
[9] K.-Y. Lam and D. Gollmann, “Freshness Assurance of Authentication Protocols,“ Proc. European Symp. Research in Computer Security (ESORICS '92), pp. 261-271, 1992.
[10] R. Shirey, Internet Security Glossary, IETF RFC 2828, May 2000.
[11] C.H. Bennett and G. Brassard, “Quantum Cryptography: Public Key Distribution and Coin Tossing,” Proc. IEEE Int'l Conf. Computers, Systems, and Signal Processing, pp. 175-179, 1984.
[12] C.H. Bennett, “Quantum Cryptography Using any Two Nonorthogonal States,” Physical Rev. Letters, vol. 68, no. 3121, 1992.
[13] A.K. Ekert, “Quantum Cryptography Based on Bell's Theorem,” Physical Rev. Letters, vol. 67, no. 661, 1991.
[14] W.Y. Hwang, I.G. Koh, and Y.D. Han, “Quantum Cryptography without Public Announcement of Bases,” Physics Letters A, vol. 244, pp. 489-494, 1998.
[15] G. Zeng and W. Zhang, “Identity Verification in Quantum Key Distribution,“ Physical Rev. A, vol. 61, 2000.
[16] D. Mayers, “Quantum Key Distribution and String Oblivious Transfer in Noisy Channel,” Proc. Advances in Cryptology (CRYPTO '96), pp. 343-357, 1996.
[17] D. Gottesman and H.-K. Lo, “Proof of Security of Quantum Key Distribution with Two-Way Classical Communications,” IEEE Trans. Information Theory, vol. 49, p. 457, 2003.
[18] C. Bennett, F. Bessette, G. Brassard, L. Salvail, and J. Smolin, “Experimental Quantum Cryptography,” J. Cryptology, vol. 5, pp. 3-28, 1992.
[19] P.D. Townsend, “Secure Key Distribution System Based on Quantum Cryptography,” Electronics Letters, vol. 30, pp. 809-811, 1994.
[20] R.J. Hughes, G.G. Luther, G.L. Morgan, C.G. Peterson, and C. Simmons, “Quantum Cryptography over Underground Optical Fibers,” Proc. Advances in Cryptology (CRYPTO '96), pp. 329-342, 1996.
[21] N. Gisin, G. Ribordy, W. Tittel, and H. Zbinden, “Quantum Cryptography,” Rev. of Modern Physics, vol. 74, pp. 145-190, 2002.
[22] A. Einstein, P. Podolsky, and S. Rosen, “Can Quantum-Mechanical Description of Physical Reality Be Considered Complete?” Physical Rev., vol. 47, pp. 777-780, 1935.
[23] E. Bresson, O. Chevassut, D. Pointcheval, and J.-J. Quisquater, “Provably Authenticated Group Diffie-Hellman Key Exchange,” Proc. Eighth ACM Conf. Computer and Comm. Security, pp. 255-264, 2001.
[24] W.K. Wootters and W.H. Zurek, “A Single Quantum Cannot Be Cloned,” Nature, vol. 299, pp. 802-803, 1992.
[25] N. Asokan, V. Niemi, and K. Nyberg, “Man-in-the-Middle in Tunnelled Authentication Protocols,” Proc. Int'l Workshop Security Protocols, 2003.
[26] H.-A. Wen, C.-L. Lin, and T. Hwang, “Provably Secure Authenticated Key Exchange Protocols for Low Power Computing Clients,” Computers and Security, vol. 25, pp. 106-113, 2006.

Index Terms:
Distributed systems, fault tolerance, Byzantine faults.
Citation:
HariGovind V. Ramasamy, Adnan Agbaria, William H. Sanders, "A Parsimonious Approach for Obtaining Resource-Efficient and Trustworthy Execution," IEEE Transactions on Dependable and Secure Computing, vol. 4, no. 1, pp. 1-17, Jan.-March 2007, doi:10.1109/TDSC.2007.2
Usage of this product signifies your acceptance of the Terms of Use.