Henrique Moniz

Randomized Intrusion-Tolerant Asynchronous Services

Randomized agreement protocols, often assumed to be inefficient due to their high expected communication and time complexities, they have remained largely overlooked by the community-at-large as a valid solution for the deployment of fault-tolerant distributed systems. This paper aims to demonstrate that randomization can be a very competitive approach even in hostile environments where arbitrary faults can occur. A stack of randomized intrusion-tolerant protocols is described and its performance evaluated under different faultloads. The stack provides a set of relevant services ranging from basic communication primitives up to atomic broadcast. The experimental evaluation shows that the protocols are efficient and no performance reduction is observed under certain Byzantine faults

Intrusion Tolerance in Wireless Environments: An Experimental Evaluation

This paper presents a study on the performance of intrusion-tolerant protocols in wireless LANs. The protocols are evaluated in several different environmental settings, and also within the context of a car platooning application for distributed cruise control. The experimental evaluation reveals how performance is affected by the various environmental parameters such as the wireless standard, group size, and network topology. The distributed cruise control application demonstrates the practicability of such protocols, even when subjected to malicious faults.

RITAS: Services for Randomized Intrusion Tolerance

Randomized agreement protocols have been around for more than two decades. Often assumed to be inefficient due to their high expected communication and computation complexities, they have remained overlooked by the community-at-large as a valid solution for the deployment of fault-tolerant distributed systems. This paper aims to demonstrate that randomization can be a very competitive approach even in hostile environments where arbitrary faults can occur. A stack of randomized intrusion-tolerant protocols is described and its performance evaluated under several settings in both local-area-network (LAN) and wide-area-network environments. The stack provides a set of relevant services ranging from basic communication primitives up to atomic broadcast. The experimental evaluation shows that the protocols are efficient, especially in LAN environments where no performance reduction is observed under certain Byzantine faults.

Experimental Comparison of Local and Shared Coin Randomized Consensus Protocols

The paper presents a comparative performance study of the two main classes of randomized binary consensus protocols: a local coin protocol, with an expected high communication complexity and cheap symmetric cryptography, and a shared coin protocol, with an expected low communication complexity and expensive asymmetric cryptography. The experimental evaluation was conducted on a LAN environment, by varying several system parameters, such as the fault types and number of processes. The analysis shows that there is a significant gap between the theoretical and the practical performance results of these protocols, and provides an important insight into what actually happens during their execution

Byzantine Fault-Tolerant Consensus in Wireless Ad Hoc Networks

Wireless ad hoc networks, due to their inherent unreliability, pose significant challenges to the task of achieving tight coordination among nodes. The failure of some nodes and momentary breakdown of communications, either of accidental or malicious nature, should not result in the failure of the entire system. This paper presents an asynchronous Byzantine consensus protocol-called Turquois-specifically designed for resource-constrained wireless ad hoc networks. The key to its efficiency is the fact that it tolerates dynamic message omissions, which allows an efficient utilization of the wireless broadcasting medium. The protocol also refrains from computationally expensive public-key cryptographic during its normal operation. The protocol is safe despite the arbitrary failure of f <; n/3 nodes from a total of n nodes, and unrestricted message omissions. Progress is ensured in rounds where the number of omissions is σ ≤ [n-t/2] (n - k - t) + k - 2, where k is the number of nodes required to terminate and t ≤ f is the number of nodes that are actually faulty. These characteristics make Turquois the first consensus protocol that simultaneously circumvents the FLP and the Santoro-Widmayer impossibility results, which is achieved through randomization. Finally, the protocol was prototyped and subject to a comparative performance evaluation against two well-known Byzantine fault-tolerant consensus protocols. The results show that, due to its design, Turquois outperforms the other protocols by more than an order of magnitude as the number of nodes in the system increases.

Randomization can be a healer: consensus with dynamic omission failures

Wireless ad-hoc networks are being increasingly used in diverse contexts, ranging from casual meetings to disaster recovery operations. A promising approach is to model these networks as distributed systems prone to dynamic communication failures. This captures transitory disconnections in communication due to phenomena like interference and collisions, and permits an efficient use of the wireless broadcasting medium. This model, however, is bound by the impossibility result of Santoro and Widmayer, which states that, even with strong synchrony assumptions, there is no deterministic solution to any non-trivial form of agreement if n - 1 or more messages can be lost per communication round in a system with n processes. In this paper we propose a novel way to circumvent this impossibility result by employing randomization. We present a consensus protocol that ensures safety in the presence of an unrestricted number of omission faults, and guarantees progress in rounds where such faults are bounded by f ≤ ⌈n/2⌉(n-k)+k - 2, where k is the number of processes required to decide, eventually assuring termination with probability 1.

Turquois: Byzantine consensus in wireless ad hoc networks

The operation of wireless ad hoc networks is intrinsically tied to the ability of nodes to coordinate their actions in a dependable and efficient manner. The failure of some nodes and momentary breakdown of communications, either of accidental or malicious nature, should not result in the failure of the entire system. This paper presents Turquois - an intrusion-tolerant consensus protocol specifically designed for resource-constrained wireless ad hoc networks. Turquois allows an efficient utilization of the broadcasting medium, avoids synchrony assumptions, and refrains from public-key cryptography during its normal operation. The protocol is safe despite the arbitrary failure of f < n over 3 processes from a total of n processes, and unrestricted message omissions. The protocol was prototyped and subject to a comparative performance evaluation against two well-known intrusion-tolerant consensus protocols. The results show that, as the system scales, Turquois outperforms the other protocols by more than an order of magnitude.

Timeout-based adaptive consensus: improving performance through adaptation

Algorithms for solving distributed systems problems often use timeouts as a means to achieve progress. They are designed in a way that safety is always preserved despite timeouts being too small or too large. A conservatively large static timeout value is usually selected, such that the overall system performance is acceptable in the normal case. This approach is good enough in stable environments, but it may compromise performance in more dynamic settings, such as in wireless networks. In this case, a better approach is to dynamically adjusting timeouts according to the observed network conditions. This paper clearly illustrates the achievable improvements and thus justifies the importance of using adaptive protocols in dynamic environments. We describe our pragmatic approach to transform a static timeout-based consensus protocol for ad hoc wireless networks into a fully autonomic and adaptive solution. Our comparative experiments, performed in a wireless environment, show that in contrast with the original static protocol, the adaptive solution leads to an almost constant bandwidth utilization despite increasing the number of consensus participants, and the overall consensus execution time increases linearly instead of exponentially.

Randomized Consensus in Wireless Environments: A Case Where More is Better

In many emerging wireless scenarios, consensus among nodes represents an important task that must be accomplished in a timely and dependable manner. However, the sharing of the radio medium and the typical communication failures of such environments may seriously hinder this operation. In the paper, we perform a practical evaluation of an existing randomized consensus protocol that is resilient to message collisions and omissions. Then, we provide and analyze an extension to the protocol that adds an extra message exchange phase. In spite of the added time complexity, the experiments confirm that our extension and some other implementation heuristics non-trivially boost the speed to reach consensus. Furthermore, we show that the speed-up holds also under particularly bad network conditions. As a consequence, our contribution turns out to be a viable and energy-efficient alternative for critical applications.

Services for fault-tolerant conflict resolution in air traffic management

Airborne Self-Separation is a new concept of dynamic management of air traffic flow, where pilots are allowed to select their flight paths in real-time. In this new operational concept, each aircraft is guided by an automated decision procedure and, based on the available information, enters into negotiations with surrounding aircraft in order to coordinate actions and avoid collisions. In this work, we explore the possibility of combining an approach based on Satisficing Game Theory together with fault-tolerant protocols to obtain a robust approach for conflict resolution and air traffic optimization in the context of Airborne Self-Separation.