Duck Attack on Accountable Distributed Systems

Kumar Amrit 1 Cédric Lauradoux 2 Pascal Lafourcade 3
2 PRIVATICS - Privacy Models, Architectures and Tools for the Information Society
Inria Grenoble - Rhône-Alpes, CITI - CITI Centre of Innovation in Telecommunications and Integration of services
Abstract : Accountability plays a key role in dependable distributed systems. It allows to detect, isolate and churn malicious/selfish nodes that deviate from a prescribed protocol. To achieve these properties, sev- eral accountable systems use at their core cryptographic primitives that produce non-repudiable evidence of inconsistent or incorrect behavior. In this paper, we show how selfish and colluding nodes can exploit the use of cryptographic digests in accountability protocols to mount what we call a duck attack. In a duck attack, selfish and colluding nodes exploit the use of cryptographic digests to alter the transmission of messages while masquerading as honest entities. The end result is that their selfish behavior remains undetected. This undermines the security guarantees of the accountability protocols. We first discover the duck attack while analyzing PAG — a cus- tom cryptographic protocol to build accountable systems presented at ICDCS 2016. We later discover that accountable distributed sys- tems based on a secure log (essentially a hash-based data structure) are also vulnerable to the duck attack and apply it on AcTinG — a protocol presented at SRDS 2014. To defeat our attack, we modify the underlying secure log to have high-order dependency on the messages stored in it.
Type de document :
Communication dans un congrès
14th EAI International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services, Nov 2017, Melbourne, Australia
Liste complète des métadonnées

https://hal.inria.fr/hal-01589196
Contributeur : Cédric Lauradoux <>
Soumis le : lundi 18 septembre 2017 - 12:23:55
Dernière modification le : mercredi 15 novembre 2017 - 16:17:56

Identifiants

  • HAL Id : hal-01589196, version 1

Collections

Citation

Kumar Amrit, Cédric Lauradoux, Pascal Lafourcade. Duck Attack on Accountable Distributed Systems. 14th EAI International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services, Nov 2017, Melbourne, Australia. 〈hal-01589196〉

Partager

Métriques

Consultations de la notice

58