Attack Tolerant Systems

Topics Defense in Depth · Secret Sharing · Byzantine Fault Tolerance · Diversification
01 //

Introduction

Networks have valuable data and will be attacked. We must build systems that withstand attacks - data and services should tolerate them.

WWW Robustness Quiz

The Internet is a scale-free network. It has high tolerance to random failures and low tolerance to attacks. The most successful attacks target the most connected nodes - when they fail, the network fractures.

Node Connectedness

Method Definition
Average Node Degree Nodes with the largest number of connected nodes
Node Persistence During traffic snapshots, nodes most likely to appear
Temporal Closeness Nodes that interact with the largest number of nodes
02 //

Defense in Depth

Three layers: PreventDetectSurvive. The best way to survive is to tolerate the attack.

What Must Tolerate Attacks
  • Data - confidentiality, integrity, availability
  • System services - availability and integrity

Single Server vs Replication

Typically, data is stored in one place. Compromise of that server → loss of CIA.

Replication & Confidentiality

Weaker - attacker has n targets vs 1. More opportunities to get data.

Replication & Integrity/Availability

Better - with majority voting, attacker must compromise majority of n servers.

Question

Can we have better confidentiality protection than simple replication? Yes - via secret sharing.

03 //

Secret Sharing

Distribute a secret among participants; each gets a share. Secret is reconstructed only when shares are combined. Individual shares are of no use on their own.

Naïve Secret Sharing Quiz

Naïve scheme: split "PASSWORD!" into shares (e.g., PAS, SWO, RD!). Weakness: the more shares an attacker has, the less work to guess the secret. In a secure scheme, having shares should not reduce guesswork.

Benefits
  • Improve integrity and availability (replicate each share among a group)
  • Individual shareholder (or compromised party) cannot change or access data
  • Removes single point of vulnerability for confidentiality

(k, n) Threshold Scheme

Divide data D into n pieces D₁, …, Dₙ such that:

If k=n, all participants are required to reconstruct. Using n=2k−1: recover key even if ⌊n/2⌋ pieces destroyed; adversaries need more than ⌊n/2⌋ to reconstruct.

04 //

Shamir's Secret Sharing

Invented by Adi Shamir (1979). Uses polynomial interpolation over a finite field.

Algorithm
  1. 1
    Choose random (k−1) coefficients a₁…aₖ₋₁; let secret S = a₀. Polynomial: q(x) = a₀ + a₁x + … + aₖ₋₁x^(k−1)
  2. 2
    Construct n points (i, Sᵢ=q(i)) for i=1…n. Arithmetic modulo prime p > S and n.
  3. 3
    Reconstruct: k points uniquely determine a degree-(k−1) polynomial. Use Lagrange interpolation; S = q(0).
(3,5) Example q(x)=5+3x+7x² (mod 11). Shares: S₁=4, S₂=0, S₃=6, S₄=2, S₅=4. Any 3 shares → reconstruct S=7.
Properties
  • Easy to create new shares without changing the secret
  • Add or delete shares without affecting others
  • Hierarchical schemes possible
  • Information-theoretic security - no computational assumptions
05 //

Byzantine Fault Tolerance

Byzantine fault - components may fail with imperfect information; faulty nodes can exhibit arbitrary behavior. Achieved through redundancy and failure masking.

Redundancy Quiz
  • Availability - probability system operates correctly at any moment
  • Reliability - ability to run correctly over long intervals
  • Safety - failure does not lead to catastrophe
  • Maintainability - ease of repair

Byzantine Generals Problem

Commanding general sends order to n−1 lieutenants. Goals: all loyal lieutenants obey same order; if general is loyal, every loyal lieutenant obeys that order. Network may fail, delay, duplicate; faulty nodes behave arbitrarily.

Practical Byzantine Fault Tolerance (PBFT)

Asynchronous system; Byzantine failure model. Minimum 3f+1 replicas for f faulty - needed because: proceed with n−f responses (f may not respond); of those who responded, up to f may be faulty; need n−2f > f ⇒ n > 3f.

PBFT Algorithm (Simplified)
  1. 1
    Client sends request to primary
  2. 2
    Primary multicasts to backups
  3. 3
    Replicas execute and send reply to client
  4. 4
    Client waits for f+1 replies with same result
06 //

Attack Tolerance vs Fault Tolerance

We cannot apply fault tolerance directly to achieve attack tolerance. Redundancy means identical replicas running the same program - the same attack can compromise all replicas.

Limitation

All replicas run the same program(s). A single attack vector can compromise every replica. Redundancy is not a solution for attacks.

Attack Tolerance: Diversification

Each instance has a different implementation across all layers:

Attack Tolerance: Moving Target

Take diversification further - dynamically change network and system configuration. Many instances, implemented differently, composed on-the-fly.

Key Insight

Fault tolerance assumes independent failures. Attacks are coordinated and target the same vulnerability. Diversification and moving target address this by ensuring no single vulnerability compromises the whole system.

07 //

Summary

Attack Tolerant Systems - Takeaways
  • Defense in depth - Prevent, Detect, Survive
  • Replication - improves integrity/availability (majority); weakens confidentiality (more targets)
  • Secret sharing - (k,n) threshold; Shamir's scheme; info-theoretic security
  • Byzantine FT - 3f+1 replicas; PBFT for consensus
  • Attack tolerance - diversification (different implementations); moving target (dynamic config)