SlideShare a Scribd company logo

Building a quasi-certification entity over DHTs

Pôle Systematic Paris-Region
Pôle Systematic Paris-Region

Fabrice Kordon, LIP6

Technology
1 of 53
Download to read offline
F.Kordon-UniversitéP.&M.Curie-CC2016 Fabrice.Kordon@lip6.fr Building and verifying a quasi-certification entity over Distributed Hash Tables Join work with X. Bonnaire, R. Cortes & O. Marin UPMC (France), UFSM (Chile), NYUS (China)
F.Kordon-UniversitéP.&M.Curie-CC2016 Certification, why? Motivations Digital filling for tax purpose ‣ Certify that somebody did it before a given deadline Certified emails ‣ Use emails for legal purposes Online game refereeing e-voting, etc. 2
F.Kordon-UniversitéP.&M.Curie-CC2016 Certification, why? Motivations Digital filling for tax purpose ‣ Certify that somebody did it before a given deadline Certified emails ‣ Use emails for legal purposes Online game refereeing e-voting, etc. Existing Solutions Centralized ‣ Public Key Infrastructures (traditional PKI) ‣ Scaling problem/prone to faults/implementation (atomic multicast) Decentralized ‣ Certification on top of Distributed Hash Tables (DHT) ‣ Rapidly brings Byzantine consensus (for a 100.0% guarantee) 2
F.Kordon-UniversitéP.&M.Curie-CC2016 Certification, why? Motivations Digital filling for tax purpose ‣ Certify that somebody did it before a given deadline Certified emails ‣ Use emails for legal purposes Online game refereeing e-voting, etc. Existing Solutions Centralized ‣ Public Key Infrastructures (traditional PKI) ‣ Scaling problem/prone to faults/implementation (atomic multicast) Decentralized ‣ Certification on top of Distributed Hash Tables (DHT) ‣ Rapidly brings Byzantine consensus (for a 100.0% guarantee) 2 Objective (quasi)-certify that a given action hasbeen performed at a certain time Distributed context (DHT)
F.Kordon-UniversitéP.&M.Curie-CC2016 DHT in a nutshell Retrieve data (key + value) put (v,k) get(k) → v 3 Large Scale Distributed System, Design Principles 47
F.Kordon-UniversitéP.&M.Curie-CC2016 DHT in a nutshell Retrieve data (key + value) put (v,k) get(k) → v 3 Large Scale Distributed System, Design Principles 47 access in log(n) Totally decentralized + built)inredundancy for fault tolerance
F.Kordon-UniversitéP.&M.Curie-CC2016 DHT in a nutshell Retrieve data (key + value) put (v,k) get(k) → v 3 Root node
F.Kordon-UniversitéP.&M.Curie-CC2016 DHT in a nutshell Retrieve data (key + value) put (v,k) get(k) → v 3 Root node Leafset L close nodes (+ root)
F.Kordon-UniversitéP.&M.Curie-CC2016 DHT in a nutshell Retrieve data (key + value) put (v,k) get(k) → v 3 Root node Leafset L close nodes (+ root) Classical values for L 8, 16, 32 (best)
F.Kordon-UniversitéP.&M.Curie-CC2016 Quasi-certification — entities A → an actor performing a service 4 A
F.Kordon-UniversitéP.&M.Curie-CC2016 Quasi-certification — entities A → an actor performing a service S → leafset hash(service) offering the service 4 A S 1 - request init answers
F.Kordon-UniversitéP.&M.Curie-CC2016 Quasi-certification — entities A → an actor performing a service S → leafset hash(service) offering the service 4 A S 1 - request init answers 2 - transaction End ack
F.Kordon-UniversitéP.&M.Curie-CC2016 Quasi-certification — entities A → an actor performing a service S → leafset hash(service) offering the service C → certification authority leafset hash(A/service) 4 A S 1 - request init answers 2 - transaction End ack C 3 - transaction ack
F.Kordon-UniversitéP.&M.Curie-CC2016 Quasi-certification — entities A → an actor performing a service S → leafset hash(service) offering the service C → certification authority leafset hash(A/service) 4 A S 1 - request init answers 2 - transaction End ack C 3 - transaction ack Certificate Log Entry 4 - certificate generation
F.Kordon-UniversitéP.&M.Curie-CC2016 Quasi-certification — protocol structure 5 A S C 5
F.Kordon-UniversitéP.&M.Curie-CC2016 Quasi-certification — protocol structure 5 A S C A requests cert. service ack cert. service A requests leaf set receive leaf set 5
F.Kordon-UniversitéP.&M.Curie-CC2016 Quasi-certification — protocol structure 5 A S C A requests cert. service ack cert. service A requests leaf set receive leaf set the service 5
F.Kordon-UniversitéP.&M.Curie-CC2016 Quasi-certification — protocol structure 5 A S C A requests cert. service ack cert. service A requests leaf set receive leaf set the service nodes ack transaction nodes request leaf set nodes receive leaf set 5
F.Kordon-UniversitéP.&M.Curie-CC2016 Quasi-certification — protocol structure 5 A S C A requests cert. service ack cert. service A requests leaf set receive leaf set the service nodes ack transaction nodes request leaf set nodes receive leaf set }1: A & S secure exchanges }3: S get trustset from C }2: exchanges to perform the service }4: C elaborates the side certificate 5
F.Kordon-UniversitéP.&M.Curie-CC2016 Quasi-certification — protocol structure 5 A S C A requests cert. service ack cert. service A requests leaf set receive leaf set the service nodes ack transaction nodes request leaf set nodes receive leaf set }1: A & S secure exchanges }3: S get trustset from C }2: exchanges to perform the service }4: C elaborates the side certificate 5 Majority ⇒ L/2+1 answers
F.Kordon-UniversitéP.&M.Curie-CC2016 Quasi-certification — protocol structure 5 A S C A requests cert. service ack cert. service A requests leaf set receive leaf set the service nodes ack transaction nodes request leaf set nodes receive leaf set }1: A & S secure exchanges }3: S get trustset from C }2: exchanges to perform the service }4: C elaborates the side certificate 5 Diversity routing To serre the leafset Majority ⇒ L/2+1 answers
F.Kordon-UniversitéP.&M.Curie-CC2016 The verification process Proof (by any method?) Proven to be undecidable [FLP 85] 6
F.Kordon-UniversitéP.&M.Curie-CC2016 The verification process Proof (by any method?) Proven to be undecidable [FLP 85] So what? Being pragmatic Going for «quasi» 6
F.Kordon-UniversitéP.&M.Curie-CC2016 The verification process Proof (by any method?) Proven to be undecidable [FLP 85] So what? Being pragmatic Going for «quasi» Two steps 1. modeling the protocol in a perfect world (no error) Use of Petri nets 2. Probabilistic analysis to evaluate the failure rate Use of a classical fault model, building a formula + numeric evaluation 6
F.Kordon-UniversitéP.&M.Curie-CC2016 Hypotheses H1: perfect world H2: service reduced to 1 interaction H3: L+1 answer requested instead of L/2+1 ‣ Symmetric net with Bags? Modeling the protocol (step 1) 7
F.Kordon-UniversitéP.&M.Curie-CC2016 Modeling the protocol (step 1) 7 Types and variables type tsid is 0..L; type tsidxtsid is <tsid, tsid>; var i in tsid;
F.Kordon-UniversitéP.&M.Curie-CC2016 Modeling the protocol (step 1) 7 Types and variables type tsid is 0..L; type tsidxtsid is <tsid, tsid>; var i in tsid; <i> <i> <i> <i><i> <i> <i> <tsid.all> <i> <tsid.all> <tsid.all> <i> <tsid.all> <i> <i> malicious_reservoir malS3 malS2 malS1 malA3 malA4 malA2 malA1 n4 n3 n2 n1 Sstart s2 s3 SsendTS SackCS AackCS AreqCS AgetTS AreqTS a4 a3 a2 a1 Astart
F.Kordon-UniversitéP.&M.Curie-CC2016 Modeling the protocol (step 1) 7 Types and variables type tsid is 0..L; type tsidxtsid is <tsid, tsid>; var i in tsid; <i> <i> <i> <i><i> <i> <i> <tsid.all> <i> <tsid.all> <tsid.all> <i> <tsid.all> <i> <i> malicious_reservoir malS3 malS2 malS1 malA3 malA4 malA2 malA1 n4 n3 n2 n1 Sstart s2 s3 SsendTS SackCS AackCS AreqCS AgetTS AreqTS a4 a3 a2 a1 Astart <i> <i> <i> <i> <tsid.all> <i> <tsid.all> <i> <i> malicious_reservoir malS4 malS3 malA5 malA4 SstopAbort AstopAbort n6 n5 s3 s4 Sperform AendCS AstartCS a5 a4 AstopOK
F.Kordon-UniversitéP.&M.Curie-CC2016 Modeling the protocol (step 1) 7 Types and variables type tsid is 0..L; type tsidxtsid is <tsid, tsid>; var i in tsid; <i> <i> <i> <i><i> <i> <i> <tsid.all> <i> <tsid.all> <tsid.all> <i> <tsid.all> <i> <i> malicious_reservoir malS3 malS2 malS1 malA3 malA4 malA2 malA1 n4 n3 n2 n1 Sstart s2 s3 SsendTS SackCS AackCS AreqCS AgetTS AreqTS a4 a3 a2 a1 Astart <i> <i> <i> <i> <tsid.all> <i> <tsid.all> <i> <i> malicious_reservoir malS4 malS3 malA5 malA4 SstopAbort AstopAbort n6 n5 s3 s4 Sperform AendCS AstartCS a5 a4 AstopOK <i> <i> <tsid.all, i> <i> <i> <i> <i> <tsid.all, i><i, tsid.all> <i, tsid.all> <tsid.all, i><i, tsid.all> <i> <i> <i> <i> <i> <i> <i> <i> malicious_reservoir malC1 malS6 malS5 malS4 CstopAbort SstopAbort n9 n8 n7 CgenCertif CsendTS1 c1 Cstarts4 s5 s6 SstopOK SreqTS SgetTS ScertCS CstopOK
F.Kordon-UniversitéP.&M.Curie-CC2016 Modeling the protocol (step 1) 7 Types and variables type tsid is 0..L; type tsidxtsid is <tsid, tsid>; var i in tsid; <i> <i> <i> <i><i> <i> <i> <tsid.all> <i> <tsid.all> <tsid.all> <i> <tsid.all> <i> <i> malicious_reservoir malS3 malS2 malS1 malA3 malA4 malA2 malA1 n4 n3 n2 n1 Sstart s2 s3 SsendTS SackCS AackCS AreqCS AgetTS AreqTS a4 a3 a2 a1 Astart <i> <i> <i> <i> <tsid.all> <i> <tsid.all> <i> <i> malicious_reservoir malS4 malS3 malA5 malA4 SstopAbort AstopAbort n6 n5 s3 s4 Sperform AendCS AstartCS a5 a4 AstopOK <i> <i> <tsid.all, i> <i> <i> <i> <i> <tsid.all, i><i, tsid.all> <i, tsid.all> <tsid.all, i><i, tsid.all> <i> <i> <i> <i> <i> <i> <i> <i> malicious_reservoir malC1 malS6 malS5 malS4 CstopAbort SstopAbort n9 n8 n7 CgenCertif CsendTS1 c1 Cstarts4 s5 s6 SstopOK SreqTS SgetTS ScertCS CstopOK ●
F.Kordon-UniversitéP.&M.Curie-CC2016 Modeling the protocol (step 1) 7 Types and variables type tsid is 0..L; type tsidxtsid is <tsid, tsid>; var i in tsid; <i> <i> <i> <i><i> <i> <i> <tsid.all> <i> <tsid.all> <tsid.all> <i> <tsid.all> <i> <i> malicious_reservoir malS3 malS2 malS1 malA3 malA4 malA2 malA1 n4 n3 n2 n1 Sstart s2 s3 SsendTS SackCS AackCS AreqCS AgetTS AreqTS a4 a3 a2 a1 Astart <i> <i> <i> <i> <tsid.all> <i> <tsid.all> <i> <i> malicious_reservoir malS4 malS3 malA5 malA4 SstopAbort AstopAbort n6 n5 s3 s4 Sperform AendCS AstartCS a5 a4 AstopOK <i> <i> <tsid.all, i> <i> <i> <i> <i> <tsid.all, i><i, tsid.all> <i, tsid.all> <tsid.all, i><i, tsid.all> <i> <i> <i> <i> <i> <i> <i> <i> malicious_reservoir malC1 malS6 malS5 malS4 CstopAbort SstopAbort n9 n8 n7 CgenCertif CsendTS1 c1 Cstarts4 s5 s6 SstopOK SreqTS SgetTS ScertCS CstopOK ● <tsid.all>
F.Kordon-UniversitéP.&M.Curie-CC2016 Modeling the protocol (step 1) 7 Types and variables type tsid is 0..L; type tsidxtsid is <tsid, tsid>; var i in tsid; <i> <i> <i> <i><i> <i> <i> <tsid.all> <i> <tsid.all> <tsid.all> <i> <tsid.all> <i> <i> malicious_reservoir malS3 malS2 malS1 malA3 malA4 malA2 malA1 n4 n3 n2 n1 Sstart s2 s3 SsendTS SackCS AackCS AreqCS AgetTS AreqTS a4 a3 a2 a1 Astart <i> <i> <i> <i> <tsid.all> <i> <tsid.all> <i> <i> malicious_reservoir malS4 malS3 malA5 malA4 SstopAbort AstopAbort n6 n5 s3 s4 Sperform AendCS AstartCS a5 a4 AstopOK <i> <i> <tsid.all, i> <i> <i> <i> <i> <tsid.all, i><i, tsid.all> <i, tsid.all> <tsid.all, i><i, tsid.all> <i> <i> <i> <i> <i> <i> <i> <i> malicious_reservoir malC1 malS6 malS5 malS4 CstopAbort SstopAbort n9 n8 n7 CgenCertif CsendTS1 c1 Cstarts4 s5 s6 SstopOK SreqTS SgetTS ScertCS CstopOK ● <tsid.all> Px●
F.Kordon-UniversitéP.&M.Curie-CC2016 Modeling the protocol (step 1) 7 <i> <i> <i> <i><i> <i> <i> <tsid.all> <i> <tsid.all> <tsid.all> <i> <tsid.all> <i> <i> malicious_reservoir malS3 malS2 malS1 malA3 malA4 malA2 malA1 n4 n3 n2 n1 Sstart s2 s3 SsendTS SackCS AackCS AreqCS AgetTS AreqTS a4 a3 a2 a1 Astart <i> <i> <i> <i> <tsid.all> <i> <tsid.all> <i> <i> malicious_reservoir malS4 malS3 malA5 malA4 SstopAbort AstopAbort n6 n5 s3 s4 Sperform AendCS AstartCS a5 a4 AstopOK <i> <i> <tsid.all, i> <i> <i> <i> <i> <tsid.all, i><i, tsid.all> <i, tsid.all> <tsid.all, i><i, tsid.all> <i> <i> <i> <i> <i> <i> <i> <i> malicious_reservoir malC1 malS6 malS5 malS4 CstopAbort SstopAbort n9 n8 n7 CgenCertif CsendTS1 c1 Cstarts4 s5 s6 SstopOK SreqTS SgetTS ScertCS CstopOK Fok = |SstopOK| = L + 1 |CstopOK| = L + 1 Fok = |SstopOK| > L 2 ^ |CstopOK| > L 2
F.Kordon-UniversitéP.&M.Curie-CC2016 Modeling the protocol (step 1) 7 <i> <i> <i> <i><i> <i> <i> <tsid.all> <i> <tsid.all> <tsid.all> <i> <tsid.all> <i> <i> malicious_reservoir malS3 malS2 malS1 malA3 malA4 malA2 malA1 n4 n3 n2 n1 Sstart s2 s3 SsendTS SackCS AackCS AreqCS AgetTS AreqTS a4 a3 a2 a1 Astart <i> <i> <i> <i> <tsid.all> <i> <tsid.all> <i> <i> malicious_reservoir malS4 malS3 malA5 malA4 SstopAbort AstopAbort n6 n5 s3 s4 Sperform AendCS AstartCS a5 a4 AstopOK <i> <i> <tsid.all, i> <i> <i> <i> <i> <tsid.all, i><i, tsid.all> <i, tsid.all> <tsid.all, i><i, tsid.all> <i> <i> <i> <i> <i> <i> <i> <i> malicious_reservoir malC1 malS6 malS5 malS4 CstopAbort SstopAbort n9 n8 n7 CgenCertif CsendTS1 c1 Cstarts4 s5 s6 SstopOK SreqTS SgetTS ScertCS CstopOK Fok = |SstopOK| = L + 1 |CstopOK| = L + 1 Fabort = |SstopAbort| > 0 |CstopAbort| > 0 Fabort = |SstopAbort| > L 2 _ |CstopAbort| > L 2
F.Kordon-UniversitéP.&M.Curie-CC2016 Modeling the protocol (step 1) 7 <i> <i> <i> <i><i> <i> <i> <tsid.all> <i> <tsid.all> <tsid.all> <i> <tsid.all> <i> <i> malicious_reservoir malS3 malS2 malS1 malA3 malA4 malA2 malA1 n4 n3 n2 n1 Sstart s2 s3 SsendTS SackCS AackCS AreqCS AgetTS AreqTS a4 a3 a2 a1 Astart <i> <i> <i> <i> <tsid.all> <i> <tsid.all> <i> <i> malicious_reservoir malS4 malS3 malA5 malA4 SstopAbort AstopAbort n6 n5 s3 s4 Sperform AendCS AstartCS a5 a4 AstopOK <i> <i> <tsid.all, i> <i> <i> <i> <i> <tsid.all, i><i, tsid.all> <i, tsid.all> <tsid.all, i><i, tsid.all> <i> <i> <i> <i> <i> <i> <i> <i> malicious_reservoir malC1 malS6 malS5 malS4 CstopAbort SstopAbort n9 n8 n7 CgenCertif CsendTS1 c1 Cstarts4 s5 s6 SstopOK SreqTS SgetTS ScertCS CstopOK FabortFokAF( _ )) Fok = |SstopOK| = L + 1 |CstopOK| = L + 1 Fabort = |SstopAbort| > 0 |CstopAbort| > 0
F.Kordon-UniversitéP.&M.Curie-CC2016 Verifying the perfect world About the complexity of the state space Roughly 10L states 1 state= 13 int + 17 multistep ⇒ memory problem to check for L=32 8 1E+02 1E+04 1E+06 1E+08 1E+10 1E+12 1E+14 1E+16 1E+18 1E+20 1E+22 2 4 6 8 10 12 14 16 18 20 22 Numberofstates Leaf set size Size of the state space Reachability graph Symb. reach. graph
F.Kordon-UniversitéP.&M.Curie-CC2016 Verifying the perfect world About the complexity of the state space Roughly 10L states 1 state= 13 int + 17 multistep ⇒ memory problem to check for L=32 GreatSPN (use of symmetries) L=24 fails after 11h45mn of CPU (costly canonisation function) ‣ Implementation limit = size of a hash table 8 1E+02 1E+04 1E+06 1E+08 1E+10 1E+12 1E+14 1E+16 1E+18 1E+20 1E+22 2 4 6 8 10 12 14 16 18 20 22 Numberofstates Leaf set size Size of the state space Reachability graph Symb. reach. graph
F.Kordon-UniversitéP.&M.Curie-CC2016 Verifying the perfect world About the complexity of the state space Roughly 10L states 1 state= 13 int + 17 multistep ⇒ memory problem to check for L=32 GreatSPN (use of symmetries) L=24 fails after 11h45mn of CPU (costly canonisation function) ‣ Implementation limit = size of a hash table PNXDD (decision diagrams + variable ordering) Unfolding to P/T nets L=10 fails after 3h20mn (memory overflow > 16GB) 8
F.Kordon-UniversitéP.&M.Curie-CC2016 Verifying the perfect world About the complexity of the state space Roughly 10L states 1 state= 13 int + 17 multistep ⇒ memory problem to check for L=32 GreatSPN (use of symmetries) L=24 fails after 11h45mn of CPU (costly canonisation function) ‣ Implementation limit = size of a hash table PNXDD (decision diagrams + variable ordering) Unfolding to P/T nets L=10 fails after 3h20mn (memory overflow > 16GB) ITS-Tools (hierarchical decision diagrams) Completed for L=32 in less than one minute ‣ Handling of symmetries in the system by means of a dedicated encoding 8
F.Kordon-UniversitéP.&M.Curie-CC2016 Verifying the perfect world 8 http://cosyverif.org
F.Kordon-UniversitéP.&M.Curie-CC2016 Probabilistic analysis (step 2) Classical approach of the domain Based on p, probability of node failure ‣ Hypotheses required ‣ Diversity routing to avoid coalitions 9
F.Kordon-UniversitéP.&M.Curie-CC2016 Probabilistic analysis (step 2) Classical approach of the domain Based on p, probability of node failure ‣ Hypotheses required ‣ Diversity routing to avoid coalitions Origin of problems Source 1 → failure of the protocol ‣ No answer to A + no ack to A ‣ Interactions between A, S (leafset) Source 2 → inappropriate certificate ‣ Lost of a certificate (inconsistency) ‣ Interactions between S (leafset) and C (leafset) 9
F.Kordon-UniversitéP.&M.Curie-CC2016 Probabilistic analysis (step 2) Classical approach of the domain Based on p, probability of node failure ‣ Hypotheses required ‣ Diversity routing to avoid coalitions Origin of problems Source 1 → failure of the protocol ‣ No answer to A + no ack to A ‣ Interactions between A, S (leafset) Source 2 → inappropriate certificate ‣ Lost of a certificate (inconsistency) ‣ Interactions between S (leafset) and C (leafset) 9 Numerical applicationsp = 0.3 («untrusted»)
P = 0.05 («trusted»)
F.Kordon-UniversitéP.&M.Curie-CC2016 Formulas and experimental values Protocol failure More that L/2 nodes are malicious The formula: 10 PL+1 i=1 L+1 i pi (1 p)L+1 i PL 2 i=1 L+1 i pi (1 p)L+1 i at most L+1 malicious nodes at most L/2 malicious nodes ⎞ ⎟ ⎟ ⎟ ⎟ ⎟ ⎟ ⎟ ⎟ ⎟ ⎠ ⎞ ⎟ ⎟ ⎟ ⎟ ⎟ ⎟ ⎟ ⎟ ⎟ ⎠
F.Kordon-UniversitéP.&M.Curie-CC2016 Formulas and experimental values Protocol failure More that L/2 nodes are malicious The formula: 10 PL+1 i=1 L+1 i pi (1 p)L+1 i PL 2 i=1 L+1 i pi (1 p)L+1 i at most L+1 malicious nodes at most L/2 malicious nodes ⎞ ⎟ ⎟ ⎟ ⎟ ⎟ ⎟ ⎟ ⎟ ⎟ ⎠ ⎞ ⎟ ⎟ ⎟ ⎟ ⎟ ⎟ ⎟ ⎟ ⎟ ⎠ 1.16e-43 1 4 8 12 16 20 24 28 Amount of faulty nodes [k] CORPS 5% of faulty nodes FIGURE 5.1. Probability to have more than k malicinodes L DHT - p = 0.3 CORPS - p = 0.05 8 0.188 6.64 ⇥ 10 5 16 0.079 6.57 ⇥ 10 8 32 0.016 8.24 ⇥ 10 14 TABLE 3. Probability of failure of the transaction betweA and S From equation 5.6 we can deduce the probability thaS won’t respond to the RequestInit or won’t send thfinal ACKs as PAS = (1 P>L/2)P>|L|/2 + P>|L|/2 PAS = 2P>|L|/2 P 2 >|L|/2 (5.7 Table 3 shows the probability of failure between Aand S, for a trustset size of |L| = {8, 16, 32} nodes, andcompares a quasi CA built directly above the DHT toone built above CORPS. We consider that the worstcase is when the malicious nodes represent 30% of theDHT nodes. In
F.Kordon-UniversitéP.&M.Curie-CC2016 Formulas and experimental values Protocol failure More that L/2 nodes are malicious The formula: Inappropriate certificate generation Two parts ‣ Existence of more L/2 malicious nodes ‣ Unable to retrieve at least L/2 + 1 identical answers The formula (combines problems between S and C) 10 PL+1 i=1 L+1 i pi (1 p)L+1 i PL 2 i=1 L+1 i pi (1 p)L+1 i at most L+1 malicious nodes at most L/2 malicious nodes ⎞ ⎟ ⎟ ⎟ ⎟ ⎟ ⎟ ⎟ ⎟ ⎟ ⎠ ⎞ ⎟ ⎟ ⎟ ⎟ ⎟ ⎟ ⎟ ⎟ ⎟ ⎠ 1.16e-43 1 4 8 12 16 20 24 28 Amount of faulty nodes [k] CORPS 5% of faulty nodes FIGURE 5.1. Probability to have more than k malicinodes L DHT - p = 0.3 CORPS - p = 0.05 8 0.188 6.64 ⇥ 10 5 16 0.079 6.57 ⇥ 10 8 32 0.016 8.24 ⇥ 10 14 TABLE 3. Probability of failure of the transaction betweA and S From equation 5.6 we can deduce the probability thaS won’t respond to the RequestInit or won’t send thfinal ACKs as PAS = (1 P>L/2)P>|L|/2 + P>|L|/2 PAS = 2P>|L|/2 P 2 >|L|/2 (5.7 Table 3 shows the probability of failure between Aand S, for a trustset size of |L| = {8, 16, 32} nodes, andcompares a quasi CA built directly above the DHT toone built above CORPS. We consider that the worstcase is when the malicious nodes represent 30% of theDHT nodes. In 1 (1 P> L 2 )2
F.Kordon-UniversitéP.&M.Curie-CC2016 Formulas and experimental values Protocol failure More that L/2 nodes are malicious The formula: Inappropriate certificate generation Two parts ‣ Existence of more L/2 malicious nodes ‣ Unable to retrieve at least L/2 + 1 identical answers The formula (combines problems between S and C) 10 PL+1 i=1 L+1 i pi (1 p)L+1 i PL 2 i=1 L+1 i pi (1 p)L+1 i at most L+1 malicious nodes at most L/2 malicious nodes ⎞ ⎟ ⎟ ⎟ ⎟ ⎟ ⎟ ⎟ ⎟ ⎟ ⎠ ⎞ ⎟ ⎟ ⎟ ⎟ ⎟ ⎟ ⎟ ⎟ ⎟ ⎠ 1.16e-43 1 4 8 12 16 20 24 28 Amount of faulty nodes [k] CORPS 5% of faulty nodes FIGURE 5.1. Probability to have more than k malicinodes L DHT - p = 0.3 CORPS - p = 0.05 8 0.188 6.64 ⇥ 10 5 16 0.079 6.57 ⇥ 10 8 32 0.016 8.24 ⇥ 10 14 TABLE 3. Probability of failure of the transaction betweA and S From equation 5.6 we can deduce the probability thaS won’t respond to the RequestInit or won’t send thfinal ACKs as PAS = (1 P>L/2)P>|L|/2 + P>|L|/2 PAS = 2P>|L|/2 P 2 >|L|/2 (5.7 Table 3 shows the probability of failure between Aand S, for a trustset size of |L| = {8, 16, 32} nodes, andcompares a quasi CA built directly above the DHT toone built above CORPS. We consider that the worstcase is when the malicious nodes represent 30% of theDHT nodes. In 1 ⇣ 1 PL+1 i=1 L+1 i pi (1 p)L+1 i + PL 2 i=1 L+1 i pi (1 p)L+1 i ⌘2 1 (1 P> L 2 )2
F.Kordon-UniversitéP.&M.Curie-CC2016 Formulas and experimental values Protocol failure More that L/2 nodes are malicious The formula: Inappropriate certificate generation Two parts ‣ Existence of more L/2 malicious nodes ‣ Unable to retrieve at least L/2 + 1 identical answers The formula (combines problems between S and C) 10 PL+1 i=1 L+1 i pi (1 p)L+1 i PL 2 i=1 L+1 i pi (1 p)L+1 i at most L+1 malicious nodes at most L/2 malicious nodes ⎞ ⎟ ⎟ ⎟ ⎟ ⎟ ⎟ ⎟ ⎟ ⎟ ⎠ ⎞ ⎟ ⎟ ⎟ ⎟ ⎟ ⎟ ⎟ ⎟ ⎟ ⎠ 1.16e-43 1 4 8 12 16 20 24 28 Amount of faulty nodes [k] CORPS 5% of faulty nodes FIGURE 5.1. Probability to have more than k malicinodes L DHT - p = 0.3 CORPS - p = 0.05 8 0.188 6.64 ⇥ 10 5 16 0.079 6.57 ⇥ 10 8 32 0.016 8.24 ⇥ 10 14 TABLE 3. Probability of failure of the transaction betweA and S From equation 5.6 we can deduce the probability thaS won’t respond to the RequestInit or won’t send thfinal ACKs as PAS = (1 P>L/2)P>|L|/2 + P>|L|/2 PAS = 2P>|L|/2 P 2 >|L|/2 (5.7 Table 3 shows the probability of failure between Aand S, for a trustset size of |L| = {8, 16, 32} nodes, andcompares a quasi CA built directly above the DHT toone built above CORPS. We consider that the worstcase is when the malicious nodes represent 30% of theDHT nodes. In 1 ⇣ 1 PL+1 i=1 L+1 i pi (1 p)L+1 i + PL 2 i=1 L+1 i pi (1 p)L+1 i ⌘2 1 (1 P> L 2 )2 L DHT - p = 0.3 CORPS - p = 0.058 0.216 4.97 ⇥ 10 4 16 0.075 3.50 ⇥ 10 8 32 0.014 4.24 ⇥ 10 13
F.Kordon-UniversitéP.&M.Curie-CC2016 Conclusion Quasi-certification entity (elaboration + verification) Low probability of failure + Good message complexity (not discussed) 11
F.Kordon-UniversitéP.&M.Curie-CC2016 Conclusion Quasi-certification entity (elaboration + verification) Low probability of failure + Good message complexity (not discussed) 11 Application to digital tax filling in France ‣ 36.5 M revenues declarations (in 2012) ‣ a wrong tax certificate every 5132 years ‣ lost of a tax certificate every 997 years
F.Kordon-UniversitéP.&M.Curie-CC2016 Conclusion Quasi-certification entity (elaboration + verification) Low probability of failure + Good message complexity (not discussed) 3 years of work (details recently fixed) ‣ Work partially published in TrustCom’2013 ‣ Without formal proof (there was yet glitches details with hypotheses) 11 Application to digital tax filling in France ‣ 36.5 M revenues declarations (in 2012) ‣ a wrong tax certificate every 5132 years ‣ lost of a tax certificate every 997 years
F.Kordon-UniversitéP.&M.Curie-CC2016 Conclusion Quasi-certification entity (elaboration + verification) Low probability of failure + Good message complexity (not discussed) 3 years of work (details recently fixed) ‣ Work partially published in TrustCom’2013 ‣ Without formal proof (there was yet glitches details with hypotheses) Realistic problem with applicability to e-government Probably numerous applications in the future The model is now a metric for the Model Checking Contest Potential applicability for Symmetric Nets with Bags ‣ Excellent playground for this type of problems 11 Application to digital tax filling in France ‣ 36.5 M revenues declarations (in 2012) ‣ a wrong tax certificate every 5132 years ‣ lost of a tax certificate every 997 years
Building a quasi-certification entity over DHTs

Recommended

Escale littorale
Escale littorale Escale littorale
Escale littoraleLes Interconnectés
 
Mon Alfortville l’innovation à 360° - Forum des Interconnectés 2016
Mon Alfortville l’innovation à 360° - Forum des Interconnectés 2016Mon Alfortville l’innovation à 360° - Forum des Interconnectés 2016
Mon Alfortville l’innovation à 360° - Forum des Interconnectés 2016Les Interconnectés
 
Muséotopia et Gassendi Curiosity, des applications intéractives pour être act...
Muséotopia et Gassendi Curiosity, des applications intéractives pour être act...Muséotopia et Gassendi Curiosity, des applications intéractives pour être act...
Muséotopia et Gassendi Curiosity, des applications intéractives pour être act...Les Interconnectés
 
Minalogic - Expériences digitales et dynamisation des centres-villes
Minalogic - Expériences digitales et dynamisation des centres-villesMinalogic - Expériences digitales et dynamisation des centres-villes
Minalogic - Expériences digitales et dynamisation des centres-villesLes Interconnectés
 
Eolien Flottant #3 - Le déploiement de l’éolien offshore flottant en France C...
Eolien Flottant #3 - Le déploiement de l’éolien offshore flottant en France C...Eolien Flottant #3 - Le déploiement de l’éolien offshore flottant en France C...
Eolien Flottant #3 - Le déploiement de l’éolien offshore flottant en France C...EnerGaïa
 
Services numérique à la population - Ville de Mulhouse
Services numérique à la population - Ville de MulhouseServices numérique à la population - Ville de Mulhouse
Services numérique à la population - Ville de MulhouseLes Interconnectés
 
SQLite with a Fine-Toothed Comb
SQLite with a Fine-Toothed CombSQLite with a Fine-Toothed Comb
SQLite with a Fine-Toothed CombPôle Systematic Paris-Region
 
Bienvenue en territoire innovant - Grand Dax
Bienvenue en territoire innovant - Grand DaxBienvenue en territoire innovant - Grand Dax
Bienvenue en territoire innovant - Grand DaxLes Interconnectés
 

Recommended

Escale littorale
Escale littorale Escale littorale
Escale littoraleLes Interconnectés
 
Mon Alfortville l’innovation à 360° - Forum des Interconnectés 2016
Mon Alfortville l’innovation à 360° - Forum des Interconnectés 2016Mon Alfortville l’innovation à 360° - Forum des Interconnectés 2016
Mon Alfortville l’innovation à 360° - Forum des Interconnectés 2016Les Interconnectés
 
Muséotopia et Gassendi Curiosity, des applications intéractives pour être act...
Muséotopia et Gassendi Curiosity, des applications intéractives pour être act...Muséotopia et Gassendi Curiosity, des applications intéractives pour être act...
Muséotopia et Gassendi Curiosity, des applications intéractives pour être act...Les Interconnectés
 
Minalogic - Expériences digitales et dynamisation des centres-villes
Minalogic - Expériences digitales et dynamisation des centres-villesMinalogic - Expériences digitales et dynamisation des centres-villes
Minalogic - Expériences digitales et dynamisation des centres-villesLes Interconnectés
 
Eolien Flottant #3 - Le déploiement de l’éolien offshore flottant en France C...
Eolien Flottant #3 - Le déploiement de l’éolien offshore flottant en France C...Eolien Flottant #3 - Le déploiement de l’éolien offshore flottant en France C...
Eolien Flottant #3 - Le déploiement de l’éolien offshore flottant en France C...EnerGaïa
 
Services numérique à la population - Ville de Mulhouse
Services numérique à la population - Ville de MulhouseServices numérique à la population - Ville de Mulhouse
Services numérique à la population - Ville de MulhouseLes Interconnectés
 
SQLite with a Fine-Toothed Comb
SQLite with a Fine-Toothed CombSQLite with a Fine-Toothed Comb
SQLite with a Fine-Toothed CombPôle Systematic Paris-Region
 
Bienvenue en territoire innovant - Grand Dax
Bienvenue en territoire innovant - Grand DaxBienvenue en territoire innovant - Grand Dax
Bienvenue en territoire innovant - Grand DaxLes Interconnectés
 
Observatoire territorial par le wifi public - Eurométropole de Strasbourg
Observatoire territorial par le wifi public - Eurométropole de StrasbourgObservatoire territorial par le wifi public - Eurométropole de Strasbourg
Observatoire territorial par le wifi public - Eurométropole de StrasbourgLes Interconnectés
 
COLLINES D'ARTOIS 14 - 18 - Jérôme Janicki
COLLINES D'ARTOIS 14 - 18 - Jérôme JanickiCOLLINES D'ARTOIS 14 - 18 - Jérôme Janicki
COLLINES D'ARTOIS 14 - 18 - Jérôme JanickiLes Interconnectés
 
Perche 2.8
Perche 2.8Perche 2.8
Perche 2.8Les Interconnectés
 
Rando jeu
Rando jeuRando jeu
Rando jeuLes Interconnectés
 
e-tipi presentation
e-tipi presentatione-tipi presentation
e-tipi presentatione-tipi
 
Coda by-simplon - Alès agglo et Maison de l'emploi
Coda by-simplon - Alès agglo et Maison de l'emploiCoda by-simplon - Alès agglo et Maison de l'emploi
Coda by-simplon - Alès agglo et Maison de l'emploiLes Interconnectés
 
#SMPS2016 Présentation des pôles de compétitivité
#SMPS2016 Présentation des pôles de compétitivité#SMPS2016 Présentation des pôles de compétitivité
#SMPS2016 Présentation des pôles de compétitivitéPôle Systematic Paris-Region
 
Syne - Garde d'enfants 3.0
Syne - Garde d'enfants 3.0Syne - Garde d'enfants 3.0
Syne - Garde d'enfants 3.0Les Interconnectés
 
créativeshare
créativesharecréativeshare
créativeshareJulien Bidet-Emeriau
 
Habitants, Lieux, Mémoires (HLM) - Grand Projet des Villes Rive Droite
Habitants, Lieux, Mémoires (HLM) - Grand Projet des Villes Rive DroiteHabitants, Lieux, Mémoires (HLM) - Grand Projet des Villes Rive Droite
Habitants, Lieux, Mémoires (HLM) - Grand Projet des Villes Rive DroiteLes Interconnectés
 
µfab lab par Serious Gaming Consulting
µfab lab par Serious Gaming Consultingµfab lab par Serious Gaming Consulting
µfab lab par Serious Gaming ConsultingLes Interconnectés
 
Monsieur Aristide
Monsieur AristideMonsieur Aristide
Monsieur AristideLes Interconnectés
 
Pays de Châteaubriant - Les pratiques collaboratives
Pays de Châteaubriant - Les pratiques collaborativesPays de Châteaubriant - Les pratiques collaboratives
Pays de Châteaubriant - Les pratiques collaborativesLes Interconnectés
 
OpenDataSoft - Mathieu Caps - Open Innovation et territoires
OpenDataSoft - Mathieu Caps - Open Innovation et territoires OpenDataSoft - Mathieu Caps - Open Innovation et territoires
OpenDataSoft - Mathieu Caps - Open Innovation et territoiresLes Interconnectés
 
Eolien Flottant #5 - Les Eoliennes flottantes du golfe du Lion
Eolien Flottant #5 - Les Eoliennes flottantes du golfe du LionEolien Flottant #5 - Les Eoliennes flottantes du golfe du Lion
Eolien Flottant #5 - Les Eoliennes flottantes du golfe du LionEnerGaïa
 
PAVIC - Plateforme Aménagement Ville Intelligente et Connectée
PAVIC - Plateforme Aménagement Ville Intelligente et ConnectéePAVIC - Plateforme Aménagement Ville Intelligente et Connectée
PAVIC - Plateforme Aménagement Ville Intelligente et ConnectéeLes Interconnectés
 
L'Etabli - Université du temps libre Landes Côte Sud
L'Etabli - Université du temps libre Landes Côte SudL'Etabli - Université du temps libre Landes Côte Sud
L'Etabli - Université du temps libre Landes Côte SudLes Interconnectés
 
Open Odyssey - Créateur d'effervescence
Open Odyssey - Créateur d'effervescenceOpen Odyssey - Créateur d'effervescence
Open Odyssey - Créateur d'effervescenceLes Interconnectés
 
Redecentralizing the Web: IPFS and Filecoin
Redecentralizing the Web: IPFS and FilecoinRedecentralizing the Web: IPFS and Filecoin
Redecentralizing the Web: IPFS and FilecoinFacultad de Informática UCM
 
Information system security wk5-1-pki
Information system security wk5-1-pkiInformation system security wk5-1-pki
Information system security wk5-1-pkiBee Lalita
 
GNATcoverage/GNATemulator launch
GNATcoverage/GNATemulator launchGNATcoverage/GNATemulator launch
GNATcoverage/GNATemulator launchAdaCore
 
PacNOG 22: Intrusion in cybsecurity - observations from Honeynet data
PacNOG 22: Intrusion in cybsecurity - observations from Honeynet dataPacNOG 22: Intrusion in cybsecurity - observations from Honeynet data
PacNOG 22: Intrusion in cybsecurity - observations from Honeynet dataAPNIC
 

More Related Content

Viewers also liked

Observatoire territorial par le wifi public - Eurométropole de Strasbourg
Observatoire territorial par le wifi public - Eurométropole de StrasbourgObservatoire territorial par le wifi public - Eurométropole de Strasbourg
Observatoire territorial par le wifi public - Eurométropole de StrasbourgLes Interconnectés
 
COLLINES D'ARTOIS 14 - 18 - Jérôme Janicki
COLLINES D'ARTOIS 14 - 18 - Jérôme JanickiCOLLINES D'ARTOIS 14 - 18 - Jérôme Janicki
COLLINES D'ARTOIS 14 - 18 - Jérôme JanickiLes Interconnectés
 
e-tipi presentation
e-tipi presentatione-tipi presentation
e-tipi presentatione-tipi
 
Coda by-simplon - Alès agglo et Maison de l'emploi
Coda by-simplon - Alès agglo et Maison de l'emploiCoda by-simplon - Alès agglo et Maison de l'emploi
Coda by-simplon - Alès agglo et Maison de l'emploiLes Interconnectés
 
#SMPS2016 Présentation des pôles de compétitivité
#SMPS2016 Présentation des pôles de compétitivité#SMPS2016 Présentation des pôles de compétitivité
#SMPS2016 Présentation des pôles de compétitivitéPôle Systematic Paris-Region
 
Habitants, Lieux, Mémoires (HLM) - Grand Projet des Villes Rive Droite
Habitants, Lieux, Mémoires (HLM) - Grand Projet des Villes Rive DroiteHabitants, Lieux, Mémoires (HLM) - Grand Projet des Villes Rive Droite
Habitants, Lieux, Mémoires (HLM) - Grand Projet des Villes Rive DroiteLes Interconnectés
 
µfab lab par Serious Gaming Consulting
µfab lab par Serious Gaming Consultingµfab lab par Serious Gaming Consulting
µfab lab par Serious Gaming ConsultingLes Interconnectés
 
Pays de Châteaubriant - Les pratiques collaboratives
Pays de Châteaubriant - Les pratiques collaborativesPays de Châteaubriant - Les pratiques collaboratives
Pays de Châteaubriant - Les pratiques collaborativesLes Interconnectés
 
OpenDataSoft - Mathieu Caps - Open Innovation et territoires
OpenDataSoft - Mathieu Caps - Open Innovation et territoires OpenDataSoft - Mathieu Caps - Open Innovation et territoires
OpenDataSoft - Mathieu Caps - Open Innovation et territoiresLes Interconnectés
 
Eolien Flottant #5 - Les Eoliennes flottantes du golfe du Lion
Eolien Flottant #5 - Les Eoliennes flottantes du golfe du LionEolien Flottant #5 - Les Eoliennes flottantes du golfe du Lion
Eolien Flottant #5 - Les Eoliennes flottantes du golfe du LionEnerGaïa
 
PAVIC - Plateforme Aménagement Ville Intelligente et Connectée
PAVIC - Plateforme Aménagement Ville Intelligente et ConnectéePAVIC - Plateforme Aménagement Ville Intelligente et Connectée
PAVIC - Plateforme Aménagement Ville Intelligente et ConnectéeLes Interconnectés
 
L'Etabli - Université du temps libre Landes Côte Sud
L'Etabli - Université du temps libre Landes Côte SudL'Etabli - Université du temps libre Landes Côte Sud
L'Etabli - Université du temps libre Landes Côte SudLes Interconnectés
 
Open Odyssey - Créateur d'effervescence
Open Odyssey - Créateur d'effervescenceOpen Odyssey - Créateur d'effervescence
Open Odyssey - Créateur d'effervescenceLes Interconnectés
 

Viewers also liked (18)

Observatoire territorial par le wifi public - Eurométropole de Strasbourg
Observatoire territorial par le wifi public - Eurométropole de StrasbourgObservatoire territorial par le wifi public - Eurométropole de Strasbourg
Observatoire territorial par le wifi public - Eurométropole de Strasbourg
 
COLLINES D'ARTOIS 14 - 18 - Jérôme Janicki
COLLINES D'ARTOIS 14 - 18 - Jérôme JanickiCOLLINES D'ARTOIS 14 - 18 - Jérôme Janicki
COLLINES D'ARTOIS 14 - 18 - Jérôme Janicki
 
Perche 2.8
Perche 2.8Perche 2.8
Perche 2.8
 
Rando jeu
Rando jeuRando jeu
Rando jeu
 
e-tipi presentation
e-tipi presentatione-tipi presentation
e-tipi presentation
 
Coda by-simplon - Alès agglo et Maison de l'emploi
Coda by-simplon - Alès agglo et Maison de l'emploiCoda by-simplon - Alès agglo et Maison de l'emploi
Coda by-simplon - Alès agglo et Maison de l'emploi
 
#SMPS2016 Présentation des pôles de compétitivité
#SMPS2016 Présentation des pôles de compétitivité#SMPS2016 Présentation des pôles de compétitivité
#SMPS2016 Présentation des pôles de compétitivité
 
Syne - Garde d'enfants 3.0
Syne - Garde d'enfants 3.0Syne - Garde d'enfants 3.0
Syne - Garde d'enfants 3.0
 
créativeshare
créativesharecréativeshare
créativeshare
 
Habitants, Lieux, Mémoires (HLM) - Grand Projet des Villes Rive Droite
Habitants, Lieux, Mémoires (HLM) - Grand Projet des Villes Rive DroiteHabitants, Lieux, Mémoires (HLM) - Grand Projet des Villes Rive Droite
Habitants, Lieux, Mémoires (HLM) - Grand Projet des Villes Rive Droite
 
µfab lab par Serious Gaming Consulting
µfab lab par Serious Gaming Consultingµfab lab par Serious Gaming Consulting
µfab lab par Serious Gaming Consulting
 
Monsieur Aristide
Monsieur AristideMonsieur Aristide
Monsieur Aristide
 
Pays de Châteaubriant - Les pratiques collaboratives
Pays de Châteaubriant - Les pratiques collaborativesPays de Châteaubriant - Les pratiques collaboratives
Pays de Châteaubriant - Les pratiques collaboratives
 
OpenDataSoft - Mathieu Caps - Open Innovation et territoires
OpenDataSoft - Mathieu Caps - Open Innovation et territoires OpenDataSoft - Mathieu Caps - Open Innovation et territoires
OpenDataSoft - Mathieu Caps - Open Innovation et territoires
 
Eolien Flottant #5 - Les Eoliennes flottantes du golfe du Lion
Eolien Flottant #5 - Les Eoliennes flottantes du golfe du LionEolien Flottant #5 - Les Eoliennes flottantes du golfe du Lion
Eolien Flottant #5 - Les Eoliennes flottantes du golfe du Lion
 
PAVIC - Plateforme Aménagement Ville Intelligente et Connectée
PAVIC - Plateforme Aménagement Ville Intelligente et ConnectéePAVIC - Plateforme Aménagement Ville Intelligente et Connectée
PAVIC - Plateforme Aménagement Ville Intelligente et Connectée
 
L'Etabli - Université du temps libre Landes Côte Sud
L'Etabli - Université du temps libre Landes Côte SudL'Etabli - Université du temps libre Landes Côte Sud
L'Etabli - Université du temps libre Landes Côte Sud
 
Open Odyssey - Créateur d'effervescence
Open Odyssey - Créateur d'effervescenceOpen Odyssey - Créateur d'effervescence
Open Odyssey - Créateur d'effervescence
 

Similar to Building a quasi-certification entity over DHTs

Information system security wk5-1-pki
Information system security wk5-1-pkiInformation system security wk5-1-pki
Information system security wk5-1-pkiBee Lalita
 
GNATcoverage/GNATemulator launch
GNATcoverage/GNATemulator launchGNATcoverage/GNATemulator launch
GNATcoverage/GNATemulator launchAdaCore
 
PacNOG 22: Intrusion in cybsecurity - observations from Honeynet data
PacNOG 22: Intrusion in cybsecurity - observations from Honeynet dataPacNOG 22: Intrusion in cybsecurity - observations from Honeynet data
PacNOG 22: Intrusion in cybsecurity - observations from Honeynet dataAPNIC
 
Critical software developement
Critical software developementCritical software developement
Critical software developementnedseb
 
On the Persistence of Persistent Identifiers of the Scholarly Web
On the Persistence of Persistent Identifiers of the Scholarly Web On the Persistence of Persistent Identifiers of the Scholarly Web
On the Persistence of Persistent Identifiers of the Scholarly WebMartin Klein
 
Indicators of Compromise Magic: Living with compromise
Indicators of Compromise Magic: Living with compromiseIndicators of Compromise Magic: Living with compromise
Indicators of Compromise Magic: Living with compromiseF _
 
ClearTH Test Automation Framework: Case Study in IRS & CDS Swaps Lifecycle Mo...
ClearTH Test Automation Framework: Case Study in IRS & CDS Swaps Lifecycle Mo...ClearTH Test Automation Framework: Case Study in IRS & CDS Swaps Lifecycle Mo...
ClearTH Test Automation Framework: Case Study in IRS & CDS Swaps Lifecycle Mo...Iosif Itkin
 
From 4 releases per year to 104 Joakim Lindbom - Redhat Summit 2020
From 4 releases per year to 104 Joakim Lindbom - Redhat Summit 2020From 4 releases per year to 104 Joakim Lindbom - Redhat Summit 2020
From 4 releases per year to 104 Joakim Lindbom - Redhat Summit 2020Joakim Lindbom
 
3rd Party Risk Assessments
3rd Party Risk Assessments3rd Party Risk Assessments
3rd Party Risk AssessmentsMoey
 
ET4045-2-cryptography-3
ET4045-2-cryptography-3ET4045-2-cryptography-3
ET4045-2-cryptography-3Tutun Juhana
 
“Create your own cryptocurrency in an hour” - Sandip Pandey
“Create your own cryptocurrency in an hour” - Sandip Pandey“Create your own cryptocurrency in an hour” - Sandip Pandey
“Create your own cryptocurrency in an hour” - Sandip PandeyEIT Digital Alumni
 
ACIT Mumbai - Open Systems Interconnect
ACIT Mumbai - Open Systems InterconnectACIT Mumbai - Open Systems Interconnect
ACIT Mumbai - Open Systems InterconnectSleek International
 
Point Nine Transaction Reporting
Point Nine Transaction Reporting Point Nine Transaction Reporting
Point Nine Transaction Reporting Andreas Roussos
 

Similar to Building a quasi-certification entity over DHTs (20)

Redecentralizing the Web: IPFS and Filecoin
Redecentralizing the Web: IPFS and FilecoinRedecentralizing the Web: IPFS and Filecoin
Redecentralizing the Web: IPFS and Filecoin
 
Information system security wk5-1-pki
Information system security wk5-1-pkiInformation system security wk5-1-pki
Information system security wk5-1-pki
 
GNATcoverage/GNATemulator launch
GNATcoverage/GNATemulator launchGNATcoverage/GNATemulator launch
GNATcoverage/GNATemulator launch
 
PacNOG 22: Intrusion in cybsecurity - observations from Honeynet data
PacNOG 22: Intrusion in cybsecurity - observations from Honeynet dataPacNOG 22: Intrusion in cybsecurity - observations from Honeynet data
PacNOG 22: Intrusion in cybsecurity - observations from Honeynet data
 
Critical software developement
Critical software developementCritical software developement
Critical software developement
 
On the Persistence of Persistent Identifiers of the Scholarly Web
On the Persistence of Persistent Identifiers of the Scholarly Web On the Persistence of Persistent Identifiers of the Scholarly Web
On the Persistence of Persistent Identifiers of the Scholarly Web
 
Compromise Indicator Magic
Compromise Indicator MagicCompromise Indicator Magic
Compromise Indicator Magic
 
Indicators of Compromise Magic: Living with compromise
Indicators of Compromise Magic: Living with compromiseIndicators of Compromise Magic: Living with compromise
Indicators of Compromise Magic: Living with compromise
 
ClearTH Test Automation Framework: Case Study in IRS & CDS Swaps Lifecycle Mo...
ClearTH Test Automation Framework: Case Study in IRS & CDS Swaps Lifecycle Mo...ClearTH Test Automation Framework: Case Study in IRS & CDS Swaps Lifecycle Mo...
ClearTH Test Automation Framework: Case Study in IRS & CDS Swaps Lifecycle Mo...
 
From 4 releases per year to 104 Joakim Lindbom - Redhat Summit 2020
From 4 releases per year to 104 Joakim Lindbom - Redhat Summit 2020From 4 releases per year to 104 Joakim Lindbom - Redhat Summit 2020
From 4 releases per year to 104 Joakim Lindbom - Redhat Summit 2020
 
3rd Party Risk Assessments
3rd Party Risk Assessments3rd Party Risk Assessments
3rd Party Risk Assessments
 
Comments on "The Value of Revolving Doors in Brazilian Public Procurement"
Comments on "The Value of Revolving Doors in Brazilian Public Procurement"Comments on "The Value of Revolving Doors in Brazilian Public Procurement"
Comments on "The Value of Revolving Doors in Brazilian Public Procurement"
 
ABCCOM Profile1
ABCCOM Profile1ABCCOM Profile1
ABCCOM Profile1
 
FAHD ELREFAEY(1) (1)
FAHD ELREFAEY(1) (1)FAHD ELREFAEY(1) (1)
FAHD ELREFAEY(1) (1)
 
ET4045-2-cryptography-3
ET4045-2-cryptography-3ET4045-2-cryptography-3
ET4045-2-cryptography-3
 
Seminar@KRDB 2012 - Montali - Verification of Relational Data-Centric Systems...
Seminar@KRDB 2012 - Montali - Verification of Relational Data-Centric Systems...Seminar@KRDB 2012 - Montali - Verification of Relational Data-Centric Systems...
Seminar@KRDB 2012 - Montali - Verification of Relational Data-Centric Systems...
 
“Create your own cryptocurrency in an hour” - Sandip Pandey
“Create your own cryptocurrency in an hour” - Sandip Pandey“Create your own cryptocurrency in an hour” - Sandip Pandey
“Create your own cryptocurrency in an hour” - Sandip Pandey
 
ACIT Mumbai - Open Systems Interconnect
ACIT Mumbai - Open Systems InterconnectACIT Mumbai - Open Systems Interconnect
ACIT Mumbai - Open Systems Interconnect
 
ACIT Mumbai - OSI Model
ACIT Mumbai - OSI ModelACIT Mumbai - OSI Model
ACIT Mumbai - OSI Model
 
Point Nine Transaction Reporting
Point Nine Transaction Reporting Point Nine Transaction Reporting
Point Nine Transaction Reporting
 

More from Pôle Systematic Paris-Region

OSIS19_IoT :Transparent remote connectivity to short-range IoT devices, by Na...
OSIS19_IoT :Transparent remote connectivity to short-range IoT devices, by Na...OSIS19_IoT :Transparent remote connectivity to short-range IoT devices, by Na...
OSIS19_IoT :Transparent remote connectivity to short-range IoT devices, by Na...Pôle Systematic Paris-Region
 
OSIS19_Cloud : SAFC: Scheduling and Allocation Framework for Containers in a ...
OSIS19_Cloud : SAFC: Scheduling and Allocation Framework for Containers in a ...OSIS19_Cloud : SAFC: Scheduling and Allocation Framework for Containers in a ...
OSIS19_Cloud : SAFC: Scheduling and Allocation Framework for Containers in a ...Pôle Systematic Paris-Region
 
OSIS19_Cloud : Qu’apporte l’observabilité à la gestion de configuration? par ...
OSIS19_Cloud : Qu’apporte l’observabilité à la gestion de configuration? par ...OSIS19_Cloud : Qu’apporte l’observabilité à la gestion de configuration? par ...
OSIS19_Cloud : Qu’apporte l’observabilité à la gestion de configuration? par ...Pôle Systematic Paris-Region
 
OSIS19_Cloud : Performance and power management in virtualized data centers, ...
OSIS19_Cloud : Performance and power management in virtualized data centers, ...OSIS19_Cloud : Performance and power management in virtualized data centers, ...
OSIS19_Cloud : Performance and power management in virtualized data centers, ...Pôle Systematic Paris-Region
 
OSIS19_Cloud : Des objets dans le cloud, et qui y restent -- L'expérience du ...
OSIS19_Cloud : Des objets dans le cloud, et qui y restent -- L'expérience du ...OSIS19_Cloud : Des objets dans le cloud, et qui y restent -- L'expérience du ...
OSIS19_Cloud : Des objets dans le cloud, et qui y restent -- L'expérience du ...Pôle Systematic Paris-Region
 
OSIS19_Cloud : Attribution automatique de ressources pour micro-services, Alt...
OSIS19_Cloud : Attribution automatique de ressources pour micro-services, Alt...OSIS19_Cloud : Attribution automatique de ressources pour micro-services, Alt...
OSIS19_Cloud : Attribution automatique de ressources pour micro-services, Alt...Pôle Systematic Paris-Region
 
OSIS19_IoT : State of the art in security for embedded systems and IoT, by Pi...
OSIS19_IoT : State of the art in security for embedded systems and IoT, by Pi...OSIS19_IoT : State of the art in security for embedded systems and IoT, by Pi...
OSIS19_IoT : State of the art in security for embedded systems and IoT, by Pi...Pôle Systematic Paris-Region
 
Osis19_IoT: Proof of Pointer Programs with Ownership in SPARK, by Yannick Moy
Osis19_IoT: Proof of Pointer Programs with Ownership in SPARK, by Yannick MoyOsis19_IoT: Proof of Pointer Programs with Ownership in SPARK, by Yannick Moy
Osis19_IoT: Proof of Pointer Programs with Ownership in SPARK, by Yannick MoyPôle Systematic Paris-Region
 
Osis18_Cloud : Virtualisation efficace d’architectures NUMA
Osis18_Cloud : Virtualisation efficace d’architectures NUMAOsis18_Cloud : Virtualisation efficace d’architectures NUMA
Osis18_Cloud : Virtualisation efficace d’architectures NUMAPôle Systematic Paris-Region
 
Osis18_Cloud : DeepTorrent Stockage distribué perenne basé sur Bittorrent
Osis18_Cloud : DeepTorrent Stockage distribué perenne basé sur BittorrentOsis18_Cloud : DeepTorrent Stockage distribué perenne basé sur Bittorrent
Osis18_Cloud : DeepTorrent Stockage distribué perenne basé sur BittorrentPôle Systematic Paris-Region
 
OSIS18_IoT: L'approche machine virtuelle pour les microcontrôleurs, le projet...
OSIS18_IoT: L'approche machine virtuelle pour les microcontrôleurs, le projet...OSIS18_IoT: L'approche machine virtuelle pour les microcontrôleurs, le projet...
OSIS18_IoT: L'approche machine virtuelle pour les microcontrôleurs, le projet...Pôle Systematic Paris-Region
 
OSIS18_IoT: La securite des objets connectes a bas cout avec l'os et riot
OSIS18_IoT: La securite des objets connectes a bas cout avec l'os et riotOSIS18_IoT: La securite des objets connectes a bas cout avec l'os et riot
OSIS18_IoT: La securite des objets connectes a bas cout avec l'os et riotPôle Systematic Paris-Region
 
OSIS18_IoT : Solution de mise au point pour les systemes embarques, par Julio...
OSIS18_IoT : Solution de mise au point pour les systemes embarques, par Julio...OSIS18_IoT : Solution de mise au point pour les systemes embarques, par Julio...
OSIS18_IoT : Solution de mise au point pour les systemes embarques, par Julio...Pôle Systematic Paris-Region
 
OSIS18_IoT : Securisation du reseau des objets connectes, par Nicolas LE SAUZ...
OSIS18_IoT : Securisation du reseau des objets connectes, par Nicolas LE SAUZ...OSIS18_IoT : Securisation du reseau des objets connectes, par Nicolas LE SAUZ...
OSIS18_IoT : Securisation du reseau des objets connectes, par Nicolas LE SAUZ...Pôle Systematic Paris-Region
 
OSIS18_IoT : Ada and SPARK - Defense in Depth for Safe Micro-controller Progr...
OSIS18_IoT : Ada and SPARK - Defense in Depth for Safe Micro-controller Progr...OSIS18_IoT : Ada and SPARK - Defense in Depth for Safe Micro-controller Progr...
OSIS18_IoT : Ada and SPARK - Defense in Depth for Safe Micro-controller Progr...Pôle Systematic Paris-Region
 
OSIS18_IoT : RTEMS pour l'IoT professionnel, par Pierre Ficheux (Smile ECS)
OSIS18_IoT : RTEMS pour l'IoT professionnel, par Pierre Ficheux (Smile ECS)OSIS18_IoT : RTEMS pour l'IoT professionnel, par Pierre Ficheux (Smile ECS)
OSIS18_IoT : RTEMS pour l'IoT professionnel, par Pierre Ficheux (Smile ECS)Pôle Systematic Paris-Region
 
PyParis 2017 / Un mooc python, by thierry parmentelat
PyParis 2017 / Un mooc python, by thierry parmentelatPyParis 2017 / Un mooc python, by thierry parmentelat
PyParis 2017 / Un mooc python, by thierry parmentelatPôle Systematic Paris-Region
 

More from Pôle Systematic Paris-Region (20)

OSIS19_IoT :Transparent remote connectivity to short-range IoT devices, by Na...
OSIS19_IoT :Transparent remote connectivity to short-range IoT devices, by Na...OSIS19_IoT :Transparent remote connectivity to short-range IoT devices, by Na...
OSIS19_IoT :Transparent remote connectivity to short-range IoT devices, by Na...
 
OSIS19_Cloud : SAFC: Scheduling and Allocation Framework for Containers in a ...
OSIS19_Cloud : SAFC: Scheduling and Allocation Framework for Containers in a ...OSIS19_Cloud : SAFC: Scheduling and Allocation Framework for Containers in a ...
OSIS19_Cloud : SAFC: Scheduling and Allocation Framework for Containers in a ...
 
OSIS19_Cloud : Qu’apporte l’observabilité à la gestion de configuration? par ...
OSIS19_Cloud : Qu’apporte l’observabilité à la gestion de configuration? par ...OSIS19_Cloud : Qu’apporte l’observabilité à la gestion de configuration? par ...
OSIS19_Cloud : Qu’apporte l’observabilité à la gestion de configuration? par ...
 
OSIS19_Cloud : Performance and power management in virtualized data centers, ...
OSIS19_Cloud : Performance and power management in virtualized data centers, ...OSIS19_Cloud : Performance and power management in virtualized data centers, ...
OSIS19_Cloud : Performance and power management in virtualized data centers, ...
 
OSIS19_Cloud : Des objets dans le cloud, et qui y restent -- L'expérience du ...
OSIS19_Cloud : Des objets dans le cloud, et qui y restent -- L'expérience du ...OSIS19_Cloud : Des objets dans le cloud, et qui y restent -- L'expérience du ...
OSIS19_Cloud : Des objets dans le cloud, et qui y restent -- L'expérience du ...
 
OSIS19_Cloud : Attribution automatique de ressources pour micro-services, Alt...
OSIS19_Cloud : Attribution automatique de ressources pour micro-services, Alt...OSIS19_Cloud : Attribution automatique de ressources pour micro-services, Alt...
OSIS19_Cloud : Attribution automatique de ressources pour micro-services, Alt...
 
OSIS19_IoT : State of the art in security for embedded systems and IoT, by Pi...
OSIS19_IoT : State of the art in security for embedded systems and IoT, by Pi...OSIS19_IoT : State of the art in security for embedded systems and IoT, by Pi...
OSIS19_IoT : State of the art in security for embedded systems and IoT, by Pi...
 
Osis19_IoT: Proof of Pointer Programs with Ownership in SPARK, by Yannick Moy
Osis19_IoT: Proof of Pointer Programs with Ownership in SPARK, by Yannick MoyOsis19_IoT: Proof of Pointer Programs with Ownership in SPARK, by Yannick Moy
Osis19_IoT: Proof of Pointer Programs with Ownership in SPARK, by Yannick Moy
 
Osis18_Cloud : Pas de commun sans communauté ?
Osis18_Cloud : Pas de commun sans communauté ?Osis18_Cloud : Pas de commun sans communauté ?
Osis18_Cloud : Pas de commun sans communauté ?
 
Osis18_Cloud : Projet Wolphin
Osis18_Cloud : Projet Wolphin Osis18_Cloud : Projet Wolphin
Osis18_Cloud : Projet Wolphin
 
Osis18_Cloud : Virtualisation efficace d’architectures NUMA
Osis18_Cloud : Virtualisation efficace d’architectures NUMAOsis18_Cloud : Virtualisation efficace d’architectures NUMA
Osis18_Cloud : Virtualisation efficace d’architectures NUMA
 
Osis18_Cloud : DeepTorrent Stockage distribué perenne basé sur Bittorrent
Osis18_Cloud : DeepTorrent Stockage distribué perenne basé sur BittorrentOsis18_Cloud : DeepTorrent Stockage distribué perenne basé sur Bittorrent
Osis18_Cloud : DeepTorrent Stockage distribué perenne basé sur Bittorrent
 
Osis18_Cloud : Software-heritage
Osis18_Cloud : Software-heritageOsis18_Cloud : Software-heritage
Osis18_Cloud : Software-heritage
 
OSIS18_IoT: L'approche machine virtuelle pour les microcontrôleurs, le projet...
OSIS18_IoT: L'approche machine virtuelle pour les microcontrôleurs, le projet...OSIS18_IoT: L'approche machine virtuelle pour les microcontrôleurs, le projet...
OSIS18_IoT: L'approche machine virtuelle pour les microcontrôleurs, le projet...
 
OSIS18_IoT: La securite des objets connectes a bas cout avec l'os et riot
OSIS18_IoT: La securite des objets connectes a bas cout avec l'os et riotOSIS18_IoT: La securite des objets connectes a bas cout avec l'os et riot
OSIS18_IoT: La securite des objets connectes a bas cout avec l'os et riot
 
OSIS18_IoT : Solution de mise au point pour les systemes embarques, par Julio...
OSIS18_IoT : Solution de mise au point pour les systemes embarques, par Julio...OSIS18_IoT : Solution de mise au point pour les systemes embarques, par Julio...
OSIS18_IoT : Solution de mise au point pour les systemes embarques, par Julio...
 
OSIS18_IoT : Securisation du reseau des objets connectes, par Nicolas LE SAUZ...
OSIS18_IoT : Securisation du reseau des objets connectes, par Nicolas LE SAUZ...OSIS18_IoT : Securisation du reseau des objets connectes, par Nicolas LE SAUZ...
OSIS18_IoT : Securisation du reseau des objets connectes, par Nicolas LE SAUZ...
 
OSIS18_IoT : Ada and SPARK - Defense in Depth for Safe Micro-controller Progr...
OSIS18_IoT : Ada and SPARK - Defense in Depth for Safe Micro-controller Progr...OSIS18_IoT : Ada and SPARK - Defense in Depth for Safe Micro-controller Progr...
OSIS18_IoT : Ada and SPARK - Defense in Depth for Safe Micro-controller Progr...
 
OSIS18_IoT : RTEMS pour l'IoT professionnel, par Pierre Ficheux (Smile ECS)
OSIS18_IoT : RTEMS pour l'IoT professionnel, par Pierre Ficheux (Smile ECS)OSIS18_IoT : RTEMS pour l'IoT professionnel, par Pierre Ficheux (Smile ECS)
OSIS18_IoT : RTEMS pour l'IoT professionnel, par Pierre Ficheux (Smile ECS)
 
PyParis 2017 / Un mooc python, by thierry parmentelat
PyParis 2017 / Un mooc python, by thierry parmentelatPyParis 2017 / Un mooc python, by thierry parmentelat
PyParis 2017 / Un mooc python, by thierry parmentelat
 

Recently uploaded

Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 

Recently uploaded (20)

Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 

Building a quasi-certification entity over DHTs

  • 1. F.Kordon-UniversitéP.&M.Curie-CC2016 Fabrice.Kordon@lip6.fr Building and verifying a quasi-certification entity over Distributed Hash Tables Join work with X. Bonnaire, R. Cortes & O. Marin UPMC (France), UFSM (Chile), NYUS (China)
  • 2. F.Kordon-UniversitéP.&M.Curie-CC2016 Certification, why? Motivations Digital filling for tax purpose ‣ Certify that somebody did it before a given deadline Certified emails ‣ Use emails for legal purposes Online game refereeing e-voting, etc. 2
  • 3. F.Kordon-UniversitéP.&M.Curie-CC2016 Certification, why? Motivations Digital filling for tax purpose ‣ Certify that somebody did it before a given deadline Certified emails ‣ Use emails for legal purposes Online game refereeing e-voting, etc. Existing Solutions Centralized ‣ Public Key Infrastructures (traditional PKI) ‣ Scaling problem/prone to faults/implementation (atomic multicast) Decentralized ‣ Certification on top of Distributed Hash Tables (DHT) ‣ Rapidly brings Byzantine consensus (for a 100.0% guarantee) 2
  • 4. F.Kordon-UniversitéP.&M.Curie-CC2016 Certification, why? Motivations Digital filling for tax purpose ‣ Certify that somebody did it before a given deadline Certified emails ‣ Use emails for legal purposes Online game refereeing e-voting, etc. Existing Solutions Centralized ‣ Public Key Infrastructures (traditional PKI) ‣ Scaling problem/prone to faults/implementation (atomic multicast) Decentralized ‣ Certification on top of Distributed Hash Tables (DHT) ‣ Rapidly brings Byzantine consensus (for a 100.0% guarantee) 2 Objective (quasi)-certify that a given action hasbeen performed at a certain time Distributed context (DHT)
  • 5. F.Kordon-UniversitéP.&M.Curie-CC2016 DHT in a nutshell Retrieve data (key + value) put (v,k) get(k) → v 3 Large Scale Distributed System, Design Principles 47
  • 6. F.Kordon-UniversitéP.&M.Curie-CC2016 DHT in a nutshell Retrieve data (key + value) put (v,k) get(k) → v 3 Large Scale Distributed System, Design Principles 47 access in log(n) Totally decentralized + built)inredundancy for fault tolerance
  • 7. F.Kordon-UniversitéP.&M.Curie-CC2016 DHT in a nutshell Retrieve data (key + value) put (v,k) get(k) → v 3 Root node
  • 8. F.Kordon-UniversitéP.&M.Curie-CC2016 DHT in a nutshell Retrieve data (key + value) put (v,k) get(k) → v 3 Root node Leafset L close nodes (+ root)
  • 9. F.Kordon-UniversitéP.&M.Curie-CC2016 DHT in a nutshell Retrieve data (key + value) put (v,k) get(k) → v 3 Root node Leafset L close nodes (+ root) Classical values for L 8, 16, 32 (best)
  • 11. F.Kordon-UniversitéP.&M.Curie-CC2016 Quasi-certification — entities A → an actor performing a service S → leafset hash(service) offering the service 4 A S 1 - request init answers
  • 12. F.Kordon-UniversitéP.&M.Curie-CC2016 Quasi-certification — entities A → an actor performing a service S → leafset hash(service) offering the service 4 A S 1 - request init answers 2 - transaction End ack
  • 13. F.Kordon-UniversitéP.&M.Curie-CC2016 Quasi-certification — entities A → an actor performing a service S → leafset hash(service) offering the service C → certification authority leafset hash(A/service) 4 A S 1 - request init answers 2 - transaction End ack C 3 - transaction ack
  • 14. F.Kordon-UniversitéP.&M.Curie-CC2016 Quasi-certification — entities A → an actor performing a service S → leafset hash(service) offering the service C → certification authority leafset hash(A/service) 4 A S 1 - request init answers 2 - transaction End ack C 3 - transaction ack Certificate Log Entry 4 - certificate generation
  • 16. F.Kordon-UniversitéP.&M.Curie-CC2016 Quasi-certification — protocol structure 5 A S C A requests cert. service ack cert. service A requests leaf set receive leaf set 5
  • 17. F.Kordon-UniversitéP.&M.Curie-CC2016 Quasi-certification — protocol structure 5 A S C A requests cert. service ack cert. service A requests leaf set receive leaf set the service 5
  • 18. F.Kordon-UniversitéP.&M.Curie-CC2016 Quasi-certification — protocol structure 5 A S C A requests cert. service ack cert. service A requests leaf set receive leaf set the service nodes ack transaction nodes request leaf set nodes receive leaf set 5
  • 19. F.Kordon-UniversitéP.&M.Curie-CC2016 Quasi-certification — protocol structure 5 A S C A requests cert. service ack cert. service A requests leaf set receive leaf set the service nodes ack transaction nodes request leaf set nodes receive leaf set }1: A & S secure exchanges }3: S get trustset from C }2: exchanges to perform the service }4: C elaborates the side certificate 5
  • 20. F.Kordon-UniversitéP.&M.Curie-CC2016 Quasi-certification — protocol structure 5 A S C A requests cert. service ack cert. service A requests leaf set receive leaf set the service nodes ack transaction nodes request leaf set nodes receive leaf set }1: A & S secure exchanges }3: S get trustset from C }2: exchanges to perform the service }4: C elaborates the side certificate 5 Majority ⇒ L/2+1 answers
  • 21. F.Kordon-UniversitéP.&M.Curie-CC2016 Quasi-certification — protocol structure 5 A S C A requests cert. service ack cert. service A requests leaf set receive leaf set the service nodes ack transaction nodes request leaf set nodes receive leaf set }1: A & S secure exchanges }3: S get trustset from C }2: exchanges to perform the service }4: C elaborates the side certificate 5 Diversity routing To serre the leafset Majority ⇒ L/2+1 answers
  • 22. F.Kordon-UniversitéP.&M.Curie-CC2016 The verification process Proof (by any method?) Proven to be undecidable [FLP 85] 6
  • 23. F.Kordon-UniversitéP.&M.Curie-CC2016 The verification process Proof (by any method?) Proven to be undecidable [FLP 85] So what? Being pragmatic Going for «quasi» 6
  • 24. F.Kordon-UniversitéP.&M.Curie-CC2016 The verification process Proof (by any method?) Proven to be undecidable [FLP 85] So what? Being pragmatic Going for «quasi» Two steps 1. modeling the protocol in a perfect world (no error) Use of Petri nets 2. Probabilistic analysis to evaluate the failure rate Use of a classical fault model, building a formula + numeric evaluation 6
  • 25. F.Kordon-UniversitéP.&M.Curie-CC2016 Hypotheses H1: perfect world H2: service reduced to 1 interaction H3: L+1 answer requested instead of L/2+1 ‣ Symmetric net with Bags? Modeling the protocol (step 1) 7
  • 26. F.Kordon-UniversitéP.&M.Curie-CC2016 Modeling the protocol (step 1) 7 Types and variables type tsid is 0..L; type tsidxtsid is <tsid, tsid>; var i in tsid;
  • 27. F.Kordon-UniversitéP.&M.Curie-CC2016 Modeling the protocol (step 1) 7 Types and variables type tsid is 0..L; type tsidxtsid is <tsid, tsid>; var i in tsid; <i> <i> <i> <i><i> <i> <i> <tsid.all> <i> <tsid.all> <tsid.all> <i> <tsid.all> <i> <i> malicious_reservoir malS3 malS2 malS1 malA3 malA4 malA2 malA1 n4 n3 n2 n1 Sstart s2 s3 SsendTS SackCS AackCS AreqCS AgetTS AreqTS a4 a3 a2 a1 Astart
  • 28. F.Kordon-UniversitéP.&M.Curie-CC2016 Modeling the protocol (step 1) 7 Types and variables type tsid is 0..L; type tsidxtsid is <tsid, tsid>; var i in tsid; <i> <i> <i> <i><i> <i> <i> <tsid.all> <i> <tsid.all> <tsid.all> <i> <tsid.all> <i> <i> malicious_reservoir malS3 malS2 malS1 malA3 malA4 malA2 malA1 n4 n3 n2 n1 Sstart s2 s3 SsendTS SackCS AackCS AreqCS AgetTS AreqTS a4 a3 a2 a1 Astart <i> <i> <i> <i> <tsid.all> <i> <tsid.all> <i> <i> malicious_reservoir malS4 malS3 malA5 malA4 SstopAbort AstopAbort n6 n5 s3 s4 Sperform AendCS AstartCS a5 a4 AstopOK
  • 29. F.Kordon-UniversitéP.&M.Curie-CC2016 Modeling the protocol (step 1) 7 Types and variables type tsid is 0..L; type tsidxtsid is <tsid, tsid>; var i in tsid; <i> <i> <i> <i><i> <i> <i> <tsid.all> <i> <tsid.all> <tsid.all> <i> <tsid.all> <i> <i> malicious_reservoir malS3 malS2 malS1 malA3 malA4 malA2 malA1 n4 n3 n2 n1 Sstart s2 s3 SsendTS SackCS AackCS AreqCS AgetTS AreqTS a4 a3 a2 a1 Astart <i> <i> <i> <i> <tsid.all> <i> <tsid.all> <i> <i> malicious_reservoir malS4 malS3 malA5 malA4 SstopAbort AstopAbort n6 n5 s3 s4 Sperform AendCS AstartCS a5 a4 AstopOK <i> <i> <tsid.all, i> <i> <i> <i> <i> <tsid.all, i><i, tsid.all> <i, tsid.all> <tsid.all, i><i, tsid.all> <i> <i> <i> <i> <i> <i> <i> <i> malicious_reservoir malC1 malS6 malS5 malS4 CstopAbort SstopAbort n9 n8 n7 CgenCertif CsendTS1 c1 Cstarts4 s5 s6 SstopOK SreqTS SgetTS ScertCS CstopOK
  • 30. F.Kordon-UniversitéP.&M.Curie-CC2016 Modeling the protocol (step 1) 7 Types and variables type tsid is 0..L; type tsidxtsid is <tsid, tsid>; var i in tsid; <i> <i> <i> <i><i> <i> <i> <tsid.all> <i> <tsid.all> <tsid.all> <i> <tsid.all> <i> <i> malicious_reservoir malS3 malS2 malS1 malA3 malA4 malA2 malA1 n4 n3 n2 n1 Sstart s2 s3 SsendTS SackCS AackCS AreqCS AgetTS AreqTS a4 a3 a2 a1 Astart <i> <i> <i> <i> <tsid.all> <i> <tsid.all> <i> <i> malicious_reservoir malS4 malS3 malA5 malA4 SstopAbort AstopAbort n6 n5 s3 s4 Sperform AendCS AstartCS a5 a4 AstopOK <i> <i> <tsid.all, i> <i> <i> <i> <i> <tsid.all, i><i, tsid.all> <i, tsid.all> <tsid.all, i><i, tsid.all> <i> <i> <i> <i> <i> <i> <i> <i> malicious_reservoir malC1 malS6 malS5 malS4 CstopAbort SstopAbort n9 n8 n7 CgenCertif CsendTS1 c1 Cstarts4 s5 s6 SstopOK SreqTS SgetTS ScertCS CstopOK ●
  • 31. F.Kordon-UniversitéP.&M.Curie-CC2016 Modeling the protocol (step 1) 7 Types and variables type tsid is 0..L; type tsidxtsid is <tsid, tsid>; var i in tsid; <i> <i> <i> <i><i> <i> <i> <tsid.all> <i> <tsid.all> <tsid.all> <i> <tsid.all> <i> <i> malicious_reservoir malS3 malS2 malS1 malA3 malA4 malA2 malA1 n4 n3 n2 n1 Sstart s2 s3 SsendTS SackCS AackCS AreqCS AgetTS AreqTS a4 a3 a2 a1 Astart <i> <i> <i> <i> <tsid.all> <i> <tsid.all> <i> <i> malicious_reservoir malS4 malS3 malA5 malA4 SstopAbort AstopAbort n6 n5 s3 s4 Sperform AendCS AstartCS a5 a4 AstopOK <i> <i> <tsid.all, i> <i> <i> <i> <i> <tsid.all, i><i, tsid.all> <i, tsid.all> <tsid.all, i><i, tsid.all> <i> <i> <i> <i> <i> <i> <i> <i> malicious_reservoir malC1 malS6 malS5 malS4 CstopAbort SstopAbort n9 n8 n7 CgenCertif CsendTS1 c1 Cstarts4 s5 s6 SstopOK SreqTS SgetTS ScertCS CstopOK ● <tsid.all>
  • 32. F.Kordon-UniversitéP.&M.Curie-CC2016 Modeling the protocol (step 1) 7 Types and variables type tsid is 0..L; type tsidxtsid is <tsid, tsid>; var i in tsid; <i> <i> <i> <i><i> <i> <i> <tsid.all> <i> <tsid.all> <tsid.all> <i> <tsid.all> <i> <i> malicious_reservoir malS3 malS2 malS1 malA3 malA4 malA2 malA1 n4 n3 n2 n1 Sstart s2 s3 SsendTS SackCS AackCS AreqCS AgetTS AreqTS a4 a3 a2 a1 Astart <i> <i> <i> <i> <tsid.all> <i> <tsid.all> <i> <i> malicious_reservoir malS4 malS3 malA5 malA4 SstopAbort AstopAbort n6 n5 s3 s4 Sperform AendCS AstartCS a5 a4 AstopOK <i> <i> <tsid.all, i> <i> <i> <i> <i> <tsid.all, i><i, tsid.all> <i, tsid.all> <tsid.all, i><i, tsid.all> <i> <i> <i> <i> <i> <i> <i> <i> malicious_reservoir malC1 malS6 malS5 malS4 CstopAbort SstopAbort n9 n8 n7 CgenCertif CsendTS1 c1 Cstarts4 s5 s6 SstopOK SreqTS SgetTS ScertCS CstopOK ● <tsid.all> Px●
  • 33. F.Kordon-UniversitéP.&M.Curie-CC2016 Modeling the protocol (step 1) 7 <i> <i> <i> <i><i> <i> <i> <tsid.all> <i> <tsid.all> <tsid.all> <i> <tsid.all> <i> <i> malicious_reservoir malS3 malS2 malS1 malA3 malA4 malA2 malA1 n4 n3 n2 n1 Sstart s2 s3 SsendTS SackCS AackCS AreqCS AgetTS AreqTS a4 a3 a2 a1 Astart <i> <i> <i> <i> <tsid.all> <i> <tsid.all> <i> <i> malicious_reservoir malS4 malS3 malA5 malA4 SstopAbort AstopAbort n6 n5 s3 s4 Sperform AendCS AstartCS a5 a4 AstopOK <i> <i> <tsid.all, i> <i> <i> <i> <i> <tsid.all, i><i, tsid.all> <i, tsid.all> <tsid.all, i><i, tsid.all> <i> <i> <i> <i> <i> <i> <i> <i> malicious_reservoir malC1 malS6 malS5 malS4 CstopAbort SstopAbort n9 n8 n7 CgenCertif CsendTS1 c1 Cstarts4 s5 s6 SstopOK SreqTS SgetTS ScertCS CstopOK Fok = |SstopOK| = L + 1 |CstopOK| = L + 1 Fok = |SstopOK| > L 2 ^ |CstopOK| > L 2
  • 34. F.Kordon-UniversitéP.&M.Curie-CC2016 Modeling the protocol (step 1) 7 <i> <i> <i> <i><i> <i> <i> <tsid.all> <i> <tsid.all> <tsid.all> <i> <tsid.all> <i> <i> malicious_reservoir malS3 malS2 malS1 malA3 malA4 malA2 malA1 n4 n3 n2 n1 Sstart s2 s3 SsendTS SackCS AackCS AreqCS AgetTS AreqTS a4 a3 a2 a1 Astart <i> <i> <i> <i> <tsid.all> <i> <tsid.all> <i> <i> malicious_reservoir malS4 malS3 malA5 malA4 SstopAbort AstopAbort n6 n5 s3 s4 Sperform AendCS AstartCS a5 a4 AstopOK <i> <i> <tsid.all, i> <i> <i> <i> <i> <tsid.all, i><i, tsid.all> <i, tsid.all> <tsid.all, i><i, tsid.all> <i> <i> <i> <i> <i> <i> <i> <i> malicious_reservoir malC1 malS6 malS5 malS4 CstopAbort SstopAbort n9 n8 n7 CgenCertif CsendTS1 c1 Cstarts4 s5 s6 SstopOK SreqTS SgetTS ScertCS CstopOK Fok = |SstopOK| = L + 1 |CstopOK| = L + 1 Fabort = |SstopAbort| > 0 |CstopAbort| > 0 Fabort = |SstopAbort| > L 2 _ |CstopAbort| > L 2
  • 35. F.Kordon-UniversitéP.&M.Curie-CC2016 Modeling the protocol (step 1) 7 <i> <i> <i> <i><i> <i> <i> <tsid.all> <i> <tsid.all> <tsid.all> <i> <tsid.all> <i> <i> malicious_reservoir malS3 malS2 malS1 malA3 malA4 malA2 malA1 n4 n3 n2 n1 Sstart s2 s3 SsendTS SackCS AackCS AreqCS AgetTS AreqTS a4 a3 a2 a1 Astart <i> <i> <i> <i> <tsid.all> <i> <tsid.all> <i> <i> malicious_reservoir malS4 malS3 malA5 malA4 SstopAbort AstopAbort n6 n5 s3 s4 Sperform AendCS AstartCS a5 a4 AstopOK <i> <i> <tsid.all, i> <i> <i> <i> <i> <tsid.all, i><i, tsid.all> <i, tsid.all> <tsid.all, i><i, tsid.all> <i> <i> <i> <i> <i> <i> <i> <i> malicious_reservoir malC1 malS6 malS5 malS4 CstopAbort SstopAbort n9 n8 n7 CgenCertif CsendTS1 c1 Cstarts4 s5 s6 SstopOK SreqTS SgetTS ScertCS CstopOK FabortFokAF( _ )) Fok = |SstopOK| = L + 1 |CstopOK| = L + 1 Fabort = |SstopAbort| > 0 |CstopAbort| > 0
  • 36. F.Kordon-UniversitéP.&M.Curie-CC2016 Verifying the perfect world About the complexity of the state space Roughly 10L states 1 state= 13 int + 17 multistep ⇒ memory problem to check for L=32 8 1E+02 1E+04 1E+06 1E+08 1E+10 1E+12 1E+14 1E+16 1E+18 1E+20 1E+22 2 4 6 8 10 12 14 16 18 20 22 Numberofstates Leaf set size Size of the state space Reachability graph Symb. reach. graph
  • 37. F.Kordon-UniversitéP.&M.Curie-CC2016 Verifying the perfect world About the complexity of the state space Roughly 10L states 1 state= 13 int + 17 multistep ⇒ memory problem to check for L=32 GreatSPN (use of symmetries) L=24 fails after 11h45mn of CPU (costly canonisation function) ‣ Implementation limit = size of a hash table 8 1E+02 1E+04 1E+06 1E+08 1E+10 1E+12 1E+14 1E+16 1E+18 1E+20 1E+22 2 4 6 8 10 12 14 16 18 20 22 Numberofstates Leaf set size Size of the state space Reachability graph Symb. reach. graph
  • 38. F.Kordon-UniversitéP.&M.Curie-CC2016 Verifying the perfect world About the complexity of the state space Roughly 10L states 1 state= 13 int + 17 multistep ⇒ memory problem to check for L=32 GreatSPN (use of symmetries) L=24 fails after 11h45mn of CPU (costly canonisation function) ‣ Implementation limit = size of a hash table PNXDD (decision diagrams + variable ordering) Unfolding to P/T nets L=10 fails after 3h20mn (memory overflow > 16GB) 8
  • 39. F.Kordon-UniversitéP.&M.Curie-CC2016 Verifying the perfect world About the complexity of the state space Roughly 10L states 1 state= 13 int + 17 multistep ⇒ memory problem to check for L=32 GreatSPN (use of symmetries) L=24 fails after 11h45mn of CPU (costly canonisation function) ‣ Implementation limit = size of a hash table PNXDD (decision diagrams + variable ordering) Unfolding to P/T nets L=10 fails after 3h20mn (memory overflow > 16GB) ITS-Tools (hierarchical decision diagrams) Completed for L=32 in less than one minute ‣ Handling of symmetries in the system by means of a dedicated encoding 8
  • 41. F.Kordon-UniversitéP.&M.Curie-CC2016 Probabilistic analysis (step 2) Classical approach of the domain Based on p, probability of node failure ‣ Hypotheses required ‣ Diversity routing to avoid coalitions 9
  • 42. F.Kordon-UniversitéP.&M.Curie-CC2016 Probabilistic analysis (step 2) Classical approach of the domain Based on p, probability of node failure ‣ Hypotheses required ‣ Diversity routing to avoid coalitions Origin of problems Source 1 → failure of the protocol ‣ No answer to A + no ack to A ‣ Interactions between A, S (leafset) Source 2 → inappropriate certificate ‣ Lost of a certificate (inconsistency) ‣ Interactions between S (leafset) and C (leafset) 9
  • 43. F.Kordon-UniversitéP.&M.Curie-CC2016 Probabilistic analysis (step 2) Classical approach of the domain Based on p, probability of node failure ‣ Hypotheses required ‣ Diversity routing to avoid coalitions Origin of problems Source 1 → failure of the protocol ‣ No answer to A + no ack to A ‣ Interactions between A, S (leafset) Source 2 → inappropriate certificate ‣ Lost of a certificate (inconsistency) ‣ Interactions between S (leafset) and C (leafset) 9 Numerical applicationsp = 0.3 («untrusted»)
P = 0.05 («trusted»)
  • 44. F.Kordon-UniversitéP.&M.Curie-CC2016 Formulas and experimental values Protocol failure More that L/2 nodes are malicious The formula: 10 PL+1 i=1 L+1 i pi (1 p)L+1 i PL 2 i=1 L+1 i pi (1 p)L+1 i at most L+1 malicious nodes at most L/2 malicious nodes ⎞ ⎟ ⎟ ⎟ ⎟ ⎟ ⎟ ⎟ ⎟ ⎟ ⎠ ⎞ ⎟ ⎟ ⎟ ⎟ ⎟ ⎟ ⎟ ⎟ ⎟ ⎠
  • 45. F.Kordon-UniversitéP.&M.Curie-CC2016 Formulas and experimental values Protocol failure More that L/2 nodes are malicious The formula: 10 PL+1 i=1 L+1 i pi (1 p)L+1 i PL 2 i=1 L+1 i pi (1 p)L+1 i at most L+1 malicious nodes at most L/2 malicious nodes ⎞ ⎟ ⎟ ⎟ ⎟ ⎟ ⎟ ⎟ ⎟ ⎟ ⎠ ⎞ ⎟ ⎟ ⎟ ⎟ ⎟ ⎟ ⎟ ⎟ ⎟ ⎠ 1.16e-43 1 4 8 12 16 20 24 28 Amount of faulty nodes [k] CORPS 5% of faulty nodes FIGURE 5.1. Probability to have more than k malicinodes L DHT - p = 0.3 CORPS - p = 0.05 8 0.188 6.64 ⇥ 10 5 16 0.079 6.57 ⇥ 10 8 32 0.016 8.24 ⇥ 10 14 TABLE 3. Probability of failure of the transaction betweA and S From equation 5.6 we can deduce the probability thaS won’t respond to the RequestInit or won’t send thfinal ACKs as PAS = (1 P>L/2)P>|L|/2 + P>|L|/2 PAS = 2P>|L|/2 P 2 >|L|/2 (5.7 Table 3 shows the probability of failure between Aand S, for a trustset size of |L| = {8, 16, 32} nodes, andcompares a quasi CA built directly above the DHT toone built above CORPS. We consider that the worstcase is when the malicious nodes represent 30% of theDHT nodes. In
  • 46. F.Kordon-UniversitéP.&M.Curie-CC2016 Formulas and experimental values Protocol failure More that L/2 nodes are malicious The formula: Inappropriate certificate generation Two parts ‣ Existence of more L/2 malicious nodes ‣ Unable to retrieve at least L/2 + 1 identical answers The formula (combines problems between S and C) 10 PL+1 i=1 L+1 i pi (1 p)L+1 i PL 2 i=1 L+1 i pi (1 p)L+1 i at most L+1 malicious nodes at most L/2 malicious nodes ⎞ ⎟ ⎟ ⎟ ⎟ ⎟ ⎟ ⎟ ⎟ ⎟ ⎠ ⎞ ⎟ ⎟ ⎟ ⎟ ⎟ ⎟ ⎟ ⎟ ⎟ ⎠ 1.16e-43 1 4 8 12 16 20 24 28 Amount of faulty nodes [k] CORPS 5% of faulty nodes FIGURE 5.1. Probability to have more than k malicinodes L DHT - p = 0.3 CORPS - p = 0.05 8 0.188 6.64 ⇥ 10 5 16 0.079 6.57 ⇥ 10 8 32 0.016 8.24 ⇥ 10 14 TABLE 3. Probability of failure of the transaction betweA and S From equation 5.6 we can deduce the probability thaS won’t respond to the RequestInit or won’t send thfinal ACKs as PAS = (1 P>L/2)P>|L|/2 + P>|L|/2 PAS = 2P>|L|/2 P 2 >|L|/2 (5.7 Table 3 shows the probability of failure between Aand S, for a trustset size of |L| = {8, 16, 32} nodes, andcompares a quasi CA built directly above the DHT toone built above CORPS. We consider that the worstcase is when the malicious nodes represent 30% of theDHT nodes. In 1 (1 P> L 2 )2
  • 47. F.Kordon-UniversitéP.&M.Curie-CC2016 Formulas and experimental values Protocol failure More that L/2 nodes are malicious The formula: Inappropriate certificate generation Two parts ‣ Existence of more L/2 malicious nodes ‣ Unable to retrieve at least L/2 + 1 identical answers The formula (combines problems between S and C) 10 PL+1 i=1 L+1 i pi (1 p)L+1 i PL 2 i=1 L+1 i pi (1 p)L+1 i at most L+1 malicious nodes at most L/2 malicious nodes ⎞ ⎟ ⎟ ⎟ ⎟ ⎟ ⎟ ⎟ ⎟ ⎟ ⎠ ⎞ ⎟ ⎟ ⎟ ⎟ ⎟ ⎟ ⎟ ⎟ ⎟ ⎠ 1.16e-43 1 4 8 12 16 20 24 28 Amount of faulty nodes [k] CORPS 5% of faulty nodes FIGURE 5.1. Probability to have more than k malicinodes L DHT - p = 0.3 CORPS - p = 0.05 8 0.188 6.64 ⇥ 10 5 16 0.079 6.57 ⇥ 10 8 32 0.016 8.24 ⇥ 10 14 TABLE 3. Probability of failure of the transaction betweA and S From equation 5.6 we can deduce the probability thaS won’t respond to the RequestInit or won’t send thfinal ACKs as PAS = (1 P>L/2)P>|L|/2 + P>|L|/2 PAS = 2P>|L|/2 P 2 >|L|/2 (5.7 Table 3 shows the probability of failure between Aand S, for a trustset size of |L| = {8, 16, 32} nodes, andcompares a quasi CA built directly above the DHT toone built above CORPS. We consider that the worstcase is when the malicious nodes represent 30% of theDHT nodes. In 1 ⇣ 1 PL+1 i=1 L+1 i pi (1 p)L+1 i + PL 2 i=1 L+1 i pi (1 p)L+1 i ⌘2 1 (1 P> L 2 )2
  • 48. F.Kordon-UniversitéP.&M.Curie-CC2016 Formulas and experimental values Protocol failure More that L/2 nodes are malicious The formula: Inappropriate certificate generation Two parts ‣ Existence of more L/2 malicious nodes ‣ Unable to retrieve at least L/2 + 1 identical answers The formula (combines problems between S and C) 10 PL+1 i=1 L+1 i pi (1 p)L+1 i PL 2 i=1 L+1 i pi (1 p)L+1 i at most L+1 malicious nodes at most L/2 malicious nodes ⎞ ⎟ ⎟ ⎟ ⎟ ⎟ ⎟ ⎟ ⎟ ⎟ ⎠ ⎞ ⎟ ⎟ ⎟ ⎟ ⎟ ⎟ ⎟ ⎟ ⎟ ⎠ 1.16e-43 1 4 8 12 16 20 24 28 Amount of faulty nodes [k] CORPS 5% of faulty nodes FIGURE 5.1. Probability to have more than k malicinodes L DHT - p = 0.3 CORPS - p = 0.05 8 0.188 6.64 ⇥ 10 5 16 0.079 6.57 ⇥ 10 8 32 0.016 8.24 ⇥ 10 14 TABLE 3. Probability of failure of the transaction betweA and S From equation 5.6 we can deduce the probability thaS won’t respond to the RequestInit or won’t send thfinal ACKs as PAS = (1 P>L/2)P>|L|/2 + P>|L|/2 PAS = 2P>|L|/2 P 2 >|L|/2 (5.7 Table 3 shows the probability of failure between Aand S, for a trustset size of |L| = {8, 16, 32} nodes, andcompares a quasi CA built directly above the DHT toone built above CORPS. We consider that the worstcase is when the malicious nodes represent 30% of theDHT nodes. In 1 ⇣ 1 PL+1 i=1 L+1 i pi (1 p)L+1 i + PL 2 i=1 L+1 i pi (1 p)L+1 i ⌘2 1 (1 P> L 2 )2 L DHT - p = 0.3 CORPS - p = 0.058 0.216 4.97 ⇥ 10 4 16 0.075 3.50 ⇥ 10 8 32 0.014 4.24 ⇥ 10 13
  • 49. F.Kordon-UniversitéP.&M.Curie-CC2016 Conclusion Quasi-certification entity (elaboration + verification) Low probability of failure + Good message complexity (not discussed) 11
  • 50. F.Kordon-UniversitéP.&M.Curie-CC2016 Conclusion Quasi-certification entity (elaboration + verification) Low probability of failure + Good message complexity (not discussed) 11 Application to digital tax filling in France ‣ 36.5 M revenues declarations (in 2012) ‣ a wrong tax certificate every 5132 years ‣ lost of a tax certificate every 997 years
  • 51. F.Kordon-UniversitéP.&M.Curie-CC2016 Conclusion Quasi-certification entity (elaboration + verification) Low probability of failure + Good message complexity (not discussed) 3 years of work (details recently fixed) ‣ Work partially published in TrustCom’2013 ‣ Without formal proof (there was yet glitches details with hypotheses) 11 Application to digital tax filling in France ‣ 36.5 M revenues declarations (in 2012) ‣ a wrong tax certificate every 5132 years ‣ lost of a tax certificate every 997 years
  • 52. F.Kordon-UniversitéP.&M.Curie-CC2016 Conclusion Quasi-certification entity (elaboration + verification) Low probability of failure + Good message complexity (not discussed) 3 years of work (details recently fixed) ‣ Work partially published in TrustCom’2013 ‣ Without formal proof (there was yet glitches details with hypotheses) Realistic problem with applicability to e-government Probably numerous applications in the future The model is now a metric for the Model Checking Contest Potential applicability for Symmetric Nets with Bags ‣ Excellent playground for this type of problems 11 Application to digital tax filling in France ‣ 36.5 M revenues declarations (in 2012) ‣ a wrong tax certificate every 5132 years ‣ lost of a tax certificate every 997 years