FastBFT is a scalable Byzantine fault tolerant consensus protocol that uses hardware-assisted secret sharing to achieve high performance. It uses a trusted execution environment to implement a lightweight secret sharing scheme and assign unique sequence numbers to requests. Replicas are organized in a tree topology to distribute communication and computation costs, allowing the protocol to reach consensus in a constant number of message rounds regardless of the number of replicas. The protocol takes an optimistic approach where a subset of replicas participate in agreement while others passively update their state.
Ch 02 --- sdn and openflow architectureYoram Orzach
This document provides an overview of SDN and OpenFlow. It describes the traditional network structure with separate control, forwarding, and management planes. With SDN, the control plane is centralized into a controller that programs "dumb" switches via the OpenFlow protocol. The controller manages flow tables on switches to determine how traffic is forwarded. Key OpenFlow components include the controller, OpenFlow channel, flow tables, group tables, and meter tables. The document provides examples of how OpenFlow can implement switching, routing, firewalls, and other network functions through flow table entries.
Choosing the Segment Length for Adaptive Bitrate StreamingBitmovin Inc
Bitmovin evaluated different segment lengths for adaptive bitrate streaming to determine the optimal length. They found that lengths under 2 seconds performed poorly for encoding efficiency. Lengths of 4 seconds and above had similar performance but shorter lengths hindered streaming performance over HTTP/1.0. Their tests showed 6 second segments performed well over both HTTP/1.0 and HTTP/1.1. Therefore, Bitmovin recommends using variable lengths around 4 seconds on average to balance encoding efficiency and adaptive streaming performance.
Secure Shell (SSH) is a cryptographic network protocol for secure data communication and remote shell services over an insecure network. SSH establishes an encrypted connection between a client and server, allowing for secure login, file transfer, port forwarding and tunneling. It uses public-key authentication and encryption to securely handle remote login and other network services between two networked computers.
In this session, we’ll review how previous efforts, including Netfilter, Berkley Packet Filter (BPF), Open vSwitch (OVS), and TC, approached the problem of extensibility. We’ll show you an open source solution available within the Red Hat Enterprise Linux kernel, where extending and merging some of the existing concepts leads to an extensible framework that satisfies the networking needs of datacenter and cloud virtualization.
Building DataCenter networks with VXLAN BGP-EVPNCisco Canada
The session specifically covers the requirements and approaches for deploying the Underlay, Overlay as well as the inter-Fabric connectivity of Data Center Networks or Fabrics. Within the VXLAN BGP-EVPN based Overlay, we focus on the insights like forwarding and control plane functions which are critical to the simplicity operation of the architecture in achieving scale, small failure domains and consistent configuration. To complete the overlay view on VXLAN BGP-EVPN, we are going to the insides of BGP and its EVPN address-familiy and extend to about how multiple DC Fabric can be interconnected within, either as stretched Fabrics or with true DCI. The session concludes with a brief overview of manageability functions, network orchestration capabilities and multi-tenancy details. This Advanced session is intended for network, design and operation engineers from Enterprises to Service Providers.
VXLAN Design and Deployment discusses considerations for deploying VXLAN in a data center fabric. It covers why VXLAN is used to create overlay networks, VXLAN fundamentals like encapsulation and tunneling, and important factors for the underlay network like ensuring sufficient MTU for the VXLAN overhead, using point-to-point interfaces and protocols like OSPF or IS-IS for routing, enabling IP multicast, and deploying iBGP with a route reflector to distribute VTEP reachability. The document also discusses control plane protocols, evolution of VXLAN, and hardware support on Cisco platforms.
Ch 02 --- sdn and openflow architectureYoram Orzach
This document provides an overview of SDN and OpenFlow. It describes the traditional network structure with separate control, forwarding, and management planes. With SDN, the control plane is centralized into a controller that programs "dumb" switches via the OpenFlow protocol. The controller manages flow tables on switches to determine how traffic is forwarded. Key OpenFlow components include the controller, OpenFlow channel, flow tables, group tables, and meter tables. The document provides examples of how OpenFlow can implement switching, routing, firewalls, and other network functions through flow table entries.
Choosing the Segment Length for Adaptive Bitrate StreamingBitmovin Inc
Bitmovin evaluated different segment lengths for adaptive bitrate streaming to determine the optimal length. They found that lengths under 2 seconds performed poorly for encoding efficiency. Lengths of 4 seconds and above had similar performance but shorter lengths hindered streaming performance over HTTP/1.0. Their tests showed 6 second segments performed well over both HTTP/1.0 and HTTP/1.1. Therefore, Bitmovin recommends using variable lengths around 4 seconds on average to balance encoding efficiency and adaptive streaming performance.
Secure Shell (SSH) is a cryptographic network protocol for secure data communication and remote shell services over an insecure network. SSH establishes an encrypted connection between a client and server, allowing for secure login, file transfer, port forwarding and tunneling. It uses public-key authentication and encryption to securely handle remote login and other network services between two networked computers.
In this session, we’ll review how previous efforts, including Netfilter, Berkley Packet Filter (BPF), Open vSwitch (OVS), and TC, approached the problem of extensibility. We’ll show you an open source solution available within the Red Hat Enterprise Linux kernel, where extending and merging some of the existing concepts leads to an extensible framework that satisfies the networking needs of datacenter and cloud virtualization.
Building DataCenter networks with VXLAN BGP-EVPNCisco Canada
The session specifically covers the requirements and approaches for deploying the Underlay, Overlay as well as the inter-Fabric connectivity of Data Center Networks or Fabrics. Within the VXLAN BGP-EVPN based Overlay, we focus on the insights like forwarding and control plane functions which are critical to the simplicity operation of the architecture in achieving scale, small failure domains and consistent configuration. To complete the overlay view on VXLAN BGP-EVPN, we are going to the insides of BGP and its EVPN address-familiy and extend to about how multiple DC Fabric can be interconnected within, either as stretched Fabrics or with true DCI. The session concludes with a brief overview of manageability functions, network orchestration capabilities and multi-tenancy details. This Advanced session is intended for network, design and operation engineers from Enterprises to Service Providers.
VXLAN Design and Deployment discusses considerations for deploying VXLAN in a data center fabric. It covers why VXLAN is used to create overlay networks, VXLAN fundamentals like encapsulation and tunneling, and important factors for the underlay network like ensuring sufficient MTU for the VXLAN overhead, using point-to-point interfaces and protocols like OSPF or IS-IS for routing, enabling IP multicast, and deploying iBGP with a route reflector to distribute VTEP reachability. The document also discusses control plane protocols, evolution of VXLAN, and hardware support on Cisco platforms.
These slides will cover the essential characteristics of cloud computing in the data center. Why should you consider adopting cloud architecture? We'll show you.
This document discusses segment routing and its benefits for incremental deployment in networks. It describes how segment routing uses MPLS or IPv6 routing headers to encode paths as ordered lists of segments. Segment routing allows more control over traffic paths compared to traditional IGP routing. It can enable traffic engineering and service chaining while maintaining network and control plane simplicity. The document argues segment routing is useful for scaling datacenters and simplifying peering relationships.
Understanding Cisco’ Next Generation SD-WAN TechnologyCisco Canada
Cisco's SD-WAN solution aims to address challenges facing the modern WAN and branch networks by providing:
(1) Secure, flexible connectivity to applications and services across hybrid networks including broadband internet, cellular and MPLS.
(2) Application-aware policies and intelligent routing to optimize the user experience for priority applications.
(3) Agile operations through centralized, template-based management and zero-touch provisioning of edge routers.
OpenFlow is a standard protocol that allows separation of the control plane from the data plane in network devices like switches. It defines communications between controllers and switches. Controllers install flow entries in switches' flow tables which determine how traffic is forwarded. This allows centralized control over distributed switches using protocols like OpenFlow to program their forwarding behavior.
Session: The Data Center Network Evolution: Journey to the Programmable Fabric
Presenter: Robert Zalobinski, Technical Solutions Architect
Date: October 6, 2015
VPN (virtual private network) allows users to connect securely over a public network like the internet. It uses encryption and authentication to provide a secure connection through an otherwise insecure network. The main benefits of VPNs are reduced costs compared to dedicated private networks using leased lines or dial-up. VPNs work by encapsulating packets inside packets of another protocol, called "tunneling", to create and maintain a virtual private circuit between two endpoints.
Overview of the SSH protocol.
SSH (Secure SHell) is a secure replacement for TELNET, rcp, rlogin, rsh (for login, remote execution of
commands, file transfer).
Security-wise SSH provides confidentiality (nobody can read the message content), integrity (guarantee that data is unaltered in transit) and authentication (of client and server). This provides protection against many of the possible attack vectors like IP spoofing, DNS spoofing, Password interception and eavesdropping.
SSH exists in 2 versions. SSH-2 fixes some of the shortcomings of SSH-1 so it should be used in place of SSH-1.
SSH also comes with features that in itself raise security concerns like tunneling and port forwarding.
The document provides an overview of software-defined networking (SDN) fundamentals, including:
- In traditional networks, the control plane and data plane are logically coupled within each network device, whereas SDN separates these planes and centralizes the control plane in an SDN controller.
- The SDN controller holds the entire network description as a graph and can perform optimization calculations. It programs flow entries into forwarding devices using the OpenFlow protocol.
- OpenFlow defines a standard interface that gives access to the forwarding plane of network switches or routers. It separates the data and control planes and allows the control logic to be implemented separately in the SDN controller.
Principles of public key cryptography and its UsesMohsin Ali
This document discusses the principles of public key cryptography. It begins by defining asymmetric encryption and how it uses a public key and private key instead of a single shared key. It then discusses key concepts like digital certificates and public key infrastructure. The document also provides examples of how public key cryptography can be used, including the RSA algorithm and key distribution methods like public key directories and certificates. It explains how public key cryptography solves the key distribution problem present in symmetric encryption.
Integration of neutron, nova and designate how to use it and how to configur...Miguel Lavalle
This document discusses integrating Neutron, Nova, and Designate for DNS resolution and configuration. It provides three use cases: 1) floating IPs are published with associated port DNS attributes, 2) floating IPs are published directly in an external DNS service, and 3) ports are published directly in an external DNS service. It also covers configuring Neutron's internal DNS resolution, integrating with an external DNS service like Designate, and potential performance impacts of publishing ports directly to external DNS.
This document provides an overview of Aruba ClearPass and its access management capabilities. It discusses ClearPass' policy model and how it uses context such as identity, device, and location to enable granular, role-based access policies. It covers ClearPass' authorization features and how it profiles devices to incorporate that data into policies. The document also reviews ClearPass clustering functionality and considerations for deployment and operations.
The document discusses using tcpdump and ssldump on an F5 device to analyze network traffic. It provides examples of commands to capture full traffic flows, including specifying filters. It also describes how to use tcpdump to troubleshoot issues like traffic not reaching servers. The document discusses using Wireshark with the F5 plugin to decrypt SSL traffic for analysis and provides instructions for configuring Wireshark. It briefly mentions using sFlow for performance monitoring and analytics.
IBM MQ V8 Security: Latest Features Deep-DiveMorag Hughson
More than ever, security issues are on the top of everyone's list of priorities. Find out about the approach taken by IBM MQ. This session will cover the security features in the latest release of IBM MQ.
The document discusses EPC CUPS (Control and User Plane Separation) architecture in 3GPP releases. Some key points:
1) EPC CUPS was introduced in Release 14 to separate control and user plane functions for more flexible scaling and deployment.
2) CUPS introduces new Sxa, Sxb, and Sxc interfaces between control and user plane functions of SGW, PGW, and TDF.
3) The separation allows independent scaling of control and user plane resources to better handle increases in data traffic.
This document discusses Cisco's Software-Defined Access (SD-Access) solution. It provides an overview of the key components of SD-Access, including:
- A control plane based on LISP that separates endpoint identity from location and consolidates routing tables.
- A data plane based on VXLAN that uses virtual tunnel endpoints and an overlay network to provide mobility and remove topology limitations.
- A policy plane based on Cisco TrustSec that implements security policies based on endpoint groups rather than individual IP addresses.
SD-Access leverages these components to automate configuration, management, and policy across campus wired, wireless and WAN networks. The document also outlines the platform support and roles of different
In this presentation, we will cover authenticating guest users with ClearPass with Time Source authentication source and MAC- caching. Check out the webinar recording where this presentation was used:
http://community.arubanetworks.com/t5/Security/Technical-Webinar-Recording-Slides-ClearPass-Guest-with-Mac/td-p/283101
Register for the upcoming webinars: https://community.arubanetworks.com/t5/Training-Certification-Career/EMEA-Airheads-Webinars-Jul-Dec-2017/td-p/271908
This document discusses Open vSwitch and its support for stateful services like connection tracking (conntrack) and network address translation (NAT). Open vSwitch is designed to manage overlay networks and provides programmable flow tables and remote management. It aims to integrate conntrack to enable stateful firewalling and NAT functions. This will allow matching on connection states and leveraging existing Linux conntrack and NAT modules. Examples are given of how conntrack and NAT rules could be implemented using these new Open vSwitch capabilities.
The document discusses classical encryption techniques such as substitution ciphers like the Caesar cipher and monoalphabetic cipher, transposition ciphers like the rail fence cipher and row transposition cipher, and polyalphabetic ciphers like the Vigenere cipher. It introduces basic concepts and terminology in cryptography such as plaintext, ciphertext, encryption, decryption, and secret keys. The goals are to introduce basic concepts and terminology of encryption and to prepare for studying modern cryptography.
Nesta apresentação faremos um overview sobre a solução ClearPass da Aruba Networks que traz funções de BYOD, Network Access Control e Gerenciamento de visitantes.
This presentation goes over consensus fundamentals, what consensus algorithms are used in Hyperledger blockchain projects today and how do they work. This presentation was presented at the April 2nd SF Hyperledger Meetup @ PubNub.
Slides are mainly on the major security flaws that existed in the Bluetooth 4.0/4.1 (released 2010) specifically Bluetooth Low Energy(BLE) (a.k.a Bluetooth Smart) specification. BLE was introduced as part of Bluetooth 4.0 targeting low power devices which is quite different from classic Bluetooth. Later part contains major security enhancements that are introduced in BLE 4.2
These slides will cover the essential characteristics of cloud computing in the data center. Why should you consider adopting cloud architecture? We'll show you.
This document discusses segment routing and its benefits for incremental deployment in networks. It describes how segment routing uses MPLS or IPv6 routing headers to encode paths as ordered lists of segments. Segment routing allows more control over traffic paths compared to traditional IGP routing. It can enable traffic engineering and service chaining while maintaining network and control plane simplicity. The document argues segment routing is useful for scaling datacenters and simplifying peering relationships.
Understanding Cisco’ Next Generation SD-WAN TechnologyCisco Canada
Cisco's SD-WAN solution aims to address challenges facing the modern WAN and branch networks by providing:
(1) Secure, flexible connectivity to applications and services across hybrid networks including broadband internet, cellular and MPLS.
(2) Application-aware policies and intelligent routing to optimize the user experience for priority applications.
(3) Agile operations through centralized, template-based management and zero-touch provisioning of edge routers.
OpenFlow is a standard protocol that allows separation of the control plane from the data plane in network devices like switches. It defines communications between controllers and switches. Controllers install flow entries in switches' flow tables which determine how traffic is forwarded. This allows centralized control over distributed switches using protocols like OpenFlow to program their forwarding behavior.
Session: The Data Center Network Evolution: Journey to the Programmable Fabric
Presenter: Robert Zalobinski, Technical Solutions Architect
Date: October 6, 2015
VPN (virtual private network) allows users to connect securely over a public network like the internet. It uses encryption and authentication to provide a secure connection through an otherwise insecure network. The main benefits of VPNs are reduced costs compared to dedicated private networks using leased lines or dial-up. VPNs work by encapsulating packets inside packets of another protocol, called "tunneling", to create and maintain a virtual private circuit between two endpoints.
Overview of the SSH protocol.
SSH (Secure SHell) is a secure replacement for TELNET, rcp, rlogin, rsh (for login, remote execution of
commands, file transfer).
Security-wise SSH provides confidentiality (nobody can read the message content), integrity (guarantee that data is unaltered in transit) and authentication (of client and server). This provides protection against many of the possible attack vectors like IP spoofing, DNS spoofing, Password interception and eavesdropping.
SSH exists in 2 versions. SSH-2 fixes some of the shortcomings of SSH-1 so it should be used in place of SSH-1.
SSH also comes with features that in itself raise security concerns like tunneling and port forwarding.
The document provides an overview of software-defined networking (SDN) fundamentals, including:
- In traditional networks, the control plane and data plane are logically coupled within each network device, whereas SDN separates these planes and centralizes the control plane in an SDN controller.
- The SDN controller holds the entire network description as a graph and can perform optimization calculations. It programs flow entries into forwarding devices using the OpenFlow protocol.
- OpenFlow defines a standard interface that gives access to the forwarding plane of network switches or routers. It separates the data and control planes and allows the control logic to be implemented separately in the SDN controller.
Principles of public key cryptography and its UsesMohsin Ali
This document discusses the principles of public key cryptography. It begins by defining asymmetric encryption and how it uses a public key and private key instead of a single shared key. It then discusses key concepts like digital certificates and public key infrastructure. The document also provides examples of how public key cryptography can be used, including the RSA algorithm and key distribution methods like public key directories and certificates. It explains how public key cryptography solves the key distribution problem present in symmetric encryption.
Integration of neutron, nova and designate how to use it and how to configur...Miguel Lavalle
This document discusses integrating Neutron, Nova, and Designate for DNS resolution and configuration. It provides three use cases: 1) floating IPs are published with associated port DNS attributes, 2) floating IPs are published directly in an external DNS service, and 3) ports are published directly in an external DNS service. It also covers configuring Neutron's internal DNS resolution, integrating with an external DNS service like Designate, and potential performance impacts of publishing ports directly to external DNS.
This document provides an overview of Aruba ClearPass and its access management capabilities. It discusses ClearPass' policy model and how it uses context such as identity, device, and location to enable granular, role-based access policies. It covers ClearPass' authorization features and how it profiles devices to incorporate that data into policies. The document also reviews ClearPass clustering functionality and considerations for deployment and operations.
The document discusses using tcpdump and ssldump on an F5 device to analyze network traffic. It provides examples of commands to capture full traffic flows, including specifying filters. It also describes how to use tcpdump to troubleshoot issues like traffic not reaching servers. The document discusses using Wireshark with the F5 plugin to decrypt SSL traffic for analysis and provides instructions for configuring Wireshark. It briefly mentions using sFlow for performance monitoring and analytics.
IBM MQ V8 Security: Latest Features Deep-DiveMorag Hughson
More than ever, security issues are on the top of everyone's list of priorities. Find out about the approach taken by IBM MQ. This session will cover the security features in the latest release of IBM MQ.
The document discusses EPC CUPS (Control and User Plane Separation) architecture in 3GPP releases. Some key points:
1) EPC CUPS was introduced in Release 14 to separate control and user plane functions for more flexible scaling and deployment.
2) CUPS introduces new Sxa, Sxb, and Sxc interfaces between control and user plane functions of SGW, PGW, and TDF.
3) The separation allows independent scaling of control and user plane resources to better handle increases in data traffic.
This document discusses Cisco's Software-Defined Access (SD-Access) solution. It provides an overview of the key components of SD-Access, including:
- A control plane based on LISP that separates endpoint identity from location and consolidates routing tables.
- A data plane based on VXLAN that uses virtual tunnel endpoints and an overlay network to provide mobility and remove topology limitations.
- A policy plane based on Cisco TrustSec that implements security policies based on endpoint groups rather than individual IP addresses.
SD-Access leverages these components to automate configuration, management, and policy across campus wired, wireless and WAN networks. The document also outlines the platform support and roles of different
In this presentation, we will cover authenticating guest users with ClearPass with Time Source authentication source and MAC- caching. Check out the webinar recording where this presentation was used:
http://community.arubanetworks.com/t5/Security/Technical-Webinar-Recording-Slides-ClearPass-Guest-with-Mac/td-p/283101
Register for the upcoming webinars: https://community.arubanetworks.com/t5/Training-Certification-Career/EMEA-Airheads-Webinars-Jul-Dec-2017/td-p/271908
This document discusses Open vSwitch and its support for stateful services like connection tracking (conntrack) and network address translation (NAT). Open vSwitch is designed to manage overlay networks and provides programmable flow tables and remote management. It aims to integrate conntrack to enable stateful firewalling and NAT functions. This will allow matching on connection states and leveraging existing Linux conntrack and NAT modules. Examples are given of how conntrack and NAT rules could be implemented using these new Open vSwitch capabilities.
The document discusses classical encryption techniques such as substitution ciphers like the Caesar cipher and monoalphabetic cipher, transposition ciphers like the rail fence cipher and row transposition cipher, and polyalphabetic ciphers like the Vigenere cipher. It introduces basic concepts and terminology in cryptography such as plaintext, ciphertext, encryption, decryption, and secret keys. The goals are to introduce basic concepts and terminology of encryption and to prepare for studying modern cryptography.
Nesta apresentação faremos um overview sobre a solução ClearPass da Aruba Networks que traz funções de BYOD, Network Access Control e Gerenciamento de visitantes.
This presentation goes over consensus fundamentals, what consensus algorithms are used in Hyperledger blockchain projects today and how do they work. This presentation was presented at the April 2nd SF Hyperledger Meetup @ PubNub.
Slides are mainly on the major security flaws that existed in the Bluetooth 4.0/4.1 (released 2010) specifically Bluetooth Low Energy(BLE) (a.k.a Bluetooth Smart) specification. BLE was introduced as part of Bluetooth 4.0 targeting low power devices which is quite different from classic Bluetooth. Later part contains major security enhancements that are introduced in BLE 4.2
BSides LV 2016 - Beyond the tip of the iceberg - fuzzing binary protocols for...Alexandre Moneger
This presentation shows that code coverage guided fuzzing is possible in the context of network daemon fuzzing.
Some fuzzers are blackbox while others are protocol aware. Even ones which are made protocol aware, fuzzer writers typically model the protocol specification and implement packet awareness logic in the fuzzer. Unfortunately, just because the fuzzer is protocol aware, it does not guarantee that sufficient code paths have been reached.
The presentation deals with specific scenarios where the target protocol is completely unknown (proprietary) and no source code or protocol specs are accessible. The tool developed builds a feedback loop between the client and the server components using the concept of "gate functions". A gate function triggers monitoring. The pintool component tracks the binary code coverage for all the functions untill it reaches an exit gate. By instrumenting such gated functions, the tool is able to measure code coverage during packet processing.
This document proposes a solution to prevent rollback attacks on smart contracts executed in trusted execution environments (TEEs) when combined with blockchains. It introduces a system architecture that extends existing Hyperledger Fabric peers with newly added enclave components. These components help execute smart contracts (chaincodes) securely in SGX enclaves while preventing rollback attacks, even if the untrusted operating system tries to provide old blockchain states. The solution leverages Hyperledger Fabric's finality-guaranteed consensus protocol to ensure transactions are executed uniquely and deterministically.
CheapBFT is a resource-efficient Byzantine fault tolerance protocol that uses a hybrid approach of combining an efficient protocol called CheapTiny for normal operation with MinBFT for fault handling. CheapBFT uses a small trusted hardware component called CASH to authenticate messages, allowing it to operate with f+1 active replicas rather than the typical 3f+1 replicas required. This reduces resource demands on storage, CPU and network usage compared to traditional BFT protocols like PBFT. Evaluation shows CheapBFT can process over 72,000 requests per second while remaining more efficient than MinBFT except under very large reply sizes.
The document outlines Ergo, a new cryptocurrency platform focused on decentralization and long-term survivability. Key points include:
- Ergo aims to improve on existing blockchains by focusing on decentralization without sacrificing capabilities like smart contracts.
- It uses a novel proof-of-work algorithm called Autolykos that requires memory rather than specialized hardware, and supports light clients.
- Ergo also includes a demurrage component where users pay miners storage fees over time to discourage hoarding and fund the network.
- The platform aims to have flexible governance via a voting system to allow protocol updates over time while avoiding centralized control.
Client server computing in mobile environments part 2Praveen Joshi
Client server computing in mobile environments. Versatile, Message based, Modular Infrastructure intended to improve usability, flexibility, interoperability and scalability as compared to Centralized, Mainframe, time sharing computing.
Intended to reduce Network Traffic.
Communication is using RPC or SQL
Information and data security pseudorandom number generation and stream cipherMazin Alwaaly
Information And Data Security Pseudorandom Number Generation and Stream Cipher seminar
Mustansiriya University
Department of Education
Computer Science
1) Ekiden is a new platform that allows for private and high-performance smart contract execution using trusted execution environments (TEEs) and blockchains.
2) It combines blockchains with TEEs to execute smart contracts off-chain in a way that preserves data confidentiality while maintaining strong on-chain consistency.
3) Ekiden aims to provide confidentiality-preserving smart contracts with high availability, high performance, and formal security guarantees through the use of cryptographic techniques and TEE hardware.
Module: drand - the Distributed Randomness BeaconIoannis Psaras
drand is a distributed randomness beacon. It provides
publicly-verifiable, unpredictable and bias-resistant random numbers as a public service. In this module we'll walk through:
- Threshold Cryptography & Randomness
- The Distributed Key Generation in drand
- The Setup and Randomness Generation Phases
- The League of Entropy
This document summarizes a bachelor thesis that implemented and simulated various low-density parity-check (LDPC) codes in fast fading environments. The thesis first provides background on channel coding, LDPC codes, channel models, and performance metrics. It then describes generating a simulation model in MATLAB to test LDPC codes over Rayleigh fading channels and additive white Gaussian noise channels. Results are presented on bit error rate performance and extrinsic information transfer charts. The goal was to evaluate LDPC code performance and design an effective system concept validated through computer simulation.
This document provides an outline for a TinyOS tutorial that introduces the TinyOS operating system and development environment. It covers the hardware primer, introduction to TinyOS, installation and configuration, NesC syntax, network communication, sensor data acquisition, debugging techniques, and concludes with an overview of the Agilla mobile agent system. The outline includes 10 sections that will guide students through understanding the TinyOS hardware platforms, programming model, components, interfaces, and building/installing applications.
M2M Protocols for Constrained Environments in the Context of IoT: A Compariso...Edielson P. Frigieri
The Internet of Things movement opens new possibilities for services and business along with new technological challenges, such as power efficiency, operation in constrained environments, security, and privacy. With the expectation of a high amount of devices connected in this Future Internet, scalability is also assumed to be a challenge. To address these limitations, several protocols are being proposed. In this paper, two of them, MQTT and COAP, are presented and qualitatively compared, summarizing their main features and limitations, highlighting the best scenarios where each approach is more suitable.
The document summarizes key concepts about the data link layer, including the services it provides to the network layer, such as error control and flow control. It describes functions of the data link layer like framing, error detection, and flow control. It also covers different data link protocols, such as HDLC, PPP, and protocols used in the Internet. Specific topics discussed include error correcting codes, sliding window protocols, finite state machine models, and Petri net models for analyzing protocols.
GopherCon 2017 - Writing Networking Clients in Go: The Design & Implementati...wallyqs
The NATS Go client is the canonical implementation of a client for the NATS Messaging System, and from the beginning it was designed for high performance. In this talk, we will cover its APIs and dissect how the client internal engine works to get the most out of Go to achieve maximum throughput.
Writing Networking Clients in Go - GopherCon 2017 talkNATS
Talk by Wally Quevedo at GopherCon 2017 on writing networking clients in Go, based on our experience with Go on the NATS team. The full talk is available on YouTube: https://www.youtube.com/watch?v=QoetRI2KHvc
Modification of l3 learning switch code for firewall functionality in pox con...eSAT Journals
The document describes modifications made to the Learning Layer 3 switch code in the POX SDN controller to add basic firewall functionality. A tree network topology with 7 switches and 8 hosts was created using Mininet. The Learning switch code was modified to check for source MAC addresses in packets and only allow communication for pre-defined source MACs by inserting rules in all switches. Testing showed only allowed hosts (h1 to h8) could communicate by matching the rules. The purpose was to provide firewall-like access control over the network using the SDN controller and OpenFlow switches.
International Journal of Computational Engineering Research(IJCER) ijceronline
nternational Journal of Computational Engineering Research (IJCER) is dedicated to protecting personal information and will make every reasonable effort to handle collected information appropriately. All information collected, as well as related requests, will be handled as carefully and efficiently as possible in accordance with IJCER standards for integrity and objectivity.
cReComp is an automated design tool that improves the productivity of developing ROS-compliant FPGA components. It generates a component-oriented interface that enables communication between FPGA hardware and ROS software. By describing a user logic circuit and configuration in simple files, cReComp can create the hardware interface circuit, ROS application code, and ROS message files to build a complete ROS-compliant FPGA component in less than an hour, significantly improving development time and productivity over manual design. An evaluation experiment showed that cReComp reduced the time and lines of code required for componentization compared to manual development.
Stream Cipher
Block Cipher
Stream Cipher and Block Cipher
The Feistel Cipher
Feistel Cipher Design Features
Data Encryption Standard (DES)
DES is a block cipher
THE AVALANCHE EFFECT
Block Cipher Design Principles
Zeus Locality aware distributed transaction upload.pptxYongraeJo
Zeus is a distributed transaction system that improves performance by dynamically reshaping data shards to minimize cross-shard transactions. It uses two main protocols:
1. An ownership protocol that migrates data shards between nodes to colocate related data, reducing the need for distributed transactions. This incurs an overhead of 4-9% compared to all local access.
2. A reliable commit protocol that replicates transaction commits to followers to ensure consistency despite failures. It pipelines local execution and commit to improve performance.
Zeus was evaluated on benchmarks modeling cellular handovers and a banking application. It achieved high performance by localizing over 99% of transactions through its dynamic sharding approach.
Basil is a scalable Byzantine fault-tolerant (BFT) database that introduces transactions and concurrency control to BFT systems. It addresses limitations of prior BFT systems such as leader bottlenecks, limited scalability, and lack of transactional semantics. Basil employs a client-driven commit approach and sharding to enable leaderless operation and linear scalability. It guarantees Byzantine serializability for safety and Byzantine independence for liveness. Experiments show Basil outperforms prior BFT databases and scales linearly with the number of shards.
HotStuff is a BFT consensus protocol that achieves linear view changes using threshold signatures. It has three key properties: 1) view changes are fast due to using a linear mechanism with threshold signatures, 2) view changes are simple as all protocol phases have a similar structure, and 3) view changes occur frequently as each client request can trigger a view change like in the normal case. The document describes the Basic HotStuff algorithm, which proceeds through New View, Prepare, Pre-Commit, Commit, and Decide phases to commit transactions in a view-based structure, and Chained HotStuff, which further simplifies and optimizes the protocol using pipelining and a generic phase.
1) The document describes two approaches - Order-Execute (OX) and Execute-Order in parallel (XO) - for building a blockchain platform using an existing relational database.
2) In the OX approach, transactions are ordered before execution, while in the XO approach transactions are executed in parallel without prior knowledge of ordering.
3) The approaches are implemented in PostgreSQL with 4000 lines of code. Serializable snapshot isolation is achieved using heuristics like abort during commit to detect conflicts.
This document summarizes erasure coding techniques for distributed storage systems. It discusses how erasure coding can be used to distribute data across multiple servers in a way that tolerates failures. The document outlines properties of erasure coding like agreement, totality and validity. It also presents techniques used in different versions of a protocol called BEAT that aim to optimize latency, bandwidth, throughput and storage overhead through improvements like Bracha's broadcast and various erasure coding schemes.
This document summarizes a research paper on Byzantine ordered consensus without Byzantine oligarchy. It introduces key concepts like ordering indicators, ordering properties like ordering unanimity and linearizability, and presents Pompe, a new BFT protocol that separates ordering and consensus phases. Pompe enforces ordering linearizability to prevent Byzantine nodes from fully controlling the command order, achieving Byzantine democracy instead of oligarchy. The system model assumes up to f Byzantine nodes in a network with cryptographic signatures and weak synchrony.
This document summarizes the Stellar Consensus Protocol (SCP), a new open-membership federated Byzantine agreement protocol that allows decentralized consensus while preserving benefits of traditional Byzantine agreement. SCP uses a nomination process to scope transactions and a ballot process employing federated voting to reach consensus. It guarantees safety when nodes choose adequate quorum slices and has been formally verified, though quorum intersection checking is NP-hard. SCP allows an organic growth model like the internet by forming quorums from individual trust decisions.
LedgerDB is a centralized ledger database that aims to provide universal audit and verification capabilities while improving on performance issues of decentralized ledgers. It uses a novel "execute-commit-index" transaction processing model that allows for early validation to improve throughput. Key features include strong external auditability, high performance, universal time notary anchors to prevent ledger tampering, and verifiable data removal operators like purge and occult. An evaluation shows LedgerDB outperforms Hyperledger Fabric in throughput and latency.
Blockene is a blockchain system that enables high-throughput and large-scale participation while remaining lightweight enough to run on resource-constrained mobile devices like smartphones. It achieves this by having resource-constrained citizen nodes perform consensus voting through gossip with resource-heavy politician nodes that handle transaction execution and storage. The system was tested with 2000 citizen nodes achieving over 1000 transactions per second while using only megabytes of storage and data per day on citizen devices.
Simple robot pets with three emotions (uC/OS III)YongraeJo
Implement a silly simple pet having switches, wheels and leds to represent his emotion, reacting to their environment. The system is implemented using uc/OS III (2015. 6)
This document describes FlexSC, a system that aims to reduce the costs of synchronous system calls by decoupling system call invocation from execution. FlexSC uses a shared memory region containing system call entries to asynchronously schedule system calls on dedicated kernel threads using workqueues. When a user program issues a system call, the entry is marked as submitted. A scanner thread then queues work to a worker thread to execute the system call asynchronously. The worker thread updates the entry status and return value upon completion. However, the current FlexSC implementation has limitations as kernel threads cannot fully access user address spaces. Further work is needed to address these limitations.
HoneyBadgerBFT is a Byzantine fault tolerant consensus protocol that achieves consensus in an asynchronous network without relying on timing assumptions. It uses a modular approach consisting of five modules - HoneyBadgerBFT, ACS, RBC, BA, and CommonCoin. HoneyBadgerBFT implements atomic broadcast through threshold encryption to provide censorship resistance. It relies on ACS for agreement on a common subset, RBC for reliable broadcast, BA for binary agreement, and CommonCoin for random bits. The protocol was implemented and evaluated on Amazon EC2 across different regions and instance counts.
The document discusses the Practical Byzantine Fault Tolerance (PBFT) algorithm. PBFT is a consensus algorithm that allows a distributed system to tolerate Byzantine faults. It replicates services across multiple servers and uses a three-phase protocol (pre-prepare, prepare, commit) to ensure replicas apply requests in the same order. PBFT can tolerate up to f faulty replicas as long as there are 2f+1 total replicas. The algorithm guarantees safety by ensuring all non-faulty replicas agree on a total order of requests, and liveness by allowing the system to make progress even if the primary replica fails.
Pileus is a cloud storage system that provides consistency-based service level agreements (SLAs) to applications. It offers a range of consistency choices between strong and eventual consistency. Pileus exports APIs that allow applications to specify desired consistency levels and latency targets via SLAs. The system enforces SLAs by selecting storage nodes that can meet the consistency and latency guarantees defined in the SLA. It uses client-side monitoring and adaptive techniques to satisfy SLAs even when network conditions vary. Evaluation results demonstrate that Pileus can better meet application-defined SLAs compared to fixed consistency approaches.
The document presents Visigoth, a new fault tolerance model and framework for replicated state machines in data centers. Visigoth can calibrate timing assumptions between synchronous and asynchronous, and fault behavior between crash and Byzantine faults. It aims to tolerate arbitrary but non-malicious faults with fewer replicas than Byzantine fault tolerance by distinguishing fault types. The authors implement a Visigoth fault tolerance library called VFT-SMaRt that uses a new quorum gathering primitive to handle the flexible quorum sizes of the Visigoth model. An evaluation shows VFT can tolerate the same number of faults as crash fault tolerance with better performance and fewer resources.
This document summarizes the XFT protocol, a new fault tolerance model that can tolerate both crash faults and Byzantine faults as long as machine faults and network faults do not occur simultaneously. The XPaxos protocol is presented as an example XFT protocol that uses state machine replication to tolerate up to t faults among 2t+1 replicas. Experimental results show that XPaxos maintains high performance under both normal operation and fault conditions.
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slackshyamraj55
Discover the seamless integration of RPA (Robotic Process Automation), COMPOSER, and APM with AWS IDP enhanced with Slack notifications. Explore how these technologies converge to streamline workflows, optimize performance, and ensure secure access, all while leveraging the power of AWS IDP and real-time communication via Slack notifications.
Fueling AI with Great Data with Airbyte WebinarZilliz
This talk will focus on how to collect data from a variety of sources, leveraging this data for RAG and other GenAI use cases, and finally charting your course to productionalization.
Dandelion Hashtable: beyond billion requests per second on a commodity serverAntonios Katsarakis
This slide deck presents DLHT, a concurrent in-memory hashtable. Despite efforts to optimize hashtables, that go as far as sacrificing core functionality, state-of-the-art designs still incur multiple memory accesses per request and block request processing in three cases. First, most hashtables block while waiting for data to be retrieved from memory. Second, open-addressing designs, which represent the current state-of-the-art, either cannot free index slots on deletes or must block all requests to do so. Third, index resizes block every request until all objects are copied to the new index. Defying folklore wisdom, DLHT forgoes open-addressing and adopts a fully-featured and memory-aware closed-addressing design based on bounded cache-line-chaining. This design offers lock-free index operations and deletes that free slots instantly, (2) completes most requests with a single memory access, (3) utilizes software prefetching to hide memory latencies, and (4) employs a novel non-blocking and parallel resizing. In a commodity server and a memory-resident workload, DLHT surpasses 1.6B requests per second and provides 3.5x (12x) the throughput of the state-of-the-art closed-addressing (open-addressing) resizable hashtable on Gets (Deletes).
Ivanti’s Patch Tuesday breakdown goes beyond patching your applications and brings you the intelligence and guidance needed to prioritize where to focus your attention first. Catch early analysis on our Ivanti blog, then join industry expert Chris Goettl for the Patch Tuesday Webinar Event. There we’ll do a deep dive into each of the bulletins and give guidance on the risks associated with the newly-identified vulnerabilities.
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...Alex Pruden
Folding is a recent technique for building efficient recursive SNARKs. Several elegant folding protocols have been proposed, such as Nova, Supernova, Hypernova, Protostar, and others. However, all of them rely on an additively homomorphic commitment scheme based on discrete log, and are therefore not post-quantum secure. In this work we present LatticeFold, the first lattice-based folding protocol based on the Module SIS problem. This folding protocol naturally leads to an efficient recursive lattice-based SNARK and an efficient PCD scheme. LatticeFold supports folding low-degree relations, such as R1CS, as well as high-degree relations, such as CCS. The key challenge is to construct a secure folding protocol that works with the Ajtai commitment scheme. The difficulty, is ensuring that extracted witnesses are low norm through many rounds of folding. We present a novel technique using the sumcheck protocol to ensure that extracted witnesses are always low norm no matter how many rounds of folding are used. Our evaluation of the final proof system suggests that it is as performant as Hypernova, while providing post-quantum security.
Paper Link: https://eprint.iacr.org/2024/257
Digital Marketing Trends in 2024 | Guide for Staying AheadWask
https://www.wask.co/ebooks/digital-marketing-trends-in-2024
Feeling lost in the digital marketing whirlwind of 2024? Technology is changing, consumer habits are evolving, and staying ahead of the curve feels like a never-ending pursuit. This e-book is your compass. Dive into actionable insights to handle the complexities of modern marketing. From hyper-personalization to the power of user-generated content, learn how to build long-term relationships with your audience and unlock the secrets to success in the ever-shifting digital landscape.
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfChart Kalyan
A Mix Chart displays historical data of numbers in a graphical or tabular form. The Kalyan Rajdhani Mix Chart specifically shows the results of a sequence of numbers over different periods.
Digital Banking in the Cloud: How Citizens Bank Unlocked Their MainframePrecisely
Inconsistent user experience and siloed data, high costs, and changing customer expectations – Citizens Bank was experiencing these challenges while it was attempting to deliver a superior digital banking experience for its clients. Its core banking applications run on the mainframe and Citizens was using legacy utilities to get the critical mainframe data to feed customer-facing channels, like call centers, web, and mobile. Ultimately, this led to higher operating costs (MIPS), delayed response times, and longer time to market.
Ever-changing customer expectations demand more modern digital experiences, and the bank needed to find a solution that could provide real-time data to its customer channels with low latency and operating costs. Join this session to learn how Citizens is leveraging Precisely to replicate mainframe data to its customer channels and deliver on their “modern digital bank” experiences.
This presentation provides valuable insights into effective cost-saving techniques on AWS. Learn how to optimize your AWS resources by rightsizing, increasing elasticity, picking the right storage class, and choosing the best pricing model. Additionally, discover essential governance mechanisms to ensure continuous cost efficiency. Whether you are new to AWS or an experienced user, this presentation provides clear and practical tips to help you reduce your cloud costs and get the most out of your budget.
FREE A4 Cyber Security Awareness Posters-Social Engineering part 3Data Hops
Free A4 downloadable and printable Cyber Security, Social Engineering Safety and security Training Posters . Promote security awareness in the home or workplace. Lock them Out From training providers datahops.com
Building Production Ready Search Pipelines with Spark and MilvusZilliz
Spark is the widely used ETL tool for processing, indexing and ingesting data to serving stack for search. Milvus is the production-ready open-source vector database. In this talk we will show how to use Spark to process unstructured data to extract vector representations, and push the vectors to Milvus vector database for search serving.
5th LF Energy Power Grid Model Meet-up SlidesDanBrown980551
5th Power Grid Model Meet-up
It is with great pleasure that we extend to you an invitation to the 5th Power Grid Model Meet-up, scheduled for 6th June 2024. This event will adopt a hybrid format, allowing participants to join us either through an online Mircosoft Teams session or in person at TU/e located at Den Dolech 2, Eindhoven, Netherlands. The meet-up will be hosted by Eindhoven University of Technology (TU/e), a research university specializing in engineering science & technology.
Power Grid Model
The global energy transition is placing new and unprecedented demands on Distribution System Operators (DSOs). Alongside upgrades to grid capacity, processes such as digitization, capacity optimization, and congestion management are becoming vital for delivering reliable services.
Power Grid Model is an open source project from Linux Foundation Energy and provides a calculation engine that is increasingly essential for DSOs. It offers a standards-based foundation enabling real-time power systems analysis, simulations of electrical power grids, and sophisticated what-if analysis. In addition, it enables in-depth studies and analysis of the electrical power grid’s behavior and performance. This comprehensive model incorporates essential factors such as power generation capacity, electrical losses, voltage levels, power flows, and system stability.
Power Grid Model is currently being applied in a wide variety of use cases, including grid planning, expansion, reliability, and congestion studies. It can also help in analyzing the impact of renewable energy integration, assessing the effects of disturbances or faults, and developing strategies for grid control and optimization.
What to expect
For the upcoming meetup we are organizing, we have an exciting lineup of activities planned:
-Insightful presentations covering two practical applications of the Power Grid Model.
-An update on the latest advancements in Power Grid -Model technology during the first and second quarters of 2024.
-An interactive brainstorming session to discuss and propose new feature requests.
-An opportunity to connect with fellow Power Grid Model enthusiasts and users.
GraphRAG for Life Science to increase LLM accuracyTomaz Bratanic
GraphRAG for life science domain, where you retriever information from biomedical knowledge graphs using LLMs to increase the accuracy and performance of generated answers
Skybuffer SAM4U tool for SAP license adoptionTatiana Kojar
Manage and optimize your license adoption and consumption with SAM4U, an SAP free customer software asset management tool.
SAM4U, an SAP complimentary software asset management tool for customers, delivers a detailed and well-structured overview of license inventory and usage with a user-friendly interface. We offer a hosted, cost-effective, and performance-optimized SAM4U setup in the Skybuffer Cloud environment. You retain ownership of the system and data, while we manage the ABAP 7.58 infrastructure, ensuring fixed Total Cost of Ownership (TCO) and exceptional services through the SAP Fiori interface.
Best 20 SEO Techniques To Improve Website Visibility In SERPPixlogix Infotech
Boost your website's visibility with proven SEO techniques! Our latest blog dives into essential strategies to enhance your online presence, increase traffic, and rank higher on search engines. From keyword optimization to quality content creation, learn how to make your site stand out in the crowded digital landscape. Discover actionable tips and expert insights to elevate your SEO game.
Best 20 SEO Techniques To Improve Website Visibility In SERP
FastBFT
1. FastBFT: Scalable Byzantine Consensus
via Hardware-assisted Secret Sharing
Yongrae Jo
System Software Laboratory
Department of CSE
POSTECH
2017. 7. 26
Jian Liu, et al.
Not published
Aalto University, NEC Laboratories Europe
5. 5
BFT Problem & Why is it important today?
● BFT Problem is about building dependable and high
performance Byzantine fault tolerant system that can
tolerate Byzantine faults to some extent
● There is a long history to the journey for improving BFT
algorithm from the very first time when the paper, “The
Byzantine Generals Problem” was published in 1982 to the
most recent works (..PBFT, Zyzzyva, Min BFT, Fast BFT)
● Recent blockchain technologies surge research about high
performance BFT algorithm
9. 9
● Protecting a secret by spliting it into
many pieces which can be used to
retrive original secret later
● After spliting secret into several
pieces, original secret should be
destroyed.
● Splited secrets are calld shadows
● (k, n) secret sharing scheme
– A secret is splited into n pieces
– At least k pieces is needed to retrive
a secret
Secret sharing scheme
11. 11
● XOR secret sharing scheme is special case where k = n
● which means, if you are gonna retrive original secret, you need
to gather all the shadows(i.e. shares)
● Principles
– Define a (binary)secret, with length L
– Generate n-1 random binary numbers(shadows) with length L
– Generate last random binary numbers which equals to a value that all
shadows and secret are XORed
– And distribute all shadows randomly into participants
– To retrive a secret, gathers all shadows and apply XOR op to them
● XOR based secret sharing scheme is lightweight version
XOR secret sharing scheme
12. 12
● Each replica’s local TEE maintains a unique, monotonic and
sequential counter; each message is required to be bound
to a unique counter value
● Since monotonicity of the counter is ensured by TEEs, replicas
cannot assign the same counter value to different messages
● At pre-prepare phase of PBFT, the primary assigns unique
sequence number to client‘s request and broadcasts it for reaching
consensus on total order of request.
→ Not needed anymore
●
With TEE, it is guarenteed that only two phase is needed to
proceed the protocol
● And all cryptographic processes are calculated in TEE
Trusted Execution Environment for BFT
14. 14
● Message aggregation techniques reduces
communication cost
● Rather than broadcast messages to all replica, each
replica unicast a single message to the primary
Message Aggregation
15. 15
● O(n) message communication can still be bottleneck to
primary
● Primary organizes replicas into a balanced tree rooted at itself
to distribute both communication and computation costs
● O(n2) → O(n) → O(1)
Message Aggregation with Tree Toplogy
Only takes constant time: O(b),
(b: branch factor)
16. 16
● Crash faults are detected by timeout
● Byzantine faults are detected by verifying shares
● Think of below picture as a path from the root to the leaf
in tree structure for adoption in Fast BFT
(Non-primary)Failure Detection Mechanism
BChain: Byzantine Replication with High Throughput and Embedded Reconfiguration, opodis 2014
17. 17
Bchain: Novel Non-Primary Failure
Detection Mechanism
BChain: Byzantine Replication with High Throughput and Embedded Reconfiguration, opodis 2014
18. 18
● Spliting 2f + 1 correct replicas into two group:
– 1) f + 1 active replicas
– 2) f passive replicas
● Active replicas engage in both agreement and execution
● Passive replicas only update its state and become active
only in case the agreement protocol fails
● Similar concept to optimistic replication which ensures
eventual consistency
● Optimistic approach reduces replication cost and
number of communication message
Optimistic Approach
23. 23
TEE based counter
● TEE based counter is used to assign unique sequence
number(counter value) to the client’s request
● For each counter value, TEE generate the signature with
(counter value, view number, secret shares)
● With the signature signed by TEE, the primary can’t
fabricate the sequence number
● Other replicas trust the counter through so called
“Remote Attestation” process, not the primary itself
24. 24
TEE based counter offered by Fast BFT
Generate digital
signature(ECDSA)
Request digital signature
signed by primary for the
next counter value
1. Verify signature
2. Autheticated Decryption
3. Check if valid counter
27. 27
Operations
For each counter c,
1. Generate secret
2. Bind secret to counter
value and view number using
SHA256
3. Split secrets
Preprocessing function
4.Each replica has a
hash of aggregated
secrets from its
descendants
5.Authenticated
encryption so that only
authroized replica can
decrypt the cipher text
Secret assigned
to replica iSymmetric key
Hash of
aggregated
secrets
28. 28
Operations
For each counter c,
1. Generate secret
2. Bind secret to counter
value and view number using
SHA256
3. Split secrets
Preprocessing function
4.Each replica has a
hash of aggregated
secrets from its
descendants
5.Authenticated
encryption so that only
authroized replica can
decrypt the cipher text
6.Generate digital
signature(ECDSA)
7.Return cryptographic
information bound to c
39. 39
Let’s get clear on message aggregation
● When <PREPARE> or <COMMIT> message comes at each replica(leaf,
nonleaf),
● Nonleaf replica starts a timer until it gets secret from its children
● Leaf replica sends its secret to parent
● If Nonleaf replica gets secrets from children, exit the timer and aggregates
the secrets and send them to parents
● This process is going on till the primary get the all secrets
● When the primary aggregates all the secrets from children, it gets ready to
move to the next stage
● Of course, verifying the secret is done using hash of the secret when receving
each secret from children
40. 40
Still confusing?
Let’s see again with tree topology
In optimistic approach,
f + 1 : number of active replica &
primary, participating agreement &
execution
f: number of passive replica, not
participating agreement & execution
41. 41
Phase1: Preprocessing
- Prelude for Message aggregation
1. Generate sc
2.
Split sc
into sc
1
,
sc
2
,
...
sc
7
3. hc
= H(<sc
, (c, v)>)
sc
1
,
hc
2
, hc
3
sc
2
,
hc
4
, hc
5
sc
3
,
hc
6
, hc
7
sc
4
sc
5
sc
6
sc
7
sc
1
= sc
2
s⊕ c
3
hc
2
= H(sc
2
)
hc
7
= H(sc
7
)
hc
1
= H(sc
1
)
sc
2
= sc
4
s⊕ c
5
sc
3
= sc
6
s⊕ c
7
48. 48
View Change Protocol
● When exsisting primary is suspected to be faulty, correct
replica broadcast <REQVIEWCHANGE> message which
includes the new view number v ’
● When correct replica receives f + 1 <REQVIEWCHANGE>
message, broadcast <VIEWCHANGE> message
● When the new primary(v ’) receives f + 1 <VIEWCHANGE>
message
– Choose set of active replica
– TEE.be_primary(), TEE.request_counter()
– Broadcast <NEWVIEW> message
52. 52
Checkpointing & Logging
●
View Change process is quite complex due to logging and
checkpointing
● Messages: <PREPARE>, <COMMIT>, <REPLY> are all
logged → Not sufficient space!
– Think 100,000 transactions per second
● Checkpointing solves it through garbage collection which
discards all messages after latest checkpoint
●
When the primary changes, all operations after the latest
checkpoint are executed
53. 53
Evaluation - Implementation & Test
Environment
● Golang based implementation
● Intel SGX for TEE
● A private network consisting of five 8 vCore Intel Xeon E3
1240 equipped with 32 GB RAM and Intel SGX
● All BFT replicas were running in separate processes.
● The clients: 8 vCore Intel Xeon E31230 equipped with 16 GB
RAM
● Communication between various machines was bridged using
a 1 Gbps switch
62. 62
비잔틴 폴트 잡아내는 법(non-primary)
●
preprocessing 단계에서, 각 리플리카에 대해, 그 자식의 자식
들의 시크릿 값을 XOR 연산한 해쉬 값을 갖게 하고,
●
이후 메시지 합산(aggregation) 과정을 시작 할 때, 각 리플리
카는 자식들의 시크릿 값의 해쉬 값과 preprocessing 단계에
서 받은 해쉬 값을 비교해서, 다르면 비잔틴 폴트로 간주
●
즉, 시크릿 값(or 카운터 값, 뷰 번호) 조작하다 걸리면 비잔
틴 폴트로 간주되어서 active replica 그룹에서 쫓겨남
63. 63
크래쉬 폴트 잡아내는 법(non-primary)
●
Nonleaf 위치의 replica가 <PREPARE> 또는 <COMMIT> 메시지
수신시, 자식 노드로부터 시크릿 값을 받을 때까지 타이머
를 실행함
●
일정 시간 동안 시크릿 값을 받지 못하면 자식 노드에 크
래쉬 폴트가 났다고 간주하고 <SUSPECT> 메시지를 부모와
프라이머리에게 보냄
●
고소(?) 한 노드는 리프 노드로 이동하고, 고소 당한 노드는
Passive replica로 이동
64. 64
XOR 연산의 대수적 성질
●
결합 법칙 성립
●
교환 법칙 성립
●
역 연산이 존재
●
즉, 이진 시크릿 값에 임의의 이진 수들을 XOR 연산
한 값에서 원래의 시크릿 값을 복원할 수 있음
65. 65
정확성 증명 - Safty
●
Safty: Correct replica들은 똑같은 결과를 내놓는다는 것을 보증하
는 속성
66. 66
정확성 증명 - Liveness
●
Liveness: 클라이언트는 결국에는 응답을 받는다는 것을 보증하
는 속성