Blockchain and Distributed Consensus: From Security Analysis to Novel Applications

Xiao, Yang

13 May 2022

Blockchain, the technology behind cryptocurrency, enables decentralized and distrustful parties to maintain a unique and consistent transaction history through consensus, without involving a central authority. The decentralization, transparency, and consensus-driven security promised by blockchain are unprecedented and can potentially enable a wide range of new applications that prevail in the decentralized zero-trust model. While blockchain represents a secure-by-design approach to building zero-trust applications, there still exist outstanding security bottlenecks that hinder the technology's wider adoption, represented by the following two challenges: (1) blockchain as a distributed networked system is multi-layered in nature which has complex security implications that are not yet fully understood or addressed; (2) when we use blockchain to construct new applications, especially those previously implemented in the centralized manner, there often lack effective paradigms to customize and augment blockchain's security offerings to realize domain-specific security goals. In this work, we provide answers to the above two challenges in two coordinated efforts. In the first effort, we target the fundamental security issues caused by blockchain's multi-layered nature and the consumption of external data. Existing analyses on blockchain consensus security overlooked an important cross-layer factor---the heterogeneity of the P2P network's connectivity. We first provide a comprehensive review on notable blockchain consensus protocols and their security properties. Then we focus one class of consensus protocol---the popular Nakamoto consensus---for which we propose a new analytical model from the networking perspective that quantifies the impact of heterogeneous network connectivity on key consensus security metrics, providing insights on the actual "51% attack" threshold (safety) and mining revenue distribution (fairness). The external data truthfulness challenge is another fundamental challenge concerning the decentralized applications running on top of blockchain. The validity of external data is key to the system's operational security but is out of the jurisdiction of blockchain consensus. We propose DecenTruth, a system that combines a data mining technique called truth discovery and Byzantine fault-tolerant consensus to enable decentralized nodes to collectively extract truthful information from data submitted by untrusted external sources. In the second effort, we harness the security offerings of blockchain's smart contract functionality along with external security tools to enable two domain-specific applications---data usage control and decentralized spectrum access system. First, we use blockchain to tackle a long-standing privacy challenge of data misuse. Individual data owners often lose control on how their data can be used once sharing the data with another party, epitomized by the Facebook-Cambridge Analytica data scandal. We propose PrivacyGuard, a security platform that combines blockchain smart contract and hardware trusted execution environment (TEE) to enable individual data owner's fine-grained control over the usage (e.g., which operation, who can use on what condition/price) of their private data. A core technical innovation of PrivacyGuard is the TEE-based execution and result commitment protocol, which extends blockchain's zero-trust security to the off-chain physical domain. Second, we employ blockchain to address the potential security and performance issues facing dynamic spectrum sharing in the 5G or next-G wireless networks. The current spectrum access system (SAS) designated by the FCC follows a centralized server-client service model which is vulnerable to single-point failures of SAS service providers and also lacks an efficient, automated inter-SAS synchronization mechanism. In response, we propose a blockchain-based decentralized SAS architecture dubbed BD-SAS to provide SAS service efficiently to spectrum users and enable automated inter-SAS synchronization, without assuming trust on individual SAS service providers. We hope this work can provide new insights into blockchain's fundamental security and applicability to new security domains. / Doctor of Philosophy / Blockchain, the technology behind cryptocurrency, enables decentralized and distrustful parties to maintain a unique and consistent transaction history through consensus, without involving a central authority. The decentralization, transparency, and consensus-driven security promised by blockchain are unprecedented and can potentially enable zero-trust applications in a wide range of domains. While blockchain's secure-by-design vision is truly inspiring, there still remain outstanding security challenges that hinder the technology's wider adoption. They originate from the blockchain system's complex multi-layer nature and the lack of effective paradigms to customize blockchain for domain-specific applications. In this work, we provide answers to the above two challenges in two coordinated efforts. In the first effort, we target the fundamental security issues caused by blockchain's multi-layered nature and the consumption of external data. We first provide a comprehensive review on existing notable consensus protocols and their security issues. Then we propose a new analytical model from a novel networking perspective that quantifies the impact of heterogeneous network connectivity on key consensus security metrics. Then we address the external data truthfulness challenge concerning the decentralized applications running on top of blockchain which consume the real-world data, by proposing DecenTruth, a system that combines data mining and consensus to allow decentralized blockchain nodes to collectively extract truthful information from untrusted external sources. In the second effort, we harness the security offerings of blockchain's smart contract functionality along with external security tools to enable two domain-specific applications. First, eyeing on our society's data misuse challenge where data owners often lose control on how their data can be used once sharing the data with another party, we propose PrivacyGuard, a security platform that combines blockchain smart contract and hardware security tools to give individual data owner's fine-grained control over the usage over their private data. Second, targeting the lack of a fault-tolerant spectrum access system in the domain of wireless networking, we propose a blockchain-based decentralized spectrum access system dubbed BD-SAS to provide spectrum management service efficiently to users without assuming trust on individual SAS service providers. We hope this work can provide new insights into blockchain's fundamental security and applicability to new security domains.

Blockchain

distributed consensus

network security

Centrality Routing and Blockchain Technologies in Distributed Networks

Ghiro, Lorenzo

19 May 2021

This thesis contributes to the development of distributed networks proposing: • a technique to enhance the reliability of DV routing protocols; • a critical analysis of the integration of blockchains in distributed networks. First, a novel algorithm for the distributed computation of the Load Centrality (LC), a graph centrality metric, is proposed and then applied for steering the optimization of the route recovery process of Distance-Vector (DV) routing protocols: this way the algorithm contributes to the enhancement of the network reliability. The algorithm convergence is proved also identifying time complexity bounds that are later confirmed by computer simulations. The proposed algorithm is designed as an extension to the Bellman-Ford one and can thus be integrated with any DV routing protocol. An implementation of the algorithm in Babel, a real world DV protocol, is provided in support of this claim. Then an application of the algorithm is presented: the LC is used to find an optimal tuning for the generation frequency of the Babel control messages. This tuning technique effectively reduces the impact of losses consequent to random node failures in the emulations of several real world wireless mesh networks, without increasing the control overhead. A second version of the algorithm is designed to be incrementally deployable. This version can be deployed gradually in production networks also by uncoordinated administrators. When only a fraction of nodes is upgraded so to participate in the protocol, these upgraded nodes estimate their LC indexes approximating the theoretical ones. The approximation error is studied analytically and it is also shown that, even for low penetration ratios of upgraded nodes in the network, the algorithm accurately ranks nodes according to their theoretical centrality. The second contribution of the thesis is the critical discussion of the integration of blockchain technologies in distributed networks. An initial analysis of the literature concerning blockchain based applications reveals an ambiguity around the term "blockchain" itself. The term is used, apparently, to identify a number of similar but different technologies proposed to empower a surprisingly broad range of applications. This thesis prompts therefore the need of formulating a restrictive definition for the term blockchain, necessary for clarifying the role of the same blockchain in distributed networks. The proposed definition is grounded in the critical analysis of the blockchain from a distributed systems perspective: Blockchains are only those platforms that implement an open, verifiable and immutable Shared Ledger, independent of any trusted authority. Observing that the blockchain security grows with the amount of resources consumed to generate blocks, this thesis concludes that a secure blockchain is necessarily resource hungry, therefore, its integration in the constrained domain of distributed networks is not advised. The thesis draws recommendations for a use of the blockchain not in contrast with the definition. For example, it warns about applications that require data to be kept confidential or users to be registered, because the blockchain naturally supports the openness and transparency of data together with the anonymity of users. Finally a feasible role for the blockchain in the Internet of Things (IoT) is outlined: while most of the IoT transactions will be local and Off-Chain, a blockchain can still act as an external and decentralized platform supporting global transactions, offering an alternative to traditional banking services. The enhanced reliability of DV routing protocols encourages a wider adoption of distributed networks, moreover, the distributed algorithm for the computation of centrality enables applications previously restricted to centralized networks also in distributed ones. The discussion about the blockchain increases instead the awareness about the limits and the scope of this technology, inspiring engineers and practitioners in the development of more secure applications for distributed networks. This discussion highlights, for instance, the important role of the networking protocols and communication infrastructure on the blockchain security, pointing out that large delays in the dissemination of blocks of transactions make the blockchain more vulnerable to attacks. Furthermore, it is observed that a high ability to take control over the communications in the network favors eclipse attacks and makes more profitable the so called selfish mining strategy, which is detrimental to the decentralization and the security of blockchains. The two main contributions of this thesis blended together inspire the exploitation of centrality to optimize gossip protocols, minimizing block propagation delays and thus the exposure of the blockchain to attacks. Furthermore, the notion of centrality may be used by the community of miners to measure the nodes influence over the communication of blocks, so it might be used as a security index to warn against selfish mining and eclipse attack.

centrality

blockchain

routing

Internet of Thing

distributed network

distributed consensus

Settore INF/01 - Informatica

Distributed Inference using Bounded Transmissions

January 2013

abstract: Distributed inference has applications in a wide range of fields such as source localization, target detection, environment monitoring, and healthcare. In this dissertation, distributed inference schemes which use bounded transmit power are considered. The performance of the proposed schemes are studied for a variety of inference problems. In the first part of the dissertation, a distributed detection scheme where the sensors transmit with constant modulus signals over a Gaussian multiple access channel is considered. The deflection coefficient of the proposed scheme is shown to depend on the characteristic function of the sensing noise, and the error exponent for the system is derived using large deviation theory. Optimization of the deflection coefficient and error exponent are considered with respect to a transmission phase parameter for a variety of sensing noise distributions including impulsive ones. The proposed scheme is also favorably compared with existing amplify-and-forward (AF) and detect-and-forward (DF) schemes. The effect of fading is shown to be detrimental to the detection performance and simulations are provided to corroborate the analytical results. The second part of the dissertation studies a distributed inference scheme which uses bounded transmission functions over a Gaussian multiple access channel. The conditions on the transmission functions under which consistent estimation and reliable detection are possible is characterized. For the distributed estimation problem, an estimation scheme that uses bounded transmission functions is proved to be strongly consistent provided that the variance of the noise samples are bounded and that the transmission function is one-to-one. The proposed estimation scheme is compared with the amplify and forward technique and its robustness to impulsive sensing noise distributions is highlighted. It is also shown that bounded transmissions suffer from inconsistent estimates if the sensing noise variance goes to infinity. For the distributed detection problem, similar results are obtained by studying the deflection coefficient. Simulations corroborate our analytical results. In the third part of this dissertation, the problem of estimating the average of samples distributed at the nodes of a sensor network is considered. A distributed average consensus algorithm in which every sensor transmits with bounded peak power is proposed. In the presence of communication noise, it is shown that the nodes reach consensus asymptotically to a finite random variable whose expectation is the desired sample average of the initial observations with a variance that depends on the step size of the algorithm and the variance of the communication noise. The asymptotic performance is characterized by deriving the asymptotic covariance matrix using results from stochastic approximation theory. It is shown that using bounded transmissions results in slower convergence compared to the linear consensus algorithm based on the Laplacian heuristic. Simulations corroborate our analytical findings. Finally, a robust distributed average consensus algorithm in which every sensor performs a nonlinear processing at the receiver is proposed. It is shown that non-linearity at the receiver nodes makes the algorithm robust to a wide range of channel noise distributions including the impulsive ones. It is shown that the nodes reach consensus asymptotically and similar results are obtained as in the case of transmit non-linearity. Simulations corroborate our analytical findings and highlight the robustness of the proposed algorithm. / Dissertation/Thesis / Ph.D. Electrical Engineering 2013

Electrical engineering

Distributed Detection

Multiple Access Channel

Constant Modulus

Deflection Coefficient

Error Exponent

Distributed Consensus

Sensor Networks

Bounded Transmissions

Asymptotic Covariance

Stochastic Approximation

Markov Processes.

Distributed Network Processing and Optimization under Communication Constraint

Chang Shen Lee (11184969)

26 July 2021

<div>In recent years, the amount of data in the information processing systems has significantly increased, which is also referred to as big-data. The design of systems handling big-data calls for a scalable approach, which brings distributed systems into the picture. In contrast to centralized systems, data are spread across the network of agents in the distributed system, and agents cooperatively complete tasks through local communications and local computations. However, the design and analysis of distributed systems, in which no central coordinators with complete information are present, are challenging tasks. In order to support communication among agents to enable multi-agent coordination among others, practical communication constraints should be taken into consideration in the design and analysis of such systems. The focus of this dissertation is to provide design and analysis of distributed network processing using finite-rate communications among agents. In particular, we address the following open questions: 1) can one design algorithms balancing a graph weight matrix using finite-rate and simplex communications among agents? 2) can one design algorithms computing the average of agents’ states using finite-rate and simplex communications? and 3) going beyond of ad-hoc algorithmic designs, can one design a black-box mechanism transforming a general class of algorithms with unquantized communication to their finite-bit quantized counterparts?</div><div><br></div><div>This dissertation addresses the above questions. First, we propose novel distributed algorithms solving the weight-balancing and average consensus problems using only finite-rate simplex communications among agents, compliant to the directed nature of the network topology. A novel convergence analysis is put forth, based on a new metric inspired by the</div><div>positional system representations. In the second half of this dissertation, distributed optimization subject to quantized communications is studied. Specifically, we consider a general class of linearly convergent distributed algorithms cast as fixed-point iterate, and propose a novel black-box quantization mechanism. In the proposed mechanism, a novel quantizer preserving linear convergence is proposed, which is proved to be more communication efficient than state-of-the-art quantization mechanisms. Extensive numerical results validate our theoretical findings.</div>

Computer Engineering

Control Systems, Robotics and Automation

Signal Processing

Distributed Optimization

Quantization

decentralized computation

decentralized coordination

Distributed processing of data

distributed computing

distributed consensus

Fixed point theory.

A protocol for decentralized video conferencing with WebRTC : Solving the scalability problems of conferencing services for the web

Hallberg, Andreas

January 2016

Video conferencing has been a part of many communication platforms over the years. Over the last decades users have moved from dedicated telephony networks to the Internet, and recently to the Web. With the introduction of Web Real-Time Communication (WebRTC) it is now possible to make voice- and video calls simply by visiting a web page, without having to install any additional software. Services that enable multi-user conferences are quite common. However existing solutions such as the Multipoint Control Unit (MCU) inherently do not scale and can be a single point of failure, due to its centralized architecture. This can lead to high maintenance costs and poor service availability.To solve the scalability- and availability problems of video-conferencing services, a decentralized alternative to the MCU is proposed. A decentralized conferencing system uses the distributed resources of its users instead of relying on a central server. This means that the system can handle an increasing number of users without having to upgrade any server infrastructure. Additionally, failures are only partial and can happen regularly without affecting the rest of the system. This report presents the development of a protocol built on top of WebRTC that enables completely decentralized multi-user conferencing. It includes a distributed algorithm for voice-activated switching to reduce the computation and network resources used. A load-balancing technique based on media stream relays is used to distribute the resource requirements of the conference participants. The protocol is implemented as a Javascript library that can be included in a web application. A proof-of-concept web application is developed using the library and its performance is evaluated. The performance data is analyzed and the results are used to make incremental improvements to the protocol and implementation. Although not all features of the protocol are implemented, the tests show promising results. The application allows multiple users to participate in high-definition video conferences, with no server infrastructure aside from a Mini PC that hosts a web server and a WebRTC signaling server. / Videokonferenser har varit en del av många olika kommunikationsplattformar genom åren. Tekniken har yttats från dedikerade telefonnnät,, till Internet, och på senare tid till webben. I och med introduktionen av WebRTC (Web Real-Time Communication) är deti dag möjligt att enkelt deltaga i röst- och videosamtal genom att gå till en webbsida utan att behöva installera någon programvara annat an en webbläsare. De flesta existerande konferenstjänster är byggda med en centraliserad arkitektur, vilket kan leda till tekniska problem när antalet användare ökar eller när fel uppstår i systemens centrala servrar. Dessa problem kan leda till driftstopp och skada tjänstens tillgänglighet för användarna. Den här rapporten täcker utvecklingen av ett protokoll som tillsammans med WebRTC kan användas för att bygga en helt decentraliserad konferenstjänst. Målet är att tjänsten ska vara oberoende av centrala servrar, och på så vis lösa problemen med skalbarhet och tillgänglighet. Protokollet implementeras i en webbapplikation som testas och utvärderasöver flera iterationer för att hitta nya förbättringar. Testerna visar lovande resultat. Slutsatsen dras det är fullt möjligt att bygga en konferenstjänst på detta sätt, och möjligheter för framtida optimeringar och testfall föreslås.

video conference

WebRTC

Peer-to-peer

P2P protocols

streaming

scalability

distributed systems

internet telephony

distributed consensus

Computer and Information Sciences

Data- och informationsvetenskap

Engineering and Technology

Teknik och teknologier

Identification de paramètre basée sur l'optimisation de l'intelligence artificielle et le contrôle de suivi distribué des systèmes multi-agents d'ordre fractionnaire / Parameter identification based on artificial intelligence optimization and distributed tracking control of fractional-order multi-agent systems

Hu, Wei

10 July 2019

Cette thèse traite de l'identification des paramètres du point de vue de l'optimisation et du contrôle de suivi distribué des systèmes multi-agents d'ordre fractionnaire (FOMASs) en tenant compte des retards, des perturbations externes, de la non-linéarité inhérente, des incertitudes des paramètres et de l'hétérogénéité dans le cadre d'une topologie de communication fixe non dirigée / dirigée. Plusieurs contrôleurs efficaces sont conçus pour réaliser avec succès le contrôle de suivi distribué des FOMASs dans différentes conditions. Plusieurs types d'algorithmes d'optimisation de l'intelligence artificielle et leurs versions modifiées sont appliquées pour identifier les paramètres inconnus des FOMASs avec une grande précision, une convergence rapide et une grande robustesse. Il est à noter que cette thèse fournit un lien prometteur entre la technique d'intelligence artificielle et le contrôle distribué. / This thesis deals with the parameter identification from the viewpoint of optimization and distributed tracking control of fractional-order multi-agent systems (FOMASs) considering time delays, external disturbances, inherent nonlinearity, parameters uncertainties, and heterogeneity under fixed undirected/directed communication topology. Several efficient controllers are designed to achieve the distributed tracking control of FOMASs successfully under different conditions. Several kinds of artificial intelligence optimization algorithms andtheir modified versions are applied to identify the unknown parameters of the FOMASs with high accuracy, fast convergence and strong robustness. It should be noted that this thesis provides a promising link between the artificial intelligence technique and distributed control.

Identification des paramètres

Délais

Perturbations externes

Dynamique non linéaire

Paramètres inconnus

Hétérogéneité

Parameter identification

Artificial intelligence optimization

Time delays

External disturbances

Nonlinear dynamics

Unknown parameters

Heterogeneity