Secure Distributed Agreement Protocols for Information Assurance Applications

Abstract

Distributed agreement protocols among a group of application processes are often built upon atomic multicast message delivery guarantees. Issues arise however when agreement protocols are realized in Information Assurance (IA) settings where extreme failure behaviors such as send-omission of processes and message timeliness violations are likely. The issues are compounded by security weaknesses in the communication software that make it easier for intruders to stage attacks. These issues impact the design of agreement protocols, which have hitherto assumed only benign failures such as process crash and network message loss/delay. In this paper, we revisit the distributed agreement problem, taking into account the IA dimension as well. Our study reveals the need for a secure centralized entity to realize the group decision-making and state coordination functions. Two functions are studied: dynamic group membership management to exclude non-cooperating members from the group and security-reinforced communications to enforce mutual anonymity of members. Our paper walks through a state-machine based realization of distributed agreements using secure atomic multicast protocol as an underlying communication substrate. The use of our approach in IA applications is also described.