14th EAI International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services

Research Article

Duck Attack on Accountable Distributed Systems

  • @INPROCEEDINGS{10.4108/eai.7-11-2017.2273615,
        author={Amrit Kumar and Pascal Lafourcade and C\^{e}dric Lauradoux},
        title={Duck Attack on Accountable Distributed Systems},
        proceedings={14th EAI International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services},
        publisher={ACM},
        proceedings_a={MOBIQUITOUS},
        year={2018},
        month={4},
        keywords={accountability secure log public verifiability},
        doi={10.4108/eai.7-11-2017.2273615}
    }
    
  • Amrit Kumar
    Pascal Lafourcade
    Cédric Lauradoux
    Year: 2018
    Duck Attack on Accountable Distributed Systems
    MOBIQUITOUS
    ACM
    DOI: 10.4108/eai.7-11-2017.2273615
Amrit Kumar1, Pascal Lafourcade2, Cédric Lauradoux3,*
  • 1: National University of Singapore
  • 2: Université Clermont Auvergne
  • 3: INRIA
*Contact email: cedric.lauradoux@inria.fr

Abstract

Accountability plays a key role in dependable distributed systems. It allows to detect, isolate and churn malicious/selfish nodes that deviate from a prescribed protocol. To achieve these properties, several accountable systems use at their core cryptographic primitives that produce non-repudiable evidence of inconsistent or incorrect behavior.

In this paper, we show how selfish and colluding nodes can exploit the use of cryptographic digests in accountability protocols to mount what we call a duck attack. In a duck attack, selfish and colluding nodes exploit the use of cryptographic digests to alter the transmission of messages while masquerading as honest entities. The end result is that their selfish behavior remains undetected. This undermines the security guarantees of the accountability protocols.

We first discover the duck attack while analyzing PAG --- a custom cryptographic protocol to build accountable systems presented at ICDCS 2016. We later discover that accountable distributed systems based on a secure log (essentially a hash-based data structure) are also vulnerable to the duck attack and apply it on AcTinG --- a protocol presented at SRDS 2014. To defeat our attack, we modify the underlying secure log to have high-order dependency on the messages stored in it.