Our society strongly depends on critical information infrastructures such as electrical grids, autonomous vehicles, blockchain applications, IoT critical infrastructures, etc. Not only do we increasingly rely on such complex infrastructures for the correct functioning of our society, in many occasions, even our lives depend on them being safe and secure.
Critical infrastructures are the target of attacks aiming at stealing critical assets such as money and data. Vulnerabilities in software components used by these infrastructures are regularly found and exploited, sometimes allowing attackers to control physical components of SCADA (Supervisory Control And Data Acquisition) systems such as the New York Dam or Ukraine's Power Grid. As we keep seeing in the news, failures of such systems can be catastrophic.
The decentralized nature of some of these infrastructures require complex mechanisms to guarantee that the data they handle is safe and secure. For example, blockchain systems allow remote users to agree on and maintain a digital ledger of transactions. They rely on complex agreement algorithms to provide those guarantees and ensure the correct functioning of the systems while users interact remotely and propose transactions concurrently. Such systems can even work correctly when some users are faulty (possibly acting maliciously). As for SCADA systems, bugs are regularly found and exploited to steal critical assets in such systems.
Among the agreement algorithms used in blockchain technology, traditional Byzantine Fault Tolerant (BFT) protocols require little computing power, and can be used to harden any (deterministic) service (e.g., a banking service). They achieve this by replicating the service across a number of machines such that the correctly functioning machines hide the behavior of the faulty ones. However, one drawback of such protocols is that they require two thirds of the users to be honest, and a large number of messages to be exchanged before transactions are accepted.
While BFT techniques have primarily been used in blockchain systems, other infrastructures could benefit from it if it was delivering the required properties. For example, in order to use BFT protocols in SCADA systems, they would have to guarantee that operations that need to be agreed upon between multiple remote components, can be achieved in a timely manner.
These issues call for (1) developing generic, yet efficient defence mechanisms that can be applied to a wide range of infrastructures, and
(2) provide strong correctness guarantees.
First, in this project we propose to develop efficient BFT protocols that can be applied to a wide range of infrastructures. More precisely, we propose to develop novel BFT techniques that are less costly (less replicas and less exchanged messages) than state-of-the-art solutions by relying on trusted components (e.g., secure hardware components such as Intel SGX), and to apply these techniques to develop more efficient and reliable blockchain systems. Moreover, we also propose to develop techniques to turn state-of-the-art BFT protocols into protocols that achieve timeliness guarantees, allowing their integration in real-time applications.
Secondly, we propose to guarantee the correctness of these novel protocols. One way to provide strong correctness guarantees is to use
formal verification methods, such as theorem provers to automatically or interactively prove that a piece of software or hardware behaves as
intended. Many theorem provers have been developed and improved over the years allowing to do just that, such as Agda, Coq, Isabelle, etc.
Our project will make use of the highly expressive Coq prover to ensure the correctness of these protocols. More precisely, we propose to develop within Coq, support to implement BFT protocols, models to capture the environments in which those protocols execute, as well as
proof techniques to guarantee their correctness.
|