|
|
|
- Anabel Bennett
- 10 years ago
- Views:
Transcription
1 FromDependableComputingforCriticalApplications{5,Champaign,IL,September1995,pp.139{157;Volume10of theseriesindependablecomputingandfaulttolerantsystemspublishedbyieeecomputersocietypress. ByzantineAgreementwithAuthentication:Observationsand ApplicationsinToleratingHybridandLinkFaults LiGongy,PatrickLincoln,andJohnRushby ComputerScienceLaboratory SRIInternational MenloPark,California94025,USA Abstract WeshowthattheassumptionsrequiredoftheauthenticationmechanisminByzantineagreementprotocolsthatuse\signedmessages"arestrongerthan generallyrealized,andrequiremorethansimpledigitalsignatures.theprotocolsmayfailiftheseassumptionsareviolated.wethenpresentnewprotocolsfor Byzantineagreementthataddauthenticationto\oral message"protocolssothatadditionalresilienceisobtainedwithauthentication,butwithnoassumptions requiredaboutthesecurityofauthenticationwhenthe numberandkindoffaultspresentarewithintheresilienceoftheunauthenticatedprotocol. Ouranalysisisperformedundera\hybrid"fault modelthatadmitsmanifest(e.g.,crash)andsymmetricfaultsaswellasarbitrary(i.e.,byzantine)faults. Wealsoextendtheclassicalsignedmessagesprotocol tothisfaultmodel,andshowthatitsfaulttoleranceis matchedbyoneofournewprotocols.wethenexplore thebehaviorofthesevariousprotocolsunderthecombinationofhybridprocessorfaultsandcommunicationslinkfaults.usingformalstate-explorationtechniques,weexaminecasesbeyondthoseguaranteedby simpleworst-caseboundsandndthattheresilience ofoneofthenewprotocolsexceedsthatoftheothers intheseregions. Thenewprotocolsaresuperiortootherknownprotocolsinpropertiesandmeasuresofpracticalinterest,andwerecommendthemforgeneraluse.They areparticularlyattractiveinsecurity-criticalsystems whereauthenticationmaybesubjectedtosophisticated cryptographicattack,andinsafety-criticalembedded ThisworkwassupportedinpartbytheNationalAeronauticsandSpaceAdministration,LangleyResearchCenter,under contractnas ,bytheairforceoceofscienticresearch,airforcematerielcommand,usaf,undercontract F C0044,andbytheNationalScienceFoundationundercontractCCR yligongisnowwithjavasoftandcanbereachedat systemswhereitmaybenecessarytouseveryshort signatures,butwheremaximumresilienceisrequired. 1Introduction Afundamentalrequirementinfault-tolerantsystemsbasedonthe\statemachine"approach[27]is forreplicatedprocessorstoreachagreementonthe valuesofsingle-sourcedata,suchassensorsamples. Initsabstractform,thisistheproblemofByzantineAgreement(anditsvariant,theproblemof\InteractiveConsistency,"alsoknownas\sourcecongruence,"\distributedconsensus,"and\reliablemulticast")[16,23].TherearetwobroadclassesofprotocolsforachievingByzantineagreement.Thosebased on\oralmessage"assumptionsplacenorestrictions onwhatafaultyprocessormaydo;thosebasedon \writtenmessage"assumptionsdisallowfaultyprocessesmakingundetectablemodicationstomessages astheyarerelayedfromoneprocessortoanother,and alsodisallowprocessorsmanufacturingmessagesthat purporttocomefromanotherprocessor.itisgenerallystatedthatthewrittenmessagesassumptionscan besatisedusingcryptographicauthenticationmethods(i.e.,\digitalsignatures"),andprotocolsbasedon theseassumptionsarethereforeoftencalled\signed messages"or\authenticated"protocols[5,11,16]. Bothoralandwrittenmessageprotocolsproceedin \rounds"andtheparametersofinterestinclude:how manyfaultscanbetoleratedbyagivennumberof processors,andhowmanyroundsandhowmanymessagesarerequired?theoreticalstudiesalsoconsider thesizeofthemessages,orthetotalnumberofbits transmitted.theadvantageofwrittenmessagesprotocolsisthattheycangenerallywithstandmorefaults thanoralmessageprotocols,andoftenrequirefewer messages.forexample,oralmessageprotocolsrequire 3t+1processorstowithstandtfaults,whilewritten messagesprotocolsrequireonlyt+2(theproblemis vacuousunlessthereareatleasttwononfaultypro- 1
2 cessors).however,bothclassesofprotocolsprovably requiret+1roundsintheworstcase[5,11],though \earlystopping"protocols(whicharemosteasilyconstructedunderthewrittenmessagesassumptions)use fewerroundswhentheactualnumberoffaultsisless thant[2,7,8,10,12]. Itwouldseemthatthewrittenmessagesprotocols havesignicantadvantagesovertheiroralmessage counterparts(e.g.,asymptotically,athree-foldadvantageinnumberoffaultstolerated).however,these advantagesmaynotbesosignicantinpractice.in embeddedapplications,themostseverepracticalconstraintontheseprotocolsisthenumberofrounds:a givenapplicationwillgenerallyxthenumberrof roundsitcanaord(generallytwo).this,inturn, xesthenumberoffaultsthatcanbetoleratedatr?1, independentlyoftheclassofprotocolschosen.1the classofprotocolsdoesaectthenumberofprocessors required:e.g.,two-roundwrittenmessageprotocols requirethreeprocessorstotolerateasinglefault,while oralmessageprotocolsrequirefour.butifotherpurposes(e.g.,clocksynchronization)alreadyrequirefour ormoreprocessors,thereseemsnocompellingreason tousewrittenmessageprotocols.infact,thereisan argumentagainsttheseprotocolswhichchriswalter,oneofthedevelopersofthemaftarchitecture forfault-tolerantightcontrol[15]expressedtousas follows:\youhavetoassumethatdigitalsignatures satisfytherequirementsforwrittenmessages,andin life-criticalsystemsweprefertomakeasfewassumptionsaspossible."itturnsoutthatthiscautionis justied. Intherestofthepaper,werstdescribethevariousassumptionsthatsuchprotocols(wewillcall them\authenticatedprotocols")dependon,highlightingtherisksinplacingthecorrectnessofbyzantine agreementontheeectivenessofcryptographicprotocolsforwhichcurrentlythereisnomethodofassurancethatisdenitiveandgenerallyaccepted.we note,however,thatauthenticatedprotocolscantoleratemorefaultsthanoralmessageprotocols,andwe showthatthisadvantageisretainedwhentheanalysis isextendedtoahybridfaultmodelthatcountsfaults morecarefullythanthepurelybyzantinefaultmodel. Wethenconsidertheadditionofauthenticationto variantsoftheoralmessagesprotocolandshowthat thisincreasesthenumberoffaultstheycantolerateif theassumptionsontheauthenticationmechanismare warranted,withoutcompromisingtheirinnatefault 1Thesmallnumberofroundsandthedeterministicprocessor andcommunicationsschedulingusedinembeddedapplications alsoobviatethebenetsofearlystopping. toleranceifthoseassumptionsareviolated.assuming authentication,weshowthatoneofthesenewprotocolscantolerateasmanyhybridfaultsastheclassical SignedMessagesprotocol. Wethenexaminethetwo-roundversionsofthe variousprotocolsunderanenlargedfaultmodelthat includescommunicationslinkfaults.formanyapplications,thisisthemostrealisticclassofprotocolandfault-model,andweprovideevidence,derived fromformalstate-explorationtechniques,thatoneof theauthenticatedoralmessageprotocolsprovidesthe greatestfaulttolerance. 2Byzantineagreement,faultmodels, andmessageassumptions IntheclassicalByzantineGeneralsproblem,there areanumberofparticipants,whichwecall\processors."adistinguishedprocessor,whichwecallthe transmitter,possessesavaluetobecommunicatedto alltheotherprocessors,whichwecallthereceivers. (Thesecorrespondtothe\CommandingGeneral"and \LieutenantGenerals,"respectively,intheterminologyofLamport,Shostak,andPease[16].)Itisassumedthattherearepoint-to-pointcommunications pathsbetweeneachpairofprocessors.thebyzantine Agreementproblemcanbestudiedunderseveraldifferentsetsofassumptions.Weconsiderboth\Oral" and\written"messageassumptions,anda\hybrid" faultmodel.theoralmessagesassumptionsarethe following[16,p.387]. A1:Everymessagethatissentbetweennonfaulty processorsiscorrectlydelivered. A2:Thereceiverofamessageknowswhosentit (assumptionofprivatechannels). A3:Theabsenceofamessagecanbedetected (assumptionofsynchrony). WrittenMessagesassumptionsaddthefollowingto thoseoforalmessages[16,p.391]. A4(a):Messagessentbyanonfaultyprocessor(underthehybridfaultmodel seelater thisbecomesanon-arbitrary-faultyprocessor)cannotbe alteredormanufacturedbyotherprocessors. A4(b):Anynonfaultyreceivercanidentifytheprocessorthatoriginatedamessage,ifthatprocessorisnonfaulty(again,underthehybridfault modelthisbecomesanon-arbitrary-faultyprocessor).notethata2concernsthecaseofadirectpathfromsendertoreceiver,whereasa4(b) concernsamessagefroman\originatingsender" 2
![fewerroundswhentheactualnumberoffaultsisless thant[2,7,8,10,12]. Itwouldseemthatthewrittenmessagesprotocols havesignicantadvantagesovertheiroralmessage counterparts(e.g.,asymptotically,athree-foldadvantageinnumberoffaultstolerated).](/docs-images/53/11058658/images/page_2.jpg "however,these advantagesmaynotbesosignicantinpractice.")
3 thatispossiblyrelayedbyotherprocessorsbefore reachingthereceiver. Therearenprocessorsintotal,ofwhichsome(possiblyincludingthetransmitter)maybefaulty.Inthe classicalbyzantinegeneralsproblem,thereareno constraintsotherthanthosegivenaboveonthebehavioroffaultyprocessors.thisleadstopessimistic estimatesofthenumberoffaultsthatcanbetolerated becauseallfaultsareregardedastheworstpossible. Wethereforeconsidera\hybrid"faultmodel(originallyduetoThambiduraiandPark[29]andalsoinvestigatedbyWalter,Suri,andHugue[30])thatdistinguishescertainsimplerkindsoffaultaswellasthose thatareunconstrained.thefaultmodeswedistinguishforprocessorsarearbitrary-faulty,symmetricfaulty,andmanifest-faulty.amanifestfaultisone thatcanbedetectedbymechanismspresentinall nonfaultyprocessors(e.g.,missingorimproperlyformattedmessages).theothertwofaultmodesyield behaviorsthatarenotdetectablybad:asymmetricfaultpresentsthesamefaultybehaviortoevery nonfaultyprocessor;anarbitraryfaultiscompletely unconstrained(i.e.,byzantine)andmaypresent(possibly)dierentaberrantbehaviorstosomenonfaulty processors,andgoodbehaviortoothers. Theabovecharacterizationofthehybridfault modelisagenericone;forbyzantineagreement,the characterizationoffaultmodeshastoberenedin termsoftheprocessorbehaviorsrelevanttothisproblem(see[26]foradierentcharacterizationinterms relevanttoclocksynchronization).thebasicstepin anagreementprotocolisforaprocessortotransmit avaluevtoseveralotherprocessors.theinterpretationofamanifestfaultinthiscontextisonethat producesdetectablymissingvalues(e.g.,timing,omission,orcrashfaults),orthatproducesavaluethatall nonfaultyrecipientscandetectasbad(e.g.,itfails checksumorformattests).symmetricfaultsdeliver wrong,ratherthanmissingormanifestlycorrupted values butdosoconsistently,sothatallreceivers ofagiventransmissionobtainthesamewrongvalue v06=v.arbitraryfaultsareunconstrained,andcan delivercorrect,wrong,ormanifestlyfaultyvaluesin anycombination. Undertheseassumptions,theByzantineAgreementproblemistodeviseaprotocolthatwillallow eachreceiverptocomputeanestimatepofthetransmitter'svaluesatisfyingthefollowingconditions: Agreement:Ifreceiverspandqarenonfaulty, thentheyagreeonthevalueascribedtothe transmitter thatis,forallnonfaultypandq, p=q. Validity:Ifreceiverpisnonfaulty,thevalueascribed tothetransmitterbypis Thevalueactuallysent,ifthetransmitteris nonfaultyorsymmetric-faulty, ThedistinguishedvalueE,ifthetransmitter ismanifest-faulty. AlltheByzantineagreementprotocolsweconsider proceedinrounds:intherstround,thetransmitter sendsavaluetoalltheotherprocessors;insubsequent rounds,theseprocessorsexchangethevaluesreceived amongthemselvesinordertodetectinconsistencies; eachreceiverthendecidesononevalueamongthose receivedandexchanged.howthisdecisionismade, andhowtheexchangesaredone,dependsontheprotocolconsidered. Noticethattheadditionalassumptionsforwrittenmessagesessentiallyconstrainthebehaviorof symmetric-andarbitrary-faultyreceivers:underoral messageassumptions,suchreceiverscanalterormanufacturemessagespurportingtocomefromotherprocessorsinthelaterrounds thisisprohibitedunder writtenmessagesassumptions.authenticatedprotocolsattempttosatisfythewrittenmessagesassumptionsusingdigitalsignatures:eachprocessorsigns themessagesthatitsends.anyreceivercancheck theauthenticityofamessageandconrmtheidentity ofitsclaimedoriginatorbycheckingthesignature. Thereareseveraldigitalsignatureschemesthatprovidethesebasicproperties[4,9,22,25].However,in thefollowingsectionweshowthattheseschemesmust beusedverycarefully. 3 Authenticationissues Themessagesthatarepassedamongtheprocessorsinauthenticatedprotocolshavetheform ff:::fvgp:::gqgrwhichsymbolizesthevaluevin amessagesignedandsentbyprocessorp,received signedandforwardedbyprocessors:::;qandnally received,signedandforwardedbyprocessorr.ifprocessorpisnonfaulty,thenatnostageintheprotocol shouldthereexistff:::fv0gp:::gqgrinwhichv6=v0. (Thisfollowsbecauseifpisnonfaulty,itwouldnot sendouttwodierentvaluesvandv0,andauthenticationpreventsanyotherprocessormanufacturing suchavalue.)itisgenerallyassumedthatthisrequirementissatisedifdigitalsignaturesaresimply computedonandattachedtothemessagesbeingrelayed.thiswouldbetrueifavalidmessageofthe formff:::fvgp:::gqgrcouldonlyariseonceinthe lifetimeoftheprotocol.theoreticalexaminationsof theseprotocolsnormallyconsideronlyasingle\run," 3
4 butinpracticetheywillbecalledrepeatedly(e.g., todistributesensorsamplesatthebeginningofevery processcontrolcycle).itfollowsthatprocessorrcould saveavalidmessagef:::fv0gp:::gqfromonerunof theprotocolandcouldtheninjectthecorrectlysigned messageff:::fv0gp:::gqgrintoalaterrun,whichwill causeanynonfaultyreceivertoconcludethattheoriginalsenderpmustbefaulty,andtherebydefeatthe protocol. Wedonotneedtopostulateactive,intelligentattackstobeconcernedaboutthiskindofproblem:a hardware\obyone"faultthatcausesamessageto bepickedupfromthewrongbuerwhentwoagreementprotocolsareinoperationsimultaneously(as whenallprocessorsareexchangingsensordata)could producethisbehavior.asolutiontothisparticular problemistoincludeadditionalinformationunderthe digitalsignaturesthatwillidentifymessagesas\fresh" (Lamport,Shostak,andPeasesuggestsequencenumbers[16,page400]),butthisneedstobedonecarefully inordertodistinguishthisrunoftheprotocolfrom othersthatmaybeactivesimultaneously. Intherestofthissection,wediscussthisanda numberofotherissuesrequiringcareintheimplementationofauthenticatedbyzantineagreementprotocols. Signaturepermutation.Thesignaturesystemmustnotbecommutative. Otherwise, 8p;q;v;ffvgpgq=ffvgqgpand,ifthesessioninitiator isfaulty,anotherfaultyprocessorcanfalselyaccuse athird,butcorrect,processorofbeingfaultyina several-roundprotocol. Verifyingsignaturesequences.Verifyingasequenceoftsignaturesisnottrivial.Arecipientcan tryallpossiblesequencesoftoutofnsignatures,but thisrequiresanexponentialamountofcomputation. Orthemessagecanincludeahint,suchastheidentityofthesigner,ineachstageofthesigning,sothe messagemaylooklikefq;fp;vgpgq.wecanalternativelyrequirethatalistofhintsisattachedtoeach messageoutsidethesignatures.however,suchhints willaddo(nlogn)bitstothemessagelength(inannroundprotocol),thusexceedingthetightlowerbound onmessagebitsbysrikanthandtoueg[28,theorem 1]byafactorofn.(Intoday'spractice,asecuredigitalsignatureusesabout512to1024bits.)Notethat hintsarenecessarywhetherthesignaturesystemused iscommutativeornot.athirdapproachistogloballyorderthemessagessothatarecipientcandeduce fromthecontextwhichsignaturesequenceshouldbe usedforverication. Processorsareassumedtoknoweachothers'signaturekeys.Borcherding[3]investigatesthecasewhere thereisnocentralauthoritytodistributethesekeys, andproposesthenotionof\localauthentication"to achieveaweakerversionofbyzantineagreement. Distinguishingconcurrentsessions.When multiplesessionscanexecuteatthesametime,itis vitaltodeterminetowhichrunamessagebelongs. Otherwise,supposeeachprocessormaintainsadierentsensorandallprocessorsaretryingtoagreeon thevaluesofallsensors,thenafaultyprocessormay \borrow"asignedmessagefromonerunanduseitin another.evenabenignprocessorcanpossiblymake suchamistake,aswedescribedpreviously.onesolutionistoattachasessionidentier,possiblythe identityofthesessioninitiator,tothesensorvalue. Thissolutionwillincreasethesizeofeachmessageby O(logn)bits.Thisdoesnotexceedthelowerbound bysrikanthandtoueg[28]becausetheyalreadyallocateo(logn)bitsforsignatures. Detectingreplayattacks.Besidedistinguishing concurrentsessionsinitiatedbydierentprocessors, itisequallyimportanttodetectanyattempttoreuse pastmessages(fromthesameinitiator)inanewrun. Theinitiatormustsecurelyattachafreshnessidenti- ertothesignedvalue.forexample,theinitiatorcan signboththefreshnessidentierandthevalueinthe samesignature. Therearethreetypesoffreshnessidentiers,each ofwhichcanbeusedinmorethanoneway[13].the rstisatimestamp,ifprocessorshavesynchronized clocks.inthiscase,theinitiatorattachesthereading fromthelocalclocktothevaluebeforesigningthem. Arecipientrejectsanymessagewithatimestampthat isoutsideanagreedtimewindowrelativetotherecipient'slocalclock.asignicantriskexistswhena faultyprocessorcanalsohaveafaultyclocksothat theprocessorsendsoutvaluessignedwithtimestamps inthefuture.evenifthisprocessorweretorecover, anotherfaultyprocessorcouldplaybacksuchamessagewhenthecorrecttimecomes.thesignicanceof thisattackliesinthefactthatthereisnoguarantee thatanycorrectprocessorwillknowtheexistenceof previouslysignedmessages(withfuturetimestamps). Toinvalidatesuchmessages,arepairedprocessorcan changeitssignaturekeyduringreintegration. Thesecondtypeofafreshnessidentierisarandom number,alsoknownasa\nonce."sincethenonce mustbegeneratedbytheprocessorthatischecking forfreshness,processorsmustexchangenonceswith eachother(thusaddingoneroundtotheprotocol), 4
5 andthevaluemustbesignedwithallo(n)nonces, thusincreasingthemessagelengthsignicantly. Thethirdtypeisacountervalue.Eachprocessormaintainsamonotoniccounter,incrementsthe countervaluebeforeinitiatingasession,andthen signsthevaluetogetherwiththecurrentcounter value.eachprocessoralsomaintainsavectortimestamp,notingthelastseencountervaluefromevery otherprocessor,andrejectsanyvaluesignedwitha pastcountervalue.similartotimestamps,afaulty processormaysign\future"countervalues,soitis prudenttochangetoanewsignaturekeyafterrepair. Repairandrestart.Whenaprocessorfails,it mayloseallitsstateinformation,includingthecur- rentsessionandroundnumbersandfreshnessidenti- ers.ifthefailureisarbitrary,thenthesurvivingstate informationmaybewrong.forexample,itsclockor countersmaybeturnedbackorforward.moreover, simplyaskingeveryprocessortoresettheircounters tozeroisvulnerabletoreplayattacks.therefore,to restorethesynchronybetweenprocessorsafterrepair, arepairedprocessormustusechallenge-response(with nonces)toobtainfromotherprocessorsfreshreplies containingthecurrentstateinformation.giventhe additionalneedofassigninganewsignaturekeyto therestartingprocessorandnotifyingallotherprocessorsofthecorrespondingpublickey,restartcanbe costly. Messageredundancy.Amessagecontainingthe valuetobesignedmustcontainsucientredundancy toprotectagainstforgery.forexample,afaultyprocessorpmaychoosearandomnumberxandbroadcast itasfvgpforsomevaluev.becauseitisquitepossible thatthereisavaluev0suchthatx=ffv0gqgp,pmay eectivelyforgeasignatureofvaluev0signedbyq. Orthefaultyprocessorpcansimplycopyfv0gqfrom apreviousprotocolrunandbroadcastffv0gqgp.any processorrwhofurthersignsffv0gqgpisalsospoofed. Therearemanywaystointroduceredundancyinto themessages.oneistoattachachecksumofasuf- cientlengthtotheoriginalvalue.thesizeofthe messagewillthusincrease,perhapsby128bits(the sizeofatypicalone-wayhashfunctionoutput)orat leasto(logn)bits.notethatincludingauniqueidentierofthecurrentrundoesnotprovidesucientredundancybecausearandomlyselectedvaluexcanbe oftheformfid;vgq,andifidisforafuturerun,an attackcanstillhappeninthefuture. 3.1Practicalimplications Wehaveshownthatauthenticationusingdigital signaturesneedstobemanagedverycarefullyifitis tobesecureagainstattack.howsignicantarethese threats?therearetwomainclassesofapplications forauthenticatedbyzantineagreementprotocols:securesystemsthatmustmaintaincoordinationinthe faceofcaptureandactivesubversionofsystemcomponents(e.g.,theat&t\rampart"architecture[24]), andsafety-criticalembeddedcontrolsystems(e.g.,the MAFTarchitectureforaircraftightcontrol[15]). Sophisticatedcryptographicandotherattacksarea givenintherstclassofapplications,soourconcern aboutthesecurityofauthenticationneedsnofurther justicationhere(theliteratureisrepletewithbroken cryptographicprotocols[1,21]). Intelligentmaliciousattackisnotconsideredaseriouspossibilityinembeddedsystems,andtheargumentinthesecasesisalittledierent.Byzantineresilientarchitecturesareattractiveinthesecontexts becausetheysimplifythecaseforassuranceandcertication:insteadofacollectionoffault-tolerance mechanismstocounterspecicfailuremodes,andfor whichitisnecessarytoprovideevidenceofcoverage andnoninterference,wehaveasinglemechanismthat canwithstandanykindoffault,uptosomenumber,anditisonlynecessarytoprovideevidencefor correctnessandfortheestimatedoverallfaultarrival rate.writtenmessageprotocolscompromisethepurityofthisposition:faultyprocessorscannolonger doabsolutelyanything,butareconstrainedbycertainassumptions.realprocessorscandoabsolutely anythingwhenfaulty,andinimplementationsusing signedmessages,itistheauthenticationmechanism thatconstrainsthemwithintheassumedfaultmode. Forcertication,itisthereforenecessarytoprovide strongevidencethattheauthenticationmechanism doesaccomplishthis:brokenauthenticationisnotjust anotherfaulttobetolerated,itisaviolationofthe assumptionsunderwhichcorrectnessoftheprotocol andhenceoftheentirearchitecture isestablished. Wehaveseenthatcryptographicallystrongauthenticatedprotocolsrequireevensmalldatamessagestobeencapsulatedinlargesignatureand freshness-indicatingwrappers,andtocarryvarious key-managementindicators.hence,embeddedsystemsmayprefertodispensewithtrulysecureauthenticatedprotocolsandtouseshortkeyedchecksums(lamport,pease,andshostaksuggestasuitablechecksumalgorithm[16,page400]),withxed keysandsimplesequence-numberstoindicatefreshness.theauthenticationassumptionsmaysometimes failtoholdinthisarrangement.inthefollowingsectionswepresentandstudyprotocolsthattakeadvantageofauthenticationifitispresent,butthatretainbyzantineresilienceevenwhensignaturesmaybe 5
6 forged.sincechecksumswillonlyrarelybe\forged" byrandommalfunctions,theseprotocolsareverywell suitedtotheneedsofembeddedsystems. Thediscussionhassofarfocussedonauthentication failureinonedirection:failuretoadequatelyconstrain thebehaviorofafaultyprocessor.authenticationcan alsofailintheotherdirection:causinggoodmessages toberejectedasbad.therearetwowaysthiscan comeabout:theauthenticationmechanismmaybe algorithmicallyincorrectornonrobust(e.g.,vulnerabletolossofcrypto-synch),orahardwarefaultmight damageakey.theissuesenumeratedearlierinthis sectionareintendedtohelpdesignersavoidtherst ofthesedangers;thesecondismorelikely,butless serious,becauseitisjustanotherfault,andwillbe toleratedtothesameextentasotherfaults. 4Signedmessageswithhybridfaults Wehavearguedthatgreatcareinimplementationisnecessaryinordertosatisfytheassumptions oftheauthenticatedprotocols.thiscarewouldbe justiediftheauthenticatedprotocolshadsignicant advantagesoveroralmessageprotocols.however,for thecaseofpracticalimportance thatis,two-round protocols thereappearslittletochoosebetweenthe twoclassesofprotocols:thesignedmessageprotocolsm(1)andtheoralmessagesprotocolom(1)of Lamport,Pease,andShostak[16]bothrequiretwo rounds2,andbothtolerateonlyasinglearbitrary fault.thedierenceisthatom(1)requiresfourprocessors,whilesm(1)requiresbutthree.however,a variationonom(1)calledomh(1)[19]thatoperatesunderthehybridfaultmodelcantolerateaarbitrary,ssymmetric,andmmanifestfaultssimultaneously,providedn,thenumberofprocessors,satises n>2a+2s+m+1anda1.thus,omh(1)appears totoleratemorefaultsthansm(1)undercertaincircumstances.ofcourse,thiscomparisonisunfairbecausetheanalysisforomh(1)considersthehybrid faultmodel,whereasthatforsm(1)treatsallfaults asarbitrary.sooneitemthatwarrantsexamination isthebehaviorofsm(1)underthehybridfaultmodel. Theclassicalsignedmessagesprotocol,SM(r)proceedsasfollows[16,p.391]: SM(r) Thetransmittersendsasignedmessageto eachreceiver.eachreceiveraddsitssignaturetothemessageandsendsittothe otherreceiverswhoaddtheirsignaturesand 2Theparameterrtotheseprotocolsstartsatzero,sothat thenumberofroundsisr+1. sendittotheothers,andsoonforrrounds. Whenalltheexchangesarecompleted,each receiverdiscardsanyimproperlysignedmessages,extractsthevaluessentbythetransmitterfromthosethatremainandappliesa deterministicchoicefunctiontothosevalues. Notethatifthetransmitterisnotarbitrarily-faulty, thesetofvaluesconsideredinthechoicewillbeasingleton.lamport,peaseandshostakshow[16,theorem2]thatsm(r)cantolerateuptorfaultyprocessors,theoptimalresult[6,11]. ToextendSM(r)anditsanalysistothehybridfault modelisstraightforward:thehybridprotocolsmh(r) simplyrecognizesanddiscardsmanifest-faultyvalues.authenticationpreventssymmetric-faultyreceiversfrominjectingcorrectlysignednewvalues,so thesereceiverseitherduplicateothermessages(which isharmless),ortheyintroduceincorrectlysignedmessages,whichwillbediscarded.thus,messagesfrom bothmanifest-andsymmetric-faultyreceiverseither duplicateexistingvaluesorareignored;hencethey playnopartintheprotocolanditisasiftheseprocessorswereabsent.itfollowsthatonlyarbitrary-faulty processorsneedbecountedinthefault-tolerancecalculation.thus,bydirectanalogywiththecorrespondingresult(theorem2,page393)in[16],wehavethe followingresult. Theorem1Foranyr,ProtocolSMH(r)satisesValidityandAgreementprovidedra,whereaisthe numberofarbitrary-faultyprocessors. Theresultissomewhatvacuousunlessthereareat leasttwononfaultyprocessors,sowealsohaven> a+s+m+1,andra.thismaybecompared withomh(r),wherewehaven>2a+2s+m+rand ra. ItcanbeseenthatOMH(r)andSMH(r)havethe samefaulttolerancewithregardtorounds,butthat SMH(r)requiresconsiderablyfewerprocessorsthan OMH(r)(or,equivalently,cantoleratemorefaultsfor agivennumberofprocessors).however,thisincreased faulttoleranceisobtainedatthecostofdependingon authentication:iftheauthenticationassumptionsfail foranyreason,thensmh(r)mayfailaltogether. 5Combiningauthenticationandoral messages TheideaofexaminingSM(r)underthehybridfault modelsuggeststhedualinquiry:examiningoralmessageprotocolsinthepresenceofauthentication.it turnsoutthatthisyieldsprotocolsthatcombinethe advantagesofthetwoclassesofprotocolswithfew 6
7 oftheirdisadvantages.asnotedinthediscussion ofsmh(r),authenticationturnssymmetric-faultyreceiversintomanifest-faultyones:theycanonlygeneratemessagesthatareimproperlysigned.inorder toexploitthisinanoralmessagesprotocol,weneed aprotocolthathasthecapabilitytodiscardbadmessages.theclassicalprotocolom(r)doesnotdothis, butourhybridprotocolomh(r)does.ittherefore seemsthemostpromisingplacetostart. TheprotocolOMH(r)[19]isourmodiedandformallyveried[17]versionofThambiduraiandPark's protocolz(r)[29],whichisinturnamodicationof ther+1-roundoralmessagesprotocolom(r)oflamport,shostak,andpease[16].thekeyideainboth Z(r)andOMH(r)istointroduceadistinguishedvalue Etorecordreceiptofmanifest-faultymessages.E valuesareignoredinthemajorityvotethateachprocessorusestodecideitsnalvalue.inz(r),eis usedtorecordbothmanifest-faultymessagesandthe reportofsuchmessagesrelayedbyanotherprocessor. Thisleadstoconfusionwhenthereisamanifest-faulty transmitterandanarbitrary-orsymmetrically-faulty receiver;z(1)canfailinthiscircumstance,andthis leadstomorecomplexfailuresinther>1cases. OMH(r)repairsthisproblembytreatingthereport ofmanifest-faultyvaluesdierentlythanthosevalues themselves:r(e)indicatesthereportofe,r(r(e)) thereportofareport,andsoon.aninversefunction UnRisusedto\stripo"theseRsatalaterstage intheprotocol.onlye(notr(e),r(r(e)),etc.)is ignoredinthemajorityvote. Asnotedintheprevioussection,OMH(r)isable totolerateaarbitrary,ssymmetric,andmmanifest faultssimultaneously,providedn,thenumberofprocessors,satisesn>2a+2s+m+randra.this isoptimalwhenonlyarbitraryfaultsarepresent(we havea=r,s=m=0,sothatn>3a,satisfyingthe lowerboundestablishedbypease,shostak,andlamport[23]).separateanalysisshowsthattheprotocol isalsooptimalwhenonlymanifestfaultsarepresent, andtheobtainedboundisn>m[18].whenonly symmetricfaultsarepresent,however,theprotocolis denitelysuboptimal,inthatadditionalroundscan reduceitsresilience.forexample,inomh(0)(where receiverssimplyacceptwhatevervaluetheyobtain fromthetransmitter),thenumberofsymmetric-faulty receiversisirrelevant.inomh(1),however,wherereceiversrelayinformationtoeachotherandtakethe majorityofthevaluesobtained,onesymmetric-faulty receivercandefeattheprotocolunlessn4. Supposenowthatweusedigitalsignaturestoadd authenticationtoomh(r),therebycreatingaprotocolwecancallomha(r).first,aslamport,shostak, andpeaseobserve[16,p.393],thereisnopointauthenticatingthenalstepintheprotocol(i.e.,the OMH(0)round),becausewehavepoint-to-pointcommunicationsandthecommunicationportonwhicha messagearrivesservestoauthenticateit(thisisassumptiona2);thusomha(0)isthesameasomh(0). Forthegeneralcase,wesimplymodifyOMH(r)so thatprocessorssignallmessagesthattheysend,and improperlysignedmessagesaretreatedbytheirreceiversase. Noticethataslongasauthenticationdoesnotintroducefaults(i.e.,aslongasaproperlysignedmessage cannotbemistakenlyconsideredimproperlysigned), thenomha(r)musthaveatleastthefaulttolerance ofomh(r),andthisisindependentofthecryptographicstrengthofthesignaturescheme.however,if wemaketheusualassumptionsaboutthestrengthof thesignaturescheme,thenauthenticationreducesthe severityoffaultsthatcanbeintroducedbyreceivers. Inparticular,asymmetric-faultyreceivercannotinjectacompletelyfalsevalueintotheexchanges:at worst,itcaninjectaneorr(e)value;similarly, anarbitrary-faultyreceivercanselectivelyinjecte andr(e),orcanpassonthetruevaluethatitreceived.(faultyprocessorscannotinjectr(r(e))etc., becausethiswouldrequireanr(e)correctlysignedby anotherprocessor.)unfortunately,theresidualabilitytoinjectr(e)issucienttolimitthenumber andcombinationoffaultsthatcanbetoleratedby OMHA(r)tobenobetter,intheworstcase,thanfor OMH(r). Thisdisappointingresultsuggestsconsideration ofaprotocolza(r),derivedfromthambiduraiand Park'sprotocolZ(r)inthesamewaythatOMHA(r) isderivedfromomh(r).sincez(r)andza(r)lack thee,r(e)distinctionsofomh(r)andomha(r),it followsthatsymmetric-faultyreceiversarereducedto manifest-faultyinza(r).similarly,arbitrary-faulty receiversarereducedtomanifest-faultyor\nonfaulty withcommunicationslinkfaults,"whichisacaseconsideredinsection6.furthermore,authentication overcomesthebuginz(r);thisbugarisesinz(1)when anarbitrary-orsymmetric-faultyreceiverinjectsspuriousvaluesintotheexchangesunderamanifest-faulty transmitter:theevaluesfromthetransmitter,and thoserelayedbygoodreceivers,areignoredinthemajorityvotes,whicharethereforewonbythespurious valuesinjectedbythefaultyreceiver.za(r)eliminatesthisbugbecauseitpreventsthefaultyreceivers manufacturingthespuriousvaluesthatotherproces- 7
8 sorswillincorporateintheirmajorityvotes.protocol ZA(r)isdenedasfollows. ZA(0) 1.Thetransmittersendsitsvaluetoeveryreceiver. 2.Eachreceiverusesthevaluereceivedfromthe transmitter,orusesthevalueeifamissingor manifestlyerroneousvalueisreceived. ZA(r),r>0 1.Thetransmittersignsandsendsitsvaluetoevery receiver. 2.Foreachp,letvpbethevaluereceiverpobtains fromthetransmitter,oreifnovalue,oramanifestlybadvalue,orincorrectlysignedvalueis received. EachreceiverpactsasthetransmitterinProtocol ZA(r?1)tocommunicatethevaluevptothe othern?2receivers. 3.Foreachpandq,letvqbethevaluereceiverp receivedfromreceiverqinstep(2)(usingprotocolza(r?1)),orelseeifnosuchvalue,ora manifestlybadvalue,orincorrectlysignedvalue wasreceived.eachreceiverpcalculatesthemajorityvalueamongallnon-evaluesvqreceived; ifnosuchmajorityexists,thereceiverusessome arbitrary,butfunctionallydeterminedvalue. Wehavethefollowingresults,wherea,s,andmare thenumbersofarbitrary-,symmetric-,andmanifestfaultyprocessors,respectively,andnisthetotalnumberofprocessors. Lemma1Ifsignaturesaresecure,thenforanya,s, mandr,protocolza(r)satisesvalidity. Proof:Intherstround,thetransmittersignsand sendsitsvaluetoallreceivers.validityassumesa nonfaultytransmitter,soallnonfaultyreceiverswill obtainthecorrectvalueinthisround.thereceivers exchangevaluesinsubsequentrounds,andfaultyreceiversmayinjectfaultyvaluesintothisprocess.however,authenticationpreventstheinjectionofanycorrectlysignedvalueotherthanthatsentbytheoriginal transmitter.thustheonlyvaluesenteringthemajorityvotewillbethisvalueand,possibly,e.sinceall goodreceiversobtainedatleastonecopyofthevalue vdirectlyfromthetransmitter,andsomecombination ofvsandesfromotherreceivers,thehybridmajority willalwaysbev.2 Theorem2Ifsignaturesaresecure,thenforanyr, ProtocolZA(r)satisesconditionsValidityandAgreementifra. Proof:Theproofisbyinductiononr.Inthebase caser=0therecanbenoarbitrary-faultyprocessors, sincera.iftherearenoarbitrary-faultyprocessors thenthepreviouslemmaensuresthatza(0)satises Agreement,andValidityfollows.Wethereforeassume thatthetheoremistrueforza(r?1)andproveitfor ZA(r),r>0. Firstconsiderthecaseinwhichthetransmitter isnotarbitrary-faulty.thenvalidityisensuredby Lemma1,andAgreementfollowsfromValidity.Now considerthecasewherethetransmitterisarbitraryfaulty.thereareatmostaarbitrary-faultyprocessors,andthetransmitterisoneofthem,soatmost a?1ofthereceiversarearbitrary-faulty.atthenext stage,wehaveonelessroundtoperform,andoneless arbitraryfaulttotolerate.sinceweassumera,we alsoknowr?1a?1,andwemaythereforeapplythe inductionhypothesistoconcludethatza(r?1)satisesconditionsagreementandvalidity.hence,for eachq,anytwononfaultyreceiversgetthesamevalue forvqinstep(3).(thisfollowsfromvalidityifoneof thetworeceiversisprocessorq,andfromagreement otherwise).hence,anytwononfaultyreceiversgetthe samevectorofvaluesv1;:::;vn?1,andthereforeobtainthesamevaluehybrid-majority(v1;:::;vn?1)in step(3)(sincethisvalueisfunctionallydetermined), therebyensuringagreement.2 Theorem2showsthatZA(r)hasthesame(optimal)faulttoleranceasSMH(r)whensignaturesare secure;however,za(r)hasthesignicantadvantage thatitisnottotallybrokenifauthenticationfails. Inthepresenceofauthenticationfailure,ZA(r)revertsto,atworst,thefaulttoleranceofZ(r).To besure,z(r)isvulnerabletocertaincongurations oftwofaultsnomatterhowmanyroundsandreceiversareused(thatiswhywedevelopedomh(r)), butintheimportantcaser=1,itsfailuremodeis verypreciselycharacterized(manifest-faultyreceiver andatleastonesymmetric-faultorarbitrary-faulty receiver thelatterisrequiredtobreakagreement). AnalternativeistousetheprotocolOMHA(r),whose fallback,omh(r)isfullyrobustagainstarbitraryand manifestfaults,butwhoseresilienceinthepresence ofworkingauthenticationisinferiortothatofza(r). Table1comparesthevariousprotocolswehavediscussedintermsofworst-casebounds. 8
9 Protocol SM(r) SMH(r) ViolatedAuthenticationAssumptions OM(r) a=s=0,n>m+1 n>a+s+m+1, Sound OMH(r) n>2a+2s+2m+r,ra n>2a+2s+2m+r,ra(same) OMHA(r)n>2a+2s+m+r,ra n>2a+2s+m+r,ra(same) ra Z(r) ZA(r) yz(1)alsofailswithamanifest-faultytransmitterandonesymmetricorarbitrary-faultyreceiver;z(r),r>1,failsinadditionalcases. n>2a+2s+m+r,rayn>a+s+m+1, n>2a+2s+m+r,rayn>2a+2s+m+r,ray(same) ra 6Linkfaults Table1:ComparisonofByzantineAgreementProtocols classoffaults;wecallthemlinkfaults,withthecharacterizationthatwhenanonfaultyprocessorsendsits valuevtoanonfaultyrecipientoverafaultylink,the valuereceivedmaybeeithervore. Communicationsfailuresrepresentanimportant 7Examiningfaulttoleranceusing alinkfaultisnotattributedtoaprocessor;thus,a processoratthereceivingendofafaultylinkmaybe sirabletotoleratelinkfaultseciently.noticethat connectorsarepronetonoiseandbreakage),itisde- Becausetheyarisefrequentlyinpractice(wiresand rathercrudewaysofcountingfaults:therearemany Theworst-caseboundsgivenabovearebasedon state-explorationtechniques asymmetryandarethereforeasexpensivetotolerate faultsisduetothefactthatthesefaultsdointroduce theagreementandvalidityconditions.thediculty inextendingbyzantineagreementprotocolstolink nonfaultyandtheprotocolmustensurethatitsatises theprotocolsperformundermorene-grainedanalysis scenariosforthebehaviorofasystemwith,say,one twolinkfaults,buttheworst-caseanalysestreatthem allalike.itisthereforeinterestingtoenquirehowwell arbitrary-faultyandonemanifest-faultyprocessorand thosecharacterizedbythesimpleworst-casebounds. and,inparticular,howtheyperforminregionsbeyond presenceoflinkfaultsandhybridprocessorfaults,providedthatthereispathoflengthr+1linksorless fromthetransmittertoeachnonfaultyreceiverthat passesthroughonlynonfaultyprocessorsandgood WecanobservethatZA(r)achievesValidityinthe Theideaistomodelthesystemasthecomposition oftheprotocols,butamoreattractivealternativeis behaviorinspeciccongurationsunderallscenarios. Simulationcouldbeusedtosamplethebehavior asarbitraryfailuresintheworstcase. oftwoconcurrentprocesses:onethatinjectsfaults touseaformalstate-explorationtooltoexaminetheir andonethattoleratesordiagnosesthem.astateexplorationtoolwillthensystematicallyexploreall tocharacterize.wecanalsoobservethatforagreement,alinkfaultisasdisruptive,intheworstcase,as links.smh(r)hasthesameboundsonvalidityas possiblescenariosfortheirinteraction. systemfromdaviddill'sgroupatstanford[20]for ZA(r),whilethatofOMHA(r)isworseanddicult anarbitraryfaultateitherthesenderorreceiveron thelink.thus,iflinkfaultsareattributedtoeither fortheomh(1),omha(1),z(1),za(1),andsmh(1) ofprocessorsneededtoaccountforallsuchfaults,then theirsenderorreceiver,andlistheminimumnumber protocolsinthen=5case,andcausedmurtonondeterministicallyperformasymbolic\faultinjection" thispurpose.essentially,weprovidedmurprograms WehaveusedtheMur(pronounced\Murphy") ZA(r)willachieveAgreementprovidedra+l.SimilarworstcaseboundsapplyforAgreementinSMH(r), thenruntheprotocols.byexploringalldierentruns (ofbothlinkfaultsandhybridprocessorfaults)and whileomha(r)requiresn>2a+2s+m+r+2land (thereareover20,000ofthem),muressentiallyundertakesexhaustivefaultinjectionontheseprotocols (theprocesstakesacoupleofminutesonasparc ra+l. 10).Ofcourse,itwouldbestraightforwardtowritea 9programtodothis,butweconsidertheuseofformal state-explorationtoolsaverypromisingandgeneral
10 techniquefortheexaminationofalgorithmsforfault inthecasen=5andr=1,andrediscoveredthe onfaulttoleranceclaimedforthevariousprotocols toleranceanddiagnosis. knownvulnerabilityofz(1)tomanifest-faultytransmitters[19].thatistosay,exhaustivesearchofall Ourexperimentsconrmedtheworst-casebounds faultcongurationssatisfyingtheboundsclaimedin Table1forthecaseofn=5andr=1foundnoviolationsofValiditynorofAgreement,exceptforthe knowncasesinz(1). tainedwhenweallowedfault-injectiontocontinuebe- yondthesimplecharacterizationsofworst-casefault tolerancefortheprotocolsconcerned.forexample, However,muchmoreinterestingresultswereob- althoughnove-processor,two-roundprotocolcan ZA(1)doestoleratetwosuchfaultsinmostcases. WethereforeusedourMurfault-injectionsystemto withstandtwolinkfaultsintheworstcase,wefound counthowmanyscenarioscausedeachprotocoltofail withandwithouttheassumptionofsecureauthentication Ṗrotocol OMH(1) OMHA(1) AuthenticationAssumptions Z(1) Violated 25 Sound ZA(1) 25 SMH(1) whereeachprotocolfails Table2:Percentageoffaultcongurationsina5-plex cussed,usingexhaustivestateexplorationtocalculate thepercentageoffaultcongurationsthatcausedthe mostresilientoftheseprotocolsunderthecombination protocolstofail.overall,itseemsthatza(1)isthe Table2comparesthevariousprotocolswehavedis- ofhybridandlinkfaults,thoughmoreexperimentsare neededtoconrmthis. faultclass(good,manifest,symmetric,orarbitrary) toeachprocessor,andanassignmentofuptothree faultylinksbetweenprocessors.weexcludedcongurationswithlinkfaultsemanatingfromarbitraryor Faultcongurationsconsistofanassignmentof behavior).foreachconguration,wetestedwhether causegoodreceiverstodisagreeorcauseagoodreceivers(suchlinkfaultshavenorealimpactonsystem manifestlyfaultytransmitters,orarrivingatfaultyre- anyscenarioofmessagesbythefaultyprocessorscould10 congurationsforwhichsuchfailurewaspossible. ceivertofailtoagreewiththetransmitter.foreach protocol,wethencalculatedthepercentageofallfault writtenspecications,reducingthesearchspacedramatically.forexample,thecongurationwhereall processorsaregoodexceptthatthethirdreceiveris ThenewestreleaseoftheMursystemautomaticallydetectsandexploitssymmetryinappropriately intheassignmentofbehaviorstoprocessors.be- areusedintheassignmentoffaultylinksaswellas onlyexploresoneofthesealternatives.symmetries cessorsaregoodexceptthesecondreceiver,andmur manifest-faultyisisomorphictothecasewhenallprosolute,performance.wefurtherreducedthesetof Table2shouldbetakentoindicaterelative,notabcauseofthesesymmetryreductions,notallcongurationsarecountedindividually,sothenumbersin sendingmanifestlybad(e)values,sincethiswould satised.weexcludedsymmetric-faultyprocessors congurationstorequireatleastonegoodreceiver, amounttothesamethingasamanifestfault,andwe sinceotherwisevalidityandagreementaretrivially andthatwhenthetransmitterisgood.however,we tersincethereisverylittledierencebetweenthiscase anyway,includingthepossibilityofbehavingasgood, alsoexcludedthecaseofasymmetric-faultytransmit- didallowanarbitrary-faultytransmittertobehavein iouscombinationsofgood,wrong,andevalues. symmetric-ormanifest-faulty,aswellassendingvar- manifestlybad(e)valuesorthecorrectvalue.inalgorithmomha(1),arbitrary-faultyreceiversalsohave thatauthenticationneverleadstogoodprocessorsdisativenumbersofcongurationswherethevariousalgorithmsbehaveacceptably. signicantlyreducethetotalnumberofcongurations thatneedtobeconsidered,butdonoteecttherelcardinggoodmessages.thesefactors,takentogether, receivedfromthetransmitter.thusforalgorithm ZA(1)arbitrary-faultyreceiversareonlyabletosend werenotallowedtosenddatavaluesotherthanthat Fortheauthenticatedprotocols,faultyreceivers lier,thisisthemainsourceofbrittlenessofomha(1). Wefurthermaketheassumptionintheseexperiments theopportunitytosendr(e)and,asdiscussedear- ornotsignaturesaresecure(dramaticallysoifsignaturesareinsecure).za(1)isalsosuperiorinoverall ZA(1)wringsthemaximumfaulttolerancefroma formstheclassicalsignedmessagesprotocolwhether givenamountofredundanthardware,andoutper- Thetableshowsthattheauthenticatedprotocol resiliencetoomha(1).thisisnottosaythatza(1) isuniformlysuperiortoomha(1).consideragood
11 transmitterwithlinkfaultstoallreceiversexceptp, andphasalinkfaulttoreceiverq.underza(1),q decidesoneandalltheotherreceiversdecideonthe valuesentbythetransmittertop,therebyviolating Agreement.UnderOMHA(1)allreceiverssettleon E.Notethatwearetestingthefaulttoleranceofthese protocolswellbeyondtheirusuallyclaimedfaulttolerance:onlyapproximatelyvepercentofallfault congurationswestudiedfallwithintheworst-case boundsoftheprotocols.thus,alltheseprotocolsare farmoretolerantoffaultsthantheirsimpleworst-case boundswouldsuggest. 8Conclusion Theassumptionsrequiredoftheauthentication mechanisminbyzantineagreementprotocolsthatuse \signedmessages"arestrongerthangenerallyrealized,andrequirethatdigitalsignaturesareusedwith greatcare.violationoftheseassumptionscancause theprotocolstofail.wehavepresentednewprotocolsthatcombineauthenticationwith\oralmessages" protocolssothatadditionalresilienceisobtainedwhen theauthenticationassumptionsaresound,buttheresilienceoftheunauthenticatedprotocolisretained whenauthenticationassumptionsareviolated. Whentheauthenticationassumptionsaresound, oneofthesenewprotocols,calledza(r),matchesthe faulttoleranceoftheclassicalsignedmessagesprotocolunderahybridfaultmodel,andsurpassesitwhen communicationslinkfaultsareconsidered.za(r)also performswelloverallwhenauthenticationassumptionsareviolated,buthasanunfortunate\hole"inits worst-casebound(itisvulnerablewhenthetransmitterismanifest-faulty).anotherofthenewprotocols, OMHA(r)maybepreferredifthiscaseisconsidered important,thoughitislessresilienttolinkfaultsthan ZA(r). Thesenewprotocolsaresuperiortootherknown protocolsinpropertiesandmeasuresofpracticalinterest,andwerecommendthemforgeneraluse.they areparticularlyattractiveinsecurity-criticalsystems whereauthenticationmaybesubjectedtosophisticatedcryptographicattack,andinsafety-criticalembeddedsystemswheremaximumresilienceisrequired butwhereonlyshortorcryptographicallyweaksignatures(e.g.,checksums)maybefeasible.selectionof themostsuitableprotocolforagivensystemmustobviouslydependontheexpectedmodesandfrequencies offaults,andtheconsequencesofsystemfailure. Ouruseofthestate-explorationsystemMurto performsymbolic\faultinjection"is,webelieve, novel.itsuggestsaverypromisingnewapplication areaforthisclassofformalmethodstools,andone thatweintendtopursueinfuturework. Acknowledgments OurunderstandingofthesetopicshasbenettedgreatlyfromdiscussionswithChrisWalterand MicheleHugue(boththenwithAlliedSignal).Commentsbytheanonymousreviewerswerealsovery helpful.malteborcherdingoftheuniversityofkarlsruhepointedoutsomeerrorsintheoriginalpaper. References PapersbySRIauthorscangenerallyberetrieved fromhttp:// [1]MartnAbadiandRogerNeedham.Prudentengineeringpracticeforcryptographicprotocols.InProceedingsoftheSymposiumonResearchinSecurity andprivacy,pages122{136,oakland,ca,may1994. IEEEComputerSociety. [2]BirgitBaum-Waidner.Byzantineagreementwitha minimumnumberofmessagesbothinthefaultless andworstcase.infaulttolerantcomputingsymposium23[14],pages554{563. [3]MalteBorcherding.Ecientfailurediscoverywith limitedauthentication.in15thinternationalconferenceondistributedcomputingsystems,pages78{82, Vancouver,Canada,May1995.IEEEComputerSociety. [4]W.DieandM.E.Hellman.Newdirectionsincryptography.IEEETransactionsonInformationTheory, IT-22(6):644{650,November1976. [5]D.DolevandH.R.Strong.Authenticatedalgorithms forbyzantineagreement.siamjournaloncomputing,12(4):656{666,november1983. [6]DannyDolevandRudigerReischuk.BoundsoninformationexchangeforByzantineagreement.Journal oftheacm,32(1):191{204,january1985. [7]DannyDolev,RudigerReischuk,andH.Raymond Strong.EarlystoppinginByzantineagreement.JournaloftheACM,37(4):720{741,October1990. [8]KlausEchtle.Faultmaskingwithreducedredundant communication.infaulttolerantcomputingsymposium16,pages178{183,vienna,austria,july1986. IEEEComputerSociety. [9]T.ElGamal.Apublickeycryptosystemandasignatureschemebasedondiscretelogarithms.IEEE TransactionsonInformationTheory,IT-31(4):469{ 472,July1985. [10]PaulD.Ezhilchelvan.Earlystoppingalgorithmsfor distributedagreementunderfail-stop,omission,and timingfaulttypes.in6thsymposiumonreliability indistributedsoftwareanddatabasesystems,pages 201{212,Williamsburg,VA,March1987.IEEEComputerSociety. 11
12 [11]M.FischerandN.Lynch.Alowerboundforthe timetoassureinteractiveconsistency.information ProcessingLetters,14:183{186,1982. [12]F.DiGiandomenico,M.L.Guidotti,F.Grandoni, andl.simoncini.agracefuldependablealgorithm forbyzantineagreement.in6thsymposiumonreliabilityindistributedsoftwareanddatabasesystems, pages188{200,williamsburg,va,march1987.ieee ComputerSociety. [13]L.Gong.Variationsonthethemesofmessagefreshnessandreplay.InProceedingsoftheComputerSecurityFoundationsWorkshopVII,pages131{136,Franconia,NH,June1993.IEEEComputerSociety. [14]FaultTolerantComputingSymposium23,Toulouse, France,June1993.IEEEComputerSociety. [15]R.M.Kieckhafer,C.J.Walter,A.M.Finn,andP.M. Thambidurai.TheMAFTarchitecturefordistributed faulttolerance.ieeetransactionsoncomputers, 37(4):398{405,April1988. [16]LeslieLamport,RobertShostak,andMarshallPease. TheByzantineGeneralsproblem.ACMTransactions onprogramminglanguagesandsystems,4(3):382{ 401,July1982. [17]PatrickLincolnandJohnRushby.Formalverication ofanalgorithmforinteractiveconsistencyundera hybridfaultmodel.incostascourcoubetis,editor, Computer-AidedVerication,CAV'93,volume697 oflecturenotesincomputerscience,pages292{304, Elounda,Greece,June/July1993.Springer-Verlag. [18]PatrickLincolnandJohnRushby.Formalverication ofanalgorithmforinteractiveconsistencyundera hybridfaultmodel.technicalreportsri-csl-93-2,computersciencelaboratory,sriinternational, MenloPark,CA,March1993.AlsoavailableasNASA ContractorReport4527,July1993. [19]PatrickLincolnandJohnRushby.Aformallyveried algorithmforinteractiveconsistencyunderahybrid faultmodel.infaulttolerantcomputingsymposium 23[14],pages402{411. [20]RalphMeltonandDavidL.Dill.MurAnnotated ReferenceManual.ComputerScienceDepartment, StanfordUniversity,Stanford,CA,March1993. [21]JudyH.Moore.Protocolfailuresincryptosystems. ProceedingsoftheIEEE,76(5):594{602,May1988. [22]NationalInstituteofStandardsandTechnology.The digitalsignaturestandard.communicationsofthe ACM,37(7):36{40,July1992. [23]M.Pease,R.Shostak,andL.Lamport.Reaching agreementinthepresenceoffaults.journalofthe ACM,27(2):228{234,April1980. [24]MichaelReiter.Asecuregroupmembershipprotocol.InProceedingsoftheSymposiumonResearchin SecurityandPrivacy,pages176{189,Oakland,CA, May1994.IEEEComputerSociety. [25]R.L.Rivest,A.Shamir,andL.Adleman.Amethod forobtainingdigitalsignaturesandpublic-keycryptosystems.communicationsoftheacm,21(2):120{ 126,February1978. [26]JohnRushby.Aformallyveriedalgorithmforclock synchronizationunderahybridfaultmodel.inthirteenthacmsymposiumonprinciplesofdistributed Computing,pages304{313,LosAngeles,CA,August 1994.AssociationforComputingMachinery. [27]FredB.Schneider.Implementingfault-tolerantservicesusingthestatemachineapproach:Atutorial. ACMComputingSurveys,22(4):299{319,December [28]T.K.SrikanthandS.Toueg.Simulatingauthenticated broadcaststoderivesimplefault-tolerantalgorithms. DistributedComputing,2(2):80{94,1987. [29]PhilipThambiduraiandYou-KeunPark.Interactive consistencywithmultiplefailuremodes.in7thsymposiumonreliabledistributedsystems,pages93{ 100,Columbus,OH,October1988.IEEEComputer Society. [30]C.J.Walter,N.Suri,andM.M.Hugue.Continualonlinediagnosisofhybridfaults.InF.Cristian,G.Le Lann,andT.Lunt,editors,DependableComputing forcriticalapplications 4,volume9ofDependable ComputingandFault-TolerantSystems,pages233{ 249.Springer-Verlag,Vienna,Austria,January1994. Theviewsandconclusionscontainedhereinarethoseoftheauthors andshouldnotbeinterpretedasnecessarilyrepresentingtheocial policiesorendorsements,eitherexpressedorimplied,oftheair ForceOceofScienticResearchortheU.S.Government. 12
AmyP.Felty1,DouglasJ.Howe1,andFrankA.Stomp2 ProtocolVericationinNuprl? 2Dept.ofComp.Sci.,UCDavis,Davis,CA95616,[email protected] 1BellLabs,MurrayHill,NJ07974,USA.ffelty,[email protected] whileretainingexistingadvantagesofthesystem,anddescribesapplicationoftheprovertoverifyingthescicachecoherenceprotocol.the
Select cell to view, left next event, right hardcopy
Run 480841:029822 @ 170718 on 061003 e/p currents: 34.9 / 86.7 ma FTi: 4 hits, mean 1.0 +/- 2.3 min/max -1.8 2.9 Number of hits (P/Q) 733 625 clusters (P/Q) 137 53 tracks (123 P) 0 0 0 1 Run 480841:029822
V e r d e s I s t v á n a l e z r e d e s V Á L T O Z Á S O K. F E L A D A T O K. GONDOK A S O R K A TO N A I
V e r d e s I s t v á n a l e z r e d e s V Á L T O Z Á S O K. F E L A D A T O K. GONDOK A S O R K A TO N A I A L A P K IK É P Z É S B E N F Ő IS K O L Á N K O N C T A N U L M Á N Y > N a p j a i n k b
2 1k 0 3k 2 0 1 4 S 5 7 P a s t w a c z ł o n k o w s k i e - Z a m ó w i e n i e p u b l i c z n e n a u s ł u g- i O g ł o s z e n i e o d o b r o w o l n e j p r z e j r z y s t o c i e x - a nnt e
Smart Integration of Wireless Temperature Monitoring System with Building Automation System
Smart Integration of Wireless Temperature Monitoring System with Building Automation System Case Study Area of engagement Solution to integrate wireless temperature monitoring system with BMS (Building
MENTAL HEALTH AND SUBSTANCE ABUSE SERVICES BULLETIN MENTAL RETARDATION BULLETIN COMMONWEALTH OF PENNSYLVANIA DEPARTMENT OF PUBLIC WELFARE
MENTAL HEALTH AND SUBSTANCE ABUSE SERVICES BULLETIN MENTAL RETARDATION BULLETIN COMMONWEALTH OF PENNSYLVANIA DEPARTMENT OF PUBLIC WELFARE DATE OF ISSUE December 17, 2002 EFFECTIVE DATE Immediately NUMBER
How To Sell Pens For A Year
ProHealth Care, Waukesha, WI Pulmonary Rehab Article January 2006 PENS Newsletter I heard another success the other day for Close to Home PENS. We ran an innocent little PENS article about pulmonary rehab
Northern Arizona University FY 2016 Annual Audit Plan June 2015
1 (Mandatory) (Cyclical) Athletics NCAA Compliance (Year 2 of 3) 400 Compliance Reputational Per NCAA Division I Manual 22.2.1.2(e), at least once every four years Athletics rulescompliance program must
U. S. Department of Housing and Urban Development. Office of Inspector General for Investigation. Inspections and Evaluations Division
U. S. Department of Housing and Urban Development Office of Inspector General for Investigation Inspections and Evaluations Division Inspection of Whether Duplicate Rental Assistance Payments Were Made
SIM-K 3030 SIM-K 3035. 453,- Kè. 15-19 mm. 15-19 mm. 453,- Kè. 453,- Kè. 15-19 mm. 15-19 mm. 566,- Kè. 566,- Kè. 15-19 mm.
SIM-K 3030 3030/S35 BRAUN 3030/S35 WEISS 3030/S35 RAL 8003 3030/S35 RAL 9006 3030/S35 RAL 1036 3030/S35 F1 3030/S35 F9 SIM-K 3035 3035/S35 BRAUN 3035/S35 WEISS 3035/S35 RAL 8003 3035/S35 RAL 9006 3035/S35
ZA-12. Temperature - Liquidus + 45 o C (81 o C) Vacuum = 90mm
Ragonne Fluidity, Inches Zn-Al Impact 38 34 30 26 22 18 14 No. 3 Zn-Al ZA-8 Liquidius ZA-12 Temperature - Liquidus + 45 o C (81 o C) Vacuum = 90mm Zn-Al (0.01-0.02 percent mg) ZA-27 10 0 2 4 6 8 10 12
Coverage Analysis. Purpose
Coverage Analysis Purpose The purpose of this policy is to provide a method for researchers to perform a Coverage Analysis (CA) for clinical research conducted at Mission Hospital, Inc., Memorial and St.
TROLLEY LOCKS FOR TROLLEY MANAGEMENT
TROLLEY LOCKS FOR TROLLEY MANAGEMENT RONIS TROLLEY LOCK FEATURES AND BENEFITS > Strength A robust metal housing. An internal metal mechanism providing long life. A strong galvanized steel key and chain.
356 As at: 08/2014. Recommended makes and types of summer tyres. Type 356. EU tyre label Noise emission. Rolling
356 As at: 08/2014 Type 356 Wheel size 4.5Jx15 42 FA/RA 165 HR 15 Michelin XAS - - - 356 B, all model years 15-inch 356 C, all model years 5.5Jx15 42 FA/RA 165 HR 15 Michelin XAS - - - 356 C, all model
SMH10R. User's Guide. www.senabluetooth.com. Low Profile Motorcycle Bluetooth Headset & Intercom
Low Profile Motorcycle Bluetooth Headset & Intercom www.senabluetooth.com User's Guide 1998-2013 Sena Technologies, Inc. All rights reserved. Sena Technologies, Inc. reserves the right to make any changes
8 / c S t a n d a r d w y m a g a ń - e g z a m i n c z e l a d n i c z y dla zawodu Ś L U S A R Z Kod z klasyfikacji zawodów i sp e cjaln oś ci dla p ot r ze b r yn ku p r acy Kod z klasyfikacji zawodów
State of New Jersey DEPARTMENT OF THE TREASURY DIVISION OF TAXATION PO BOX 269 TRENTON NJ 08695-0269 In reply respond to: (609) 633-1132
State of New Jersey DEPARTMENT OF THE TREASURY DIVISION OF TAXATION PO BOX 269 TRENTON NJ 08695-0269 In reply respond to: (609) 633-1132 SPECIFICATIONS FOR REPORTING W-2 INFORMATION VIA ELECTRONIC FILING
The Wireless Network Road Trip
The Wireless Network Road Trip The Association Process To begin, you need a network. This lecture uses the common logical topology seen in Figure 9-1. As you can see, multiple wireless clients are in
Timeout The Crosspoint Status Request message has a timeout, which means that you need to wait 1 second in between request messages.
Network Control Protocol Important notes Binary Code The strings shown on the next pages are in binary coded format. Please be aware that any terminal program you may use to control a Network unit from
Department of Financial Services Superintendent s Regulations
Department of Financial Services Superintendent s Regulations Part 504 BANKING DIVISION TRANSACTION MONITORING AND FILTERING PROGRAM REQUIREMENTS AND CERTIFICATIONS (Statutory authority: Banking Law 37(3)(4)
Luxor. Automatic retractable bollard
Luxor Automatic retractable bollard Manage, control and restrict Modern urban planning requires advanced systems able to regulate both public and private vehicular flows. Urbaco, has always been in tune
New IRS Reporting Requirements Forms 1094-C & 1095-C
New IRS Reporting Requirements Forms 1094-C & 1095-C October 22, 2015 Presented By: Lee Centrone Senior Vice President BeneSys, Inc./A&I Benefit Plan Administrators, Inc. 1 Please note that this Trust
Dynamic Load Balance Algorithm (DLBA) for IEEE 802.11 Wireless LAN
Tamkang Journal of Science and Engineering, vol. 2, No. 1 pp. 45-52 (1999) 45 Dynamic Load Balance Algorithm () for IEEE 802.11 Wireless LAN Shiann-Tsong Sheu and Chih-Chiang Wu Department of Electrical
xzy){v } ~ 5 Vƒ y) ~! # " $ &%' #!! () ˆ ˆ &Šk Œ Ž Ž Œ Ž *,+.- / 012 3! 45 33 6!7 198 # :! & ŠkŠk Š $š2 š6œ1 ž ˆŸˆ & Š)œ1 ž 2 _ 6 & œ3 ˆœLŸˆ &Šž 6 ˆŸ œ1 &Š ' 6 ª & & 6 ž ˆŸ«k 1±²\³ kµ² µ0 0 9 ² ķ¹>² µ»º
Product Safety and RF Exposure for Mobile Two-Way Radios Installed in Vehicles or as Fixed Site Control Stations
Product Safety and RF Exposure for Mobile Two-Way Radios Installed in Vehicles or as Fixed Site Control Stations! C a u t i o n BEFORE USING THIS RADIO, READ THIS BOOKLET WHICH CONTAINS IMPORTANT OPERATING
UK Radio Licence Interface Requirement 2036 For Mobile Asset Tracking Services
UK Radio Licence Interface Requirement 2036 For Mobile Asset Tracking Services (Version 1.0) 98/34/EC Notification Number: 2000/393/UK Published 15 December 2000 Page 1 File name: ir2036.doc Blank Page
Payment Transaction.
Payment Transaction. Payment transaction information. Payment instructions will be processed on the same business day if we receive them before the relevant cut-off time on that day. Any payment instructions
PAYMENT TRANSACTION. Your payment transaction information
PAYMENT TRANSACTION Your payment transaction information Contents Payment transaction information 1 Outbound domestic payments 2 Inbound domestic payments 3 International payments 4 Outbound international
Airport Parking Management with Software as a Service (SaaS)
Parking and leisure centre systems Airport Parking Management with Software as a Service (SaaS) An alternative to traditional IT strategies? Martin Hughes, Managing Director Scheidt & Bachmann UK Thomas
16 Rankings On First Page. 30 Total Keywords. KEYWORD RANKINGS We are tracking Benchmark Date and Current Ranking. Ranking Changes Improved
Keyword Rankings harmonygroup.co.za 0 Total Keywords 8 Rankings On First Page 6 Rankings On First Page 7 Rankings On Second Page 7 Ranking Changes Improved NA Ranking Changes Declined KEYWORD RANKINGS
Certified Platinum Configurations
The tables in this document describe the Certified Platinum Configurations as of the effective date of the applicable table. In order to determine which table applies to you, please note the following:
VARIATION TO LICENCE AREA PLAN
Attachment A VARIATION TO LICENCE AREA PLAN BRIDGETOWN (RADIO) May 2001 LICENCE AREA PLAN BRIDGETOWN VARIATION The Australian Broadcasting Authority hereby varies the licence area plan (LAP) for radio
DAP Proxy Server Configuration. Technical Note
DAP Proxy Server Configuration Technical Note The software described in this manual is furnished under license and may only be used or copied in accordance with the terms of the license. Manual release
INTERIM SITE MONITORING PROCEDURE
INTERIM SITE MONITORING PROCEDURE 1. PURPOSE The purpose of this SOP is to describe the interim monitoring procedures conducted at Institution, according to GCP and other applicable local regulations.
OMANTEL REFERENCE INTERCONNECTION OFFER
OMANTEL REFERENCE INTERCONNECTION OFFER July 7, 2010 LEASED LINES Index INDEX... 2 1 GENERAL... 3 2 DEFINTIONS... 4 3 LEASED LINE PORTFOLIO... 5 4 ORDERING AND DELIVERY... 6 5 CHANGING AND DISCONNECTION...
since 1928 ALBIN PUMP ALH HOSE PUMPS TECHNICAL DATASHEETS
AB U S US TA ATASTS 05 3 BS - ATA ST 0.25 nstalled power (Kw) 05 (3 lobes) 8 Bars 0.18 0.12 3 Bars Temperature ( ) ontinous 24/24h ntermittent* ccasional* low (l/h) 3.4 6.8.2 13.6 16.9.4 *ntermitent use
IPThermo206G. Offline/online data collector, SMS alarm sender, watchdog terminal for IPThermo Pro network
IPThermo206G Offline/online data collector, SMS alarm sender, watchdog terminal for IPThermo Pro network IPThermo 206G is the central data handling terminal of the IPThermo Pro measurement network. This
RSA Event Source Configuration Guide. IBM iseries AS/400
Configuration Guide IBM iseries AS/400 Last Modified: Tuesday, March 11, 2014 Event Source (Device) Product Information Vendor IBM Event Source (Device) iseries AS400 Supported Versions V5R2 and above
COMPLIANCE WITH LAWS AND REGULATIONS (CLR)
Principle: Ensuring compliance with applicable laws, regulations and professional standards of practice implementing systems and processes that prevent fraud and abuse. 91 Compliance with Laws and Regulations
Thursday September 23 rd 11:30 AM to 12.45 PM Kerhonkson, New York.
NYAPRS 28 TH Annual Conference Integrating Mental Health and Addiction Recovery into our Lives and Systems Presenter: John Challis B.A., B.S.W., Dip Teach. Director of Technical Assistance Thursday September
Third-Party Access and Management Policy
Third-Party Access and Management Policy Version Date Change/s Author/s Approver/s Dean of Information Services 1.0 01/01/2013 Initial written policy. Kyle Johnson Executive Director for Compliance and
Input module, input/output module
Sinteso / Cerberus PRO Input module, input/output module FDCI221, FDCIO221 Input module and input/output module for the automatically addressed detector line Input module FDCI221: Monitorable contact input
By reversing the rules for multiplication of binomials from Section 4.6, we get rules for factoring polynomials in certain forms.
SECTION 5.4 Special Factoring Techniques 317 5.4 Special Factoring Techniques OBJECTIVES 1 Factor a difference of squares. 2 Factor a perfect square trinomial. 3 Factor a difference of cubes. 4 Factor
MENTAL HEALTH CONSULTANT PROCEDURE
TMC MIGRANT SEASONAL HEAD START MENTAL HEALTH CONSULTANT PROCEDURE Procedure No. MH-100-A Effective Date of Procedure: 11/13/99 Program Area: Mental Health Services Revised 02/11 STATEMENT OF PROCEDURE
Note: This article was updated on October 1, 2012, to reflect current Web addresses. All other information remains unchanged.
Related Change Request (CR) #: 3444 Related CR Release Date: September 10, 2004 Effective Date: N/A Related CR Transmittal #: R299CP Implementation Date: N/A Note: This article was updated on October 1,
Weather Radar Basics
Weather Radar Basics RADAR: Radio Detection And Ranging Developed during World War II as a method to detect the presence of ships and aircraft (the military considered weather targets as noise) Since WW
IEEE 802.11 frame format
IEEE 802.11 frame format Pietro Nicoletti www.studioreti.it 802-11-Frame - 1 P. Nicoletti: see note pag. 2 Copyright note These slides are protected by copyright and international treaties. The title and
Safety Plan Reviews in 3D Christopher Santulli, PE. April 23, 2012 Times Square Marriott Marquis
Safety Plan Reviews in 3D Christopher Santulli, PE April 23, 2012 Times Square Marriott Marquis Safety Responsibility Building Code 3301.1 Responsibility for safety (abbr.) Nothing in this chapter shall
European Wide Certified Diabetes Educator Course (EU-CDEC) Quality Assurance and Risk Management Plan Report (WP7)
Annex 26 - Quality Assurance and Risk Management Plan Report European Wide Certified Diabetes Educator Course (EU-CDEC) Quality Assurance and Risk Management Plan Report (WP7) WP Leaders: Ondrej Cinek,
WHITE PAPER. Static Load Balancers Implemented with Filters
WHITE PAPER Static Load Balancers Implemented with Filters www.ixiacom.com 915-6911-01 Rev. A, July 2014 2 Table of Contents Load Balancing of Monitoring Systems as a Key Strategy for Availability, Security
Arkansas Department Of Health and Human Services Division of Medical Services P.O. Box 1437, Slot S-295 Little Rock, AR 72203-1437
Arkansas Department Of Health and Human Services Division of Medical Services P.O. Box 1437, Slot S-295 Little Rock, AR 72203-1437 Fax: 501-682-2480 TDD: 501-682-6789 Internet Website: www.medicaid.state.ar.us
1 7 / c S t a n d a r d w y m a g a ń - e g z a m i n c z e l a d n i c z y dla zawodu M E C H A N I K - M O N T E R M A S Z Y N I U R Z Ą D Z E Ń Kod z klasyfikacji zawodów i sp e cjaln oś ci dla p ot
Off Site Access PPD IT How to Guides December 2010
Off Site Access When you are working away from RAL, you can connect to the RAL network via Virtual Private Network. This allows you to see internal RAL web pages and provides a way to access SSC, which
COLLECTION, USE, AND DISCLOSURE LIMITATION
COLLECTION, USE, AND DISCLOSURE LIMITATION This is one of a series of companion documents to The Nationwide Privacy and Security Framework for Electronic Exchange of Individually Identifiable Health Information
Security Management System. MHPD Module
Security Management System MHPD Module 1 Security Management System: Why do we need to use SMS? Security Management System Accessing SMS MHPD Module Security Groups Mental Health Provider Data Exchange
Remote Access. A Service Guide for Colleges. An overview of the opt-in Remote Access service provided by Ontario College Library Service
A Service Guide for Colleges An overview of the opt-in Remote Access service provided by Ontario College Library Service Remote Access A Service Guide for Colleges Contents Remote Access Basics... 2 All
Your launch pad for excellence UNIVERSITY. 6 cm filling height. Ferranti Computer Systems MECOMS University Training Overview
Your launch pad for excellence UNIVERSITY 6 cm filling height Ferranti Computer Systems MECOMS University Training Overview CLASSROOM: ADVANCED FUNCTIONAL METER DATA MANAGEMENT UNIVERSITY Introduction
0,2 D(0) A(1) D(1) 1,3 D(2) 0,2 D(0) A(1) D(1) 1,3 D(2) D(3) D(3) D(1) D(1) A(4) D(2) 4,6 D(3) A(4) 4,6 GO BACK 3 SELECTIVE REJECT WINDOW SLIDES
WASHINGTON UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE CS423 Computer Communications: More Error Recovery Fall 1995 This is the fourth of probably 7 lectures on the Data Link Layer. In the last lecture we
Software Defined Radio (SDR) Application Review Guide
Software Defined Radio (SDR) Application Review Guide TCB Workshop October 6, 2009 Jim Szeliga Laboratory Division Office of Engineering and technology Federal Communications Commission Presentation Outline
Division of Medical Services
Division of Medical Services Program Planning & Development P.O. Box 1437, Slot S-295 Little Rock, AR 72203-1437 501-682-8368 Fax: 501-682-2480 TO: Arkansas Medicaid Health Care Providers Transportation
REGULATORY ALERT NATIONAL CREDIT UNION ADMINISTRATION 1775 DUKE STREET, ALEXANDRIA, VA 22314. DATE: October 2001 NO.: 01-RA-11
REGULATORY ALERT NATIONAL CREDIT UNION ADMINISTRATION 1775 DUKE STREET, ALEXANDRIA, VA 22314 DATE: October 2001 NO.: 01-RA-11 TO: All Federally-Insured Credit Unions SUBJECT: Suspicious Activity Report
3M Electronic Monitoring / SVEP. 3M Domestic Violence GPS Proximity Notification System Web Training
3M Domestic Violence GPS Proximity Notification System Web Training Objective TO EXPLAIN HOW THE SYSTEM PROTECTS THE VICTIMS OF DOMESTIC VIOLENCE 2 3M Domestic Violence GPS Proximity Notification System
How to travel from Qatar to UAE and Oman by road
How to travel from Qatar to UAE and Oman by road Experience from journey January 2007 Jacob Helm-Petersen (MOQ) and Thomas Gierlevsen (COWI) Prepared by Thomas Gierlevsen Rev. 1 Preparations: 1) Obtain
What is Process Validation?
What is Process Validation? Process Validation is defined as the collection and evaluation of data, from the process design stage throughout production, which establishes scientific evidence that a process
B I N G O B I N G O. Hf Cd Na Nb Lr. I Fl Fr Mo Si. Ho Bi Ce Eu Ac. Md Co P Pa Tc. Uut Rh K N. Sb At Md H. Bh Cm H Bi Es. Mo Uus Lu P F.
Hf Cd Na Nb Lr Ho Bi Ce u Ac I Fl Fr Mo i Md Co P Pa Tc Uut Rh K N Dy Cl N Am b At Md H Y Bh Cm H Bi s Mo Uus Lu P F Cu Ar Ag Mg K Thomas Jefferson National Accelerator Facility - Office of cience ducation
Mass deployment Smart Gas- (& Electricity) Meters Netherlands
Mass deployment Smart Gas- (& Electricity) Meters Netherlands Arno Tuinman Liander Infostroom Controls grid for gas and electricity 1 Agenda Speaker Introduction Liander Introduction Status Deployment
VENDOR SECTION An overview of the Vendor Section which is used to add, edit and send messages to vendors.
PROPERTY MANAGER TRAINING MANUAL INTRODUCTION Relate 24/7 SM is an automated prospect and resident follow-up email marketing machine. Even when your leasing team is busy with other important tasks, this
OFFICE OF MENTAL HEALTH AND SUBSTANCE ABUSE SERVICES BULLETIN
OFFICE OF MENTAL HEALTH AND SUBSTANCE ABUSE SERVICES BULLETIN ISSUE DATE: EFFECTIVE DATE: NUMBER: October 20, 2011 October 30, 2011 OMHSAS-11-08 SUBJECT: BY: Administrative Investigations SCOPE: State
Appendice 1 al Regolamento ENAC ATSEP Basic training Shared
Regolamento ENAC ATSEP Appendici Pag. 1 Appendice 1 al Regolamento ENAC ATSEP Basic training Shared Subject 1: INDUCTION TOPIC 1 BASIND Induction Sub-topic 1.1 BASIND Training and Assessment Overview Sub-topic
TP32MTT.03 TP32MTT.03.1. [ GB ] Probes for soil thermal profile measurement
![TP32MTT.03 TP32MTT.03.1. [ GB ] Probes for soil thermal profile measurement](/thumbs/40/20650258.jpg "TP32MTT.03 TP32MTT.03.1. [ GB ] Probes for soil thermal profile measurement")
TP32MTT.03 [ GB ] Probes for soil thermal profile measurement [ GB ] [ GB ] Description Temperature measurement at 7 levels (TP32MTT.03) or 6 levels () In accordance with the requirements of the World
Frequently Asked Questions. 1. How do I repost a RAL/ERC file using ACA/Lacerte software?
Frequently Asked Questions 1. How do I repost a RAL/ERC file using ACA/Lacerte software? To restore the ral or erc, at the main screen of the direct allaince you would select ral and restore bank file.