How to Securely Replicate Services * ( Preliminary

A method is presented for constructing replicated services that retain their availability and integrity despite several servers and clients being corrupted by an intruder, in addition to others failing benignly. More precisely, a service is replicated by n servers in such a way that a correct client will accept a correct server's response if, for some prespecified parameter k, at least k servers are correct and fewer than k servers are corrupt. The issue of maintaining causality among client requests is also addressed. A security breach resulting from an intruder's ability to effect a violation of causality in the sequence of requests processed by the service is illustrated. An approach to counter this problem is proposed that requires that fewer than k servers are corrupt and, to ensure liveness, that k < n 2t, where t is the assumed maximum total number of both corruptions and benign failures suffered by servers in any system run. An important and novel feature of these schemes is that the client need not be able to identify or authenticate even a single server.Instead, the clientisrequired only to possessat most two public keys for the service. "This work was supported by the DefenseAdvanced Research ProjectsAgency (DoD) under DARPA/NASA subcontractNAG2-593 administeredby the NASA Ames ResearchCenter,by grantsfrom GTE, IBM, and Siemens,Inc., and by a NationalScienceFoundation Graduate Fellowship.Any opinions,conclusionsor recommendations expressed inthisdocument _rethoseofthe authorsand do not necessarily reflecthe views,polities ordecisionsofthe National ScienceFoundation or the Department ofDefense.