Duck Attack on Accountable Distributed Systems

International audience; Accountability plays a key role in dependable distributed systems.It allows to detect, isolate and churn malicious/selfish nodes thatdeviate from a prescribed protocol. To achieve these properties, sev-eral accountable systems use at their core cryptographic primitivesthat produce non-repudiable evidence of inconsistent or incorrectbehavior.In this paper, we show how selfish and colluding nodes canexploit the use of cryptographic digests in accountability protocolsto mount what we call a duck attack. In a duck attack, selfish andcolluding nodes exploit the use of cryptographic digests to alter thetransmission of messages while masquerading as honest entities.The end result is that their selfish behavior remains undetected. Thisundermines the security guarantees of the accountability protocols.We first discover the duck attack while analyzing PAG — a cus-tom cryptographic protocol to build accountable systems presentedat ICDCS 2016. We later discover that accountable distributed sys-tems based on a secure log (essentially a hash-based data structure)are also vulnerable to the duck attack and apply it on AcTinG — aprotocol presented at SRDS 2014. To defeat our attack, we modifythe underlying secure log to have high-order dependency on themessages stored in it.