









Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Community
Ask the community for help and clear up your study doubts
Discover the best universities in your country according to Docsity users
Free resources
Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors
A solution to a final exam for a Distributed Systems course. It includes short answer questions and a security protocol illustration. The exam has a total of 80 points and is 15 pages long. The security protocol includes vulnerabilities that were not recognized at the time the exam was created.
Typology: Exams
1 / 15
This page cannot be seen from the preview
Don't miss anything!
Question Points Score
1 8
2 3
3 6
4 12
5 10
6 12
7 13
8 6
9 10
Total: 80
Short Answers
Solution:
Crash Recovery
Suppose we wish to implement a transaction processing system that maintains ACID properties even in the presence of crashes. In event of a crash, any information stored on disk can be retrieved, but any data stored in memory will be lost. Briefly describe one serious shortcoming of each of the following implementations: (a) The database is updated on disk with each transaction
Solution: This would yield unacceptable performance, given the slow speed of disk writes
(b) The database is kept in memory and on disk, with the copy on disk updated every 50 transactions.
Solution: This would violate durability when the system crashes before the disk copy has been updated.
(c) The database is kept in memory. A log file is maintained on disk recording every transaction.
Solution: The log file would never stop growing. It would be inefficient in terms of size and recovery time.
For each of the following statements, state whether it is true or false. Give a brief (one or two sentences should suffice) justification for your answer.
Solution: This protocol has a vulnerability that was not recognized at the time the exam was created. An imposter B′^ could intercept message 1 and send the message KB′S (A, B′, Ra, Rb′ ) to S. S would generate a session key KAB′ and send a message KAS (KAB′^ , Ra) to A. Since message 3 does not identify the involved parties, A would not realize that it had created a session with B′^ rather than B. In the below answer key, we give both the intended answer and the correct answer, in terms of this vulnerability. We accepted either version but required the answers be consistent and properly explained. Note: this vulnerability could be avoided by including the identities of A and B in messages 3 and 4.
(a) S can be certain that message 2 was freshly generated by B.
Solution: False. This could be a replay of an old message, since there is no guarantee that Ra is fresh.
(b) A can be certain that message 3 was freshly generated by S.
Solution: True. Only someone who knew KAS could have generated KAS (Ra)
(c) B can be certain that message 4 was freshly generated by S.
Solution: True. Only someone who knew KBS could have generated KBS (Rb)
(d) Upon completion of the protocol, A can be certain that it has established a session with B.
Solution: Intended: True. Since A knows that Ra is fresh, it can be certain that S must have received message 2 from B. Corrected: False. As noted above, the session could be with an imposter B′.
(e) Upon completion of the protocol, B can be certain that it has established a session with A.
Solution: False. A has not established its identity with either B or S.
(f) Upon completion of the protocol, no one other than A, B, or S can know the value of KAB.
Solution: Intended: True. The only risk is for an imposter A′^ of A, but it could not read KAB without knowing KAS.
Corrected: False. The session key could be known to imposter B′.
Peer to Peer
Solution: 1
(b) (2 points) Name one major disadvantage of the centralized p2p system (from a distributed principles point of view)
Solution: - Single point of failure - Server processes everything - Server must keep track of a potentially very large number of clients - more?
(c) (2 points) Query flooding is an alternative design that solves some of the prob- lems of centralized p2p and eliminates the central server. However, it changes the mechanics of peer interactions significantly. Explain (1 sentence each) how a newly-joining node publishes the files they wish to make available, in... A centralized p2p network:
Solution: They send their list of files and metadata to the server.
A query flooding p2p network:
Solution: They don’t do anything - queries come to them.
(d) (2 points) One popular improvement upon query flooding is to move to a “supern- ode” flooding architecture. Using N as the number of nodes in the network and, S as the number of supernodes (S << N ), explain the benefit of moving to this supernode architecture.
Solution: Queries require now O(S) messages instead of O(N ). In addition, if the nodes used as supernodes are more stable or have higher capacity, can further improve the performance or stability of the network.
(e) (2 points) What is a common mechanism used to limit the propagation of queries in a flooding network?
Solution: TTL - time to live - scoping. Also known as hop count limits, etc.
(f) (2 points) List one typical criterion for selecting a node to be promoted to a supern- ode. Explain in one sentence why such a choice would improve network stability.
Solution: How long a node has been part of the network (time), because how long a node has been around is a good predictor of how long it will be around.
(f) (3 points) An optimization to Chord involves storing several nodes for each entry in the finger table instead of just one. Explain an important benefit this optimization confers in a globally distributed DHT.
Solution: (1) This allows routing based on proximity, which would reduce slow routes that criss-cross the globe. (2) It provides a fallback in case one of the nodes in the finger table is unreach- able.
Byzantine Fault Tolerance
Solution: From the point of view of a client of the system, f out of the total of n nodes may be faulty and not responding, so the client must be able to function with just n − f responses. But the messages are asynchronous, so the f unreceived messages may in fact have been from slow non-faulty nodes, which means that f out of the n − f responses may be wrong. Even so, the messages that are correct must outnumber those that are not for the client to identify which is which: n − 2 f > f , and therefore n > 3 f.