| The integration of wireline networks with wireless ad hoc networks is expected to have a revolutionary impact on a wide range of applications by enabling pervasive computing. For this potential to be realized, it is necessary to design networked systems that are reliable and secure, and can deliver high performance. Toward this goal, this dissertation presents a framework of intrusion and fault tolerance techniques for both wireline and wireless domains. Reliability and security issues are addressed together by combining replication to handle faults, threshold cryptography to handle security attacks, and custom hardware to provide high performance and tamper resilience.; The dissertation first looks into wireline networks and proposes a high-performance, intrusion- and fault-tolerant architecture for core application services. The scheme forcibly replicates a server application on multiple machines and is made efficient and secure by (1) enabling multithreading in the replicated code and (2) implementing secret-key storage and cryptographic operations in custom parallel hardware. A Loose Synchronization Algorithm (LSA) and a Preemptive Deterministic Scheduling (PDS) algorithm are designed to compensate for the nondeterminism in replica thread execution resulting from multithreading. The architecture is demonstrated using an excellent example of core wireline service that demands high reliability, security, and performance, namely, an attribute authority for processing digital attribute certificates.; To provide in the wireless domain a level of dependability comparable to that in the wireline domain, this dissertation proposes an Inner-circle Consistency approach for wireless ad hoc networks. By exploiting the information and computation that is naturally replicated in the wireless network, the inner-circle consistency approach can stop/neutralize errors and attacks as soon as they are injected in the wireless network by faulty/malicious nodes. The inner-circle consistency idea leverages the same combination of replication, threshold cryptography, and custom hardware used in the wireline domain, yet it reformulates the intrusion and fault tolerance paradigm to take into account the limitations and the characteristics of wireless environments. The approach is demonstrated in two significant wireless scenarios: the neutralization of attacks against the Ad hoc On-demand Distance Vector (AODV) routing protocol, and the neutralization of sensor errors in a wireless sensor network. |
