Security and Accountability in Distributed Systems

integrity of customers' data and computation.

In society, *accountability* is widely used to incentivize and reward good performance, to expose failures and unwanted behavior, and to build trust among competing individuals and organizations. In this talk, we'll suggest that accountability is also a powerful tool in the design of distributed systems. Accountability allows good nodes to prove their past compliance and ensures that (intended or unintended) deviations by any node from the expected behavior are detectable. Accountability complements fault tolerance techniques and offers an alternative to these techniques in systems that provide best-effort service.

We'll outline the requirements and challenges for an accountable distributed system. We look at a definition of accountability that is strong enough to be useful, and we propose an efficient, practical, and secure implementation. A crucial challenge here is to offer accountability for randomized protocols, e.g., protocols that rely on cryptographic techniques. We meet this challenge by developing a novel technique for generating a pseudo-random sequence and a proof that the elements of this sequence up to a given point have been correctly generated, while future values in the sequence remain unpredictable. Hence external
auditors can check if a node has deviated from its expected behavior without learning anything about the node’s future random choices.