Turtle Consensus: Moving Target Defense for Consensus

Consensus is a basic building block in middleware configuration services [4, 18]. While such services are designed to tolerate crash failures in asynchronous settings, they may not stand up well to Denial-of-Service (DoS) attacks. Specifically, malicious clients can carefully craft workloads that substantially degrade the performance of many state-of-the-art consensus protocols. By exploiting protocol-specific vulnerabilities, attackers can constantly force the protocol participants to slow execution paths [8]. In this paper, we investigate designing consensus protocols that provide acceptable performance under DoS attacks that aim to saturate the bandwidth of protocol participants. We propose a new asynchronous consensus protocol that we call Turtle Consensus. Turtle Consensus employs previously proposed crash-tolerant consensus protocols and exploits their diverse characteristics by switching between protocols from round to round. Some protocols are fast under benign conditions but their performance suffers greatly under attack. Other protocols may not be as fast under benign conditions, but their performance may actually benefit from naive attacks. By reconfiguring the consensus protocol on-the-fly we can achieve the best of both worlds: excellent performance in benign scenarios and acceptable performance while under attack, even if the client workload is high. We evaluate Turtle Consensus against adversarial scenarios where at most one process may fail and show that we can achieve better performance than existing crash-tolerant protocols under attack.