Proposed Protocol: “Adaptive Fault Diagnosis Agreement Protocol” (AFDA)

problem in combined wired/wireless network, but also AFDA can solve the FDA problem in other networks. For example, if AFDA uses the evidence gathered from the BA protocol MAHAP, the malicious faulty processors, away processors and return processors can be detected/located in MANET. If AFDA uses the evidence gathered from the BA protocol SBAP, the the malicious faulty agreement-servers, away processors and return processors can be detected/located in combined wired/wireless network.

7.1 Proposed Protocol: “Adaptive Fault Diagnosis Agreement Protocol” (AFDA)

There are three phases in the AFDA: message-collection phase, fault-diagnosis phase and re-configuration phase. The message-collection phase is used to collect ic-trees of all processors/agreement-servers which executing the BA protocol MAHAP/SBAP (depends on the network). In order to ensure that the fault diagnosis result from each fault-free processor/agreement-server is the same in MANET/combined wired/wireless network, each fault-free processor/agreement-server should collect the same evidence. Thus, AFDA collects ic-trees of all processors/agreement-server by using MAHAP/SBAP (depends on the network).

The fault-diagnosis phase is used to detect/locate away processors, return processors, and

malicious faulty processors/agreement-servers. The set of MFN is used to record malicious faulty processors/agreement-servers, the set of AN is used to record processors which have ever moved away from the network, and the set of RN is used to record return processors. The re-configuration phase is used to re-configure the network by isolating malicious faulty processors/agreement-servers and away processors. The AFDA protocol is shown in Figure 7-1.

7.1.1 Message-Collection Phase

The goal of the message-collection phase is to collect ic-trees of all processors/agreement-servers which executing the BA protocol MAHAP/SBAP (except return processors and away processors) as evidence. In order to ensure that the fault diagnosis result from each fault-free processor/agreement-server is the same, each fault-free processor/agreement-server should collect the same evidence. Therefore, in the message-collection phase of AFDA, each processor/agreement-server (except return processors and away processors) uses MAHAP/SBAP (depends on the network) to distribute its ic-tree to all processors/agreement-servers. Then processor/agreement-server stores the other processors’/agreement-servers’ ic-trees to construct the set of IC-trees =[ic-trees, ic-treea, ic-treeb …, ic-treeϋ] , where ϋ is the last Processor/agreement-server id in the network by alphabetical order. By using MAHAP/SBAP, we can ensure that fault-free processor/agreement-server collects the same set of IC-trees (the common set of IC-trees).

The detail description about how to collect the common set of IC-trees is shown in Lemma 7-1-1 and 6-2-1.

7.1.2 Fault-Diagnosis Phase

The goal of the fault-diagnosis phase is to detect/locate away processors, return processors

and malicious faulty processors/agreement-servers. Each processor/agreement-server maintains the set of MFN, AN and RN in the fault-diagnosis phase. The set of MFN is used to record malicious faulty processors/agreement-servers, the set of AN is used to record processors which have ever moved away from the network and the set of RN is used to record return processors. Each processor/agreement-server examines the common set of IC-trees in a top-down and level by level sequence by step2 in the fault-diagnosis phase of AFDA.

7.1.2.1 Detect/Locate away processors and return processors

Some of processor has mobility in the network, and away processors can be detected by the system. If Processor ρ has ever been an away processor, each processor sets AN = AN ∪ {ρ}, where ρ is Processor id. Moreover, return processors can also be detected, so each processor can also record the return processor in the set of RN. If Processor Ъ is a return processor, then RN=RN ∪ {Ъ}, where Ъ is Processor id.

7.1.2.2 Detect/Locate malicious faulty processors/agreement-servers

Each fault-free processor/agreement-server examines all vertices (except vertex s…μ) in the IC-trees in a top-down and level by level sequence, where μ is Processor/agreement-server id

and Processor/agreement-server μ has been detected as an away processor or malicious faulty processor/agreement-server. If the number of the most common value in vertex s…ϊ is less than threshold-MANET/ threshold-CN, then Processor/agreement-server ϊ is a malicious faulty processor/agreement-server. Each processor/agreement-server sets MFN = MFN ∪ {ϊ}, where ϊ is Processor/agreement-server id. The detail description about threshold-MANET and threshold-CN is shown in Lemma 7-1-3 and Lemma 7-2-3.

7.1.3 Re-configuration Phase

In this phase, each processor/agreement-server re-configures the network logically by isolating processors/agreement-servers in the set of ISOLATION. The set of ISOLATION=MFN∪(AN-RN) is used to record processors/agreement-servers that should be isolated. Then, each processor/agreement-server sets AN=Null, RN=Null and MFN=Null.

ADAPTIVE FAULT DIAGNOSIS AGREEMENT PROTOCOL (AFDA) Message-Collection Phase:

Step1:

For MANET:

Each processor (except away processor and return processor) uses MAHAP to distribute its ic-tree (as the initial value) to all processors.

For combined wired/wireless network:

Each agreement-server (except away processor and return processor) uses SBAP to distribute its ic-tree (as the initial value) to all agreement-servers.

Step2:

Then each processor/agreement-server (depends on the network) stores the other processors’/agreement-servers’ ic-trees to construct the set of IC-trees =[ic-trees,

ic-treea, ic-treeb …, ic-treeϋ], where ϋ is the last Processor/agreement-server id in the network by alphabetical order.

=>Each fault-free processor/agreement-server constructs the same set of IC-trees (the common set of IC-trees) by using MAHAP/SBAP.

Fault-Diagnosis Phase:

‹ Set MFN=Null; the set of MFN is used to record malicious faulty processors/agreement-servers.

‹ Set AN=Null; the set of AN is used to record processors which has ever moved away.

‹ Set RN=Null; the set of RN is used to record return processors.

MFN = MFN ∪ {malicious faulty processors/agreement-servers}.

AN = AN ∪ {away processors}.

RN = RN ∪ {return processors}.

Step1: Detect/locate away processors and return processors 1.1 If Processor ρ is an away processor, Then

Figure 7-1. The proposed AFDA protocol (cont’d.)

Step2: Detect/locate malicious faulty processors/agreement-server Parameter threshold-MANET = n-(│AN│+⎣(n-│AN│-1)/3⎦).

Parameter threshold-CN = n-(⎣(n-1)/3⎦).

Examine all vertices (except vertex s…μ) in the IC-trees by the following rule (in a top-down and level by level sequence), where μ is Processor id and Processor μ has been detected as an away processor or malicious faulty processor/agreement-server.

For MANET:

If the number of the most common value in vertex s…ϊ is less than threshold-MANET, Then

Processor ϊ is a malicious faulty processor.

Set MFN = MFN ∪ {ϊ}, where ϊ is Processor id.

End if

For combined wired/wireless network:

If the number of the most common value in vertex s…ϊ is less than threshold-CN, Then

Agreement-server ϊ is a malicious faulty agreement-server.

Set MFN = MFN ∪ {ϊ}, where ϊ is agreement-server id.

End if

Re-Configuration Phase:

Step1: Set ISOLATION=MFN∪(AN-RN); The set of ISOLATION is used to record processors/agreement-server which should be isolated.

Step2: According to ISOLATION, each processor/agreement-server can re-configure the network logically.

Step3: Set AN=Nul, RN=Null and MFN=Null.

Figure 7-1. The proposed AFDA protocol