GeoShield: Byzantine Fault Detection and Recovery for Geo-Distributed Real-Time Cyber-Physical Systems

TL;DR

GeoShield is a resource-efficient, bounded-time Byzantine fault detection and recovery system designed for geo-distributed cyber-physical systems, ensuring safety and robustness under unreliable networks without trusted hardware.

Contribution

It introduces the first bounded-time recovery protocols for Byzantine faults in geo-distributed CPS operating over unreliable networks, without relying on trusted hardware.

Findings

Significantly outperforms existing methods in effectiveness.

Reduces resource consumption compared to traditional fault-tolerance approaches.

Ensures timely recovery and safety in real-world case studies.

Abstract

Large-scale cyber-physical systems (CPS), such as railway control systems and smart grids, consist of geographically distributed subsystems that are connected via unreliable, asynchronous inter-region networks. Their scale and distribution make them especially vulnerable to faults and attacks. Unfortunately, existing fault-tolerant methods either consume excessive resources or provide only eventual guarantees, making them unsuitable for real-time resource-constrained CPS. We present GeoShield, a resource-efficient solution for defending geo-distributed CPS against Byzantine faults. GeoShield leverages the property that CPS are designed to tolerate brief disruptions and maintain safety, as long as they recover (i.e., resume normal operations or transition to a safe mode) within a bounded amount of time following a fault. Instead of masking faults, it detects them and recovers the system within bounded time, thus guaranteeing safety with much fewer resources. GeoShield introduces protocols for Byzantine fault-resilient network measurement and inter-region omission fault detection that proactively detect malicious message delays, along with recovery mechanisms that guarantee timely recovery while maximizing operational robustness. It is the first bounded-time recovery solution that operates effectively under unreliable networks without relying on trusted hardware. Evaluations using real-world case studies show that it significantly outperforms existing methods in both effectiveness and resource efficiency.