SSRN Id4594430

Light-HIDRA: Scalable and Decentralized Resource Orchestration in Fog-IoT
d
Environments
we
Carlos Núñez-Gómeza,∗, Martijn de Vosb , Jérémie Decouchantc , Johan Pouwelsec , Blanca Camineroa , Carmen Carrióna
a University of Castilla-La Mancha (UCLM), Albacete, Spain
b ÉcolePolytechnique Fédérale de Lausanne (EPFL), Switzerland
c Delft University of Technology, Delft, The Netherlands
ie
Abstract
ev
With the proliferation of Internet of Things (IoT) ecosystems, traditional resource orchestration mechanisms, executed
on fog devices, encounter significant scalability, reliability and security challenges. To tackle these challenges, recent
decentralized algorithms in Fog-IoT use Distributed Ledger Technologies to orchestrate resources and payments between
peers. However, while distributed ledgers provide many desirable properties, their consensus mechanism introduces a
performance bottleneck. This paper introduces Light-HIDRA, a consensus-less and decentralized resource orchestration
r
system for IoT environments. At its core, Light-HIDRA uses Byzantine Reliable Broadcast (BRB) to coordinate
actions without centralized control, therefore drastically reducing communication overhead and latency compared to
consensus-based solutions. Light-HIDRA coordinates the scheduling and execution of workloads, and securely manages
er
payments between peers. Light-HIDRA further increases performance and reduces overhead by grouping peers into
distinct domains. We conduct an in-depth analysis of the protocol’s security properties, investigating its efficiency
and robustness in diverse situations. We evaluate the performance of Light-HIDRA, highlighting its performance
over HIDRA, a state-of-the-art baseline that uses smart contracts. Our experiments demonstrate that Light-HIDRA
pe
reduces the bandwidth usage by up to 57x, the latency of workload offloading by up to 142x, and shows superior
throughput compared to HIDRA.
Keywords:
Decentralized Resource Orchestration, Fog-IoT Environments, Workload Scheduling, Decentralized Systems, Byzantine
Reliable Broadcast
ot
1. Introduction apply complex techniques to support high availability (and

avoid single points of failure) and tackle trust issues, spe-
The explosive growth of Internet-of-Things (IoT) ecosys-
cially in multi-domain environments [5].
tems has upsurged the volume of data generated by IoT
tn
devices such as cameras and sensors [1]. To process and Decentralized resource orchestration in Fog-IoT settings
analyze this massive influx of IoT data, the fog comput- has emerged as a promising alternative to centralized ap-
ing paradigm is increasingly being used [2]. The key idea proaches [6–8]. In this setting, fog nodes coordinate the
behind fog computing is to process as much data as pos- resource orchestration amongst themselves without the
sible on (edge) devices themselves, close to where the need for centralized coordination. An increasing amount
rin
data is produced, therefore avoiding latency induced by of work in this domain leverage the capabilities of Dis-
edge-cloud data communication. Resource allocation in tributed Ledger Technologies (DLT) and smart contracts
fog computing has become a critical yet complex task, which provides principles of autonomy, transparency, and
compounded by the need for efficient mechanisms capa- resilience [9–12]. However, the need to reach consensus to
ble of handling potentially many resource-constrained de- ensure the integrity of distributed ledgers often becomes a
significant performance bottleneck, introducing overhead
ep
vices that might also be faulty, unresponsive, or malicious

(Byzantine) [3, 4]. While centralized orchestration solu- and latency that undermine system efficiency [13, 14].
tions such as Kubernetes are common solutions, they must To overcome this bottleneck, this work introduces
Light-HIDRA, a decentralized mechanism for resource
∗ Corresponding author orchestration in Fog-IoT environments based on Byzan-
Email addresses: carlos.nunez@uclm.es (Carlos tine broadcast primitives. Light-HIDRA is efficient,
Pr
Núñez-Gómez), martijn.devos@epfl.ch (Martijn de Vos), lightweight, and scalable, and operates in Fog-IoT envi-
j.decouchant@tudelft.nl (Jérémie Decouchant),
J.A.Pouwelse@tudelft.nl (Johan Pouwelse),
ronments in which devices may be resource-constrained,
mariablanca.caminero@uclm.es (Blanca Caminero), numerous and malicious. Light-HIDRA circumvents the
carmen.carrion@uclm.es (Carmen Carrión) need for consensus, a common scalability barrier in DLT-
Preprint submitted to Elsevier August 10, 2023
This preprint research paper has not been peer reviewed. Electronic copy available at: https://ssrn.com/abstract=4594430
based solutions. Instead, our mechanism relies on Byzan-
SEND ECHO READY
d
tine Reliable Broadcast (BRB) [15] to synchronize and co- p1
ordinate workloads and payments across network peers.
Relying on BRB guarantees the robustness and reliability
we
of Light-HIDRA, while significantly reducing communi-
cation overhead and latency compared to consensus-based p2
approaches. We show in this work that key components
of resource orchestration, including workload scheduling,
workload execution and payments, can be implemented
based on BRB. Through our performance evaluation, we p3
ie
demonstrate that Light-HIDRA is not only a theoretical
construct, but is also an efficient, robust, and practical so-
lution for resource orchestration in Fog-IoT environments,
in particular compared to consensus-based approaches. Figure 1: Bracha’s Byzantine Reliable Broadcast. The ECHO and
ev
READY steps are all-to-all communication phases that ensure the
In summary, the contributions of this work are four-fold: consistency and totality properties.
1. We introduce Light-HIDRA, a novel, secure and

scalable solution for decentralized resource orches-
BRB emphasizes reliable message dissemination, ensur-
tration in Fog-IoT environments. Light-HIDRA
ing totality and guaranteeing that all correct peers even-
r
includes BRB-based sub-protocols for workload
tually agree on the broadcast messages they deliver (i.e.,
scheduling, execution, monitoring and payments (Sec-
even when their sender is faulty). A BRB round involves
tion 3 and 4). er several steps of message exchange (also illustrated in Fig-
2. We provide a security analysis of Light-HIDRA, ure 1): (1) an initial SEND step in which the sender peer
highlighting its resilience against Byzantine attacks broadcasts a message to the other peers, (2) an all-to-
and system failures (Section 5). all ECHO step that the correct peers employ to ensure
3. We implement Light-HIDRA and open-source its consistency of the sender’s message, and (3) an all-to-all
pe
implementation. READY step to indicate the willingness of the correct
4. We compare the performance and scalability of peers to deliver the sender’s message, thus ensuring total-
Light-HIDRA against that of HIDRA, a state-of- ity. Note that the BRB algorithm requires the collabora-
the-art baseline in the field (Section 6). Our experi- tion of Byzantine quorums of participating peers (2f + 1
ments show that Light-HIDRA significantly reduces peers) to reach agreement and deal with Byzantine faults.
bandwidth usage, latency and throughput. Peers receiving a threshold of 2f + 1 ECHO or READY
messages will be enabled to deliver the sender’s message.
ot
Moreover, BRB implements an amplification step for send-

2. Byzantine Reliable Broadcast (BRB) ing READY messages that is key to achieving the totality
property: if a correct peer receives f +1 READY messages
Byzantine Reliable Broadcast (BRB) is a key distributed but has not yet sent its READY message, then that peer
tn
computing abstraction that provides reliable message dis- will be enabled to send its READY message.
semination even in the presence of a limited number of For a better understanding of the security properties to
Byzantine faults. Such Byzantine faults refer to arbitrary be achieved by Light-HIDRA, we summarize the prop-
and malicious behaviors exhibited by faulty peers in a dis- erties required by the BRB algorithm [22]:
tributed system. The BRB protocol has a sending peer
rin
that broadcasts a message to all other peers in the system • Validity. If a correct peer broadcasts a message, then
and guarantees that if the sender is correct then all correct all correct peers eventually deliver it.
peers will eventually deliver its message. The fault toler-
ance of BRB ensures that the algorithm can cope with up • No duplication. Correct peers deliver a message at
to a certain threshold of faulty peers f , where the thresh- most once.
ep
old depends on n, the number of total peers in the system.

• Integrity. If a correct peer delivers a message from
In particular, Bracha’s BRB protocol assumes less than n3
a given sender, then the message was indeed sent by
faulty peers in asynchronous networks [15–18]. The BRB
that sender.
primitive has already been applied by the scientific com-
munity in other works to avoid consensus. Recently, it has • Consistency. All correct peers deliver the same mes-
been shown that it can be used to coordinate cryptocur- sage.
Pr
rency payments in a decentralized way [19], and multi-hops

payments in payment channel networks [20]. In an earlier • Totality. If a message is delivered by any correct
work, it was also used as an underpinning primitive for peer, then all correct peers eventually deliver the mes-
data replication between servers [21]. sage.
2
3. System Overview and Threat Model
Applicant
d
We now introduce our system and threat models, and Offloading event
Solver
state the assumptions made in this work. Monitoring request
we
Architecture. Figure 2 shows an overview of Light- Validator
HIDRA. We partition the system into multiple domains
that work cooperatively on task execution, in line with Parent domain M1 Domain M2
≥ 3f + 1 peers
other related works in the literature [10, 19, 23]. This ≥ 3f + 1 peers
1b
partitioning (also called sharding) improves the perfor- 1a
mance of decentralized systems as agreement is often only
ie
required amongst small group of peers instead of network-
wide [24]. Each peer is part of exactly one domain, its par- 2a 2b
ent domain. Light-HIDRA considers a total of n peers
participating in the system that are divided into m differ-
ev
ent domains. We refer to the set of participating peers as
N and to the set of domains as M . Domains in Light-
HIDRA are composed of peers related to a particular Fog-
IoT environment, e.g., peers belonging to an inter-campus
computing group or to a global P2P resource offloading Figure 2: Light-HIDRA’s architecture, roles and interactions. Each
r
peer is part of exactly one parent domain and we assume that each
marketplace. Peers first try to offload workloads to peers domain contains at least 3f + 1 peers and at most f Byzantine peers.
in their parent domain and then offload workloads to other
domains if unsuccessful. Simultaneously, peers offer their
er
own resources to others in the system. This conceptually
prior to execution. That is why the pre-selection process
turns each domain into a decentralized computing cluster
only results in a candidate Solver peer. Finally, Valida-
in which peers offer finite amounts of resources to execute
tor peers monitor whether the workload is actually being
workloads.
executed by the Solver. Figure 2 shows the roles and in-
pe
Domain and peer bootstrapping. When a peer p
teractions of Light-HIDRA and outlines the protocol for
join the system, they join a parent domain Mp ∈ M . The
workload scheduling: (1) an Applicant peer sends an of-
particular parent domain that a peer joins depends, for ex-
floading event to a Solver peer intra-domain (1a) or inter-
ample, on geographical location or administrative domain
domain (1b) depending on the availability of its candidate
(such as a building on a university campus). Peers must
Solver peers. Then, (2) peers in the Applicant domain
have a parent domain where they can offer their resources
act as Validators peers and monitor workloads executed
and can receive payments by executing workloads of other
ot
in the Solver peer intra-domain (2a) or inter-domain (2b).

peers. All peer identities and their domain membership
Note that in order to fairly carry out offloading events for
are published as predefined lists that can be accessed ex-
both Applicants and Solvers and to minimize risks, Light-
ternally by any potential user, e.g., via public repositories
HIDRA integrates a partial payment system that allows
or websites. A new peer in the system that wants to par-
tn
Validators to lock and settle payments gradually according

ticipate in a domain will have to apply for registration in
to the monitoring results obtained.
advance by submitting its network address, its public key
and the maximum amount of resources it is willing to pro- Payments. Rewarding Solver peers for their work is
vide in the domain. For the development of the prototype an important part of resource orchestration [25, 26]. In
and testing of Light-HIDRA, we assume that all peers line with other work, Light-HIDRA integrates a payment
rin
in the system know in advance this information about the system where Applicant peers pay credits to Solver peers.
other peers as this can easily be shared out of band [19]. We assume that credits are assigned to peers by an exter-
Roles and interactions. Peers have the flexibility to nal administrator, and that peers can convert their credits
assume distinct roles over time, including being an Appli- for some fiat currency using an out-of-band mechanism.
cant, Solver or Validator. Furthermore, peers can simulta- Threat model. Correct peers in domains strictly fol-
ep
neously undertake multiple roles based on the scheduling low the protocol rules. Peers might also crash, and a lim-
requests or offloading events they engage in. Applicant ited number of peers per domain might behave maliciously.
peers offload their workloads to other peers in the sys- We assume the presence of adversaries that attempt to
tem. Solver peers execute the workloads created by Ap- corrupt the system, for example, by allowing duplicated
plicant peers. The selection of the Solver peer that will messages, compromising the integrity and consistency of
handle a particular workload is performed by Applicants the information exchanged, omitting some protocol rules,
Pr
themselves. This pre-selection process by itself does not etc. More specifically, Light-HIDRA takes into account
guarantee that the workload will eventually be executed the existence of at most f faulty peers per domain, as-
by the selected Solver: the Applicant’s payment must first suming that each domain in the system contains at least
be confirmed and the Solver’s resources must be reserved 3f +1 peers. Therefore, an adversary cannot corrupt more
3
Table 1: Protocol symbols per phase. Target workloads. Applicant peers bundle the speci-
d
Global symbols
fications of their workloads within offloading events and
N Set of all peers in the system Solver peers execute the workload according to the re-
M Set of domains composed of peer subsets of N ceived information in the event. Light-HIDRA focuses
we
p Regular peers in a domain on the offloading of deterministic workloads that execute
pa Applicant peers that send offloading events services during fixed amounts of time. During execution
ps Solver peers that receive offloading events and execute
workloads
times, Applicants’ domains divide Applicants’ payments
pv Validator peers that monitor workloads and settle partial into different partial payments that are gradually settled
payments according to the health of the service. Deployed services
e Offloading events expose a network port to which both the end-users and the
ie
w Workloads within offloading events Validator peers connect. We limit the type of workloads
Solver Selection Phase (SSP)
rmax Maximum amount of resources that peers offer to their
supported to those workloads accessible via the HTTP
parent domains protocol that expose services such as web pages or ap-
rfree Current amount of free resources of Solver peers plications, REST APIs or file download repositories. Note
ev
toutssp Timeout for the selection of Solver peers that we intend to simplify the proposal and the develop-
Workload Reservation Phase (WRP) ment of the prototype by focusing on the HTTP protocol
sne Sequence number to identify offloading events per Appli-
cant peer
because of its simplicity and because it is widely used in
texec Total execution time requested by Applicant peers for their Fog-IoT environments. Thus, Validators can analyze the
workloads monitoring responses according to the HTTP response sta-
r
pratio Payment per unit of time offered by Applicant peers to tus codes, Quality of Service (QoS) metrics such as latency
Solver peers for workload execution or availability [28], or the requested content by comparing
tsstart Timestamp in the future that specifies the start time of
the monitoring process
er multiple monitoring responses. The latter requires extend-
de Deposits offered by Applicant peers and locked by domains ing the Light-HIDRA proposal by including a result ver-
for the settlement of partial payments ification mechanism as in [26].
snr Sequence number to identify resource reservations per
Solver peer
Workload Execution Phase (WEP) 4. Light-HIDRA Protocol
pe
nep Number of epochs in which the monitoring process is di-
vided to send monitoring requests and settle partial pay- The Light-HIDRA protocol allows Applicant peers to
ments
nmon Number of monitoring requests sent by Validator peers per
schedule workloads on Solver peers, and has Validator
epoch peers that monitor the correct execution of the sched-
fthr Threshold set by Validator peers to account for failed mon- uled workloads. Light-HIDRA includes a decentralized
itoring requests payment mechanism where Applicant peers remunerate
tsend Timestamp in the future that specifies the end time of the
ot
Solver peers for the execution of workloads. The proto-

monitoring process
col is divided into three phases: (1) the Solver Selection
Phase (SSP) in which information on available peers and
than f peers per domain in order to maintain the protocol resources is exchanged in order to pre-select a suitable
tn
correctness [15]. In addition, Applicants and Solvers may Solver to execute a workload; (2) the Workload Reser-
act as faulty peers and try to cheat each other by sending vation Phase (WRP) that allows peers to disseminate of-
inaccurate payments and executing workloads incorrectly. floading events, lock Applicants’ payment offers and re-
serve resources for workload execution; and (3) the Work-
Network model. Light-HIDRA adopts a partial syn-
load Execution Phase (WEP) responsible for monitoring
chronous network model in which the network begins as an
the workload and ensuring the settlement of the payments.
rin
asynchronous network (i.e., peers could delay message de-

In this section we detail the workflow for each phase. For
livery for any finite amount of time), and later becomes
readability and comprehension reasons, we summarize and
a synchronous network after some special time, which is
describe all protocol symbols in Table 1.
called the Global Stabilization Time (GST) [27]. Since the
workload scheduling protocol is based on BRB, it can oper-
4.1. Solver Selection Phase (SSP)
ep
ate in asynchronous networks. However, some steps of the

Light-HIDRA protocol rely on global timeouts or times- Before sending an offloading event e, Applicant peers
tamps in the future for message delivery. For example, query information about other domains and peers to se-
Applicants define for each offloading event a timestamp lect a suitable Solver peer for the execution of a workload
in the future before which the event must be validated to w. This selection is performed locally by Applicant peers
start the workload execution and monitoring. These spe- and could take into account information about other peers
Pr
cial times are necessary since Light-HIDRA must avoid such as the amount of free resources (e.g., CPU or mem-
offloading events stuck due to unresponsive peers (a work- ory), reputation, or geographical location. For presenta-
load must eventually be executed). Thus, Applicants are tion clarity and without loss of generality we assume the
able to retry the request against other peers or domains. amount of free resources as the only deciding attribute for
4
d
Parent domain M1
Domain M2
p
we
w1 w2 w3 2a. R
1 eque
stRes ps
ource 2b. RequestResourceI
nfo w7
Info
No free
resources 3a. R pa Free
esourc
eInfo resources
3b. ResourceInfo
...
w4 w5 w6 p
2
No free
ie
resources
1b. pa selects another domain
1a. pa selects its parent domain
ev
Figure 3: SSP workflow. Step 1: pa selects a domain (first tries M1 and then M2 ). Step 2: pa sends RequestResourceInfo messages to the
peers in M1 (step 2a) or M2 (step 2b). Step 3: peers in the selected domain reply to pa with ResourceInfo messages.
Solver peer selection, which is expressed by a single num- on a first-come first-served basis as long as ps has
r
ber. The steps involved in the SSP are shown in Figure 3 enough resources to execute w. At the end of the
and are detailed below: SSP, pa has selected a candidate Solver peer, but the
1. Domain selection. An Applicant peer pa iteratively er payment and resource reservation have not yet been
queries different domains until it has pre-selected a confirmed.
candidate Solver peer that has sufficient resources for
4.2. Workload Reservation Phase (WRP)
the workload. By default, pa tries to send e and exe-
cute w on its parent domain first. If M1 is not willing The Workload Reservation Phase (WRP) attempts to
schedule a workload to the candidate peer ps selected in
pe
to handle e or does not have enough resources (ex-
ample shown in Figure 3), pa can try other domains. the SSP. The WRP is designed around the BRB protocol
Furthermore, in case of cancelled offloading events, that allows peers from a single domain or from multiple do-
pa can also retry the request through other domains. mains to register a workload offloading. This mechanism
The process is repeated until it finds a Solver peer encourages peers to carry out offloading events through
capable of executing w, or until it has exhausted all partial payments in order to minimize the fraud risk be-
domains. tween Applicant and Solver peers. The WRP employs
ot
2. Querying resource usage. Peer pa sends Re- two BRB rounds to ensure offloading event dissemination
questResourceInfo messages in parallel to an arbitrary among peers and domains, credit locking by Applicants’
number of peers in the selected domain including de- domains and resource reservation by Solvers’ domains.
tails about the offloading event to be carried out. This Even if workloads are scheduled across domains, credit
tn
information includes the payment details, requested locking and payments are always handled by Applicants’
resources, the workload type and its configuration. domains, which ultimately certify the credit transfer to
Thus, peers receiving RequestResourceInfo messages Solvers’ domains. Note that the WRP conducts the credit
can validate the Applicant’s proposal and accept or locking to prove that the Applicant is willing to pay for the
deny it according to their own criteria. execution of w, but does not perform the payment itself.
Payments are settled in the WEP described in Section 4.3.
rin
3. Solver selection. Peers reply to the RequestRe-

sourceInfo by pa with a ResourceInfo message which Credit locking. Figure 4 shows the WRP workflow
includes their availability/willingness to execute w divided by domains and message types, depicting the two
(YES or NO) and resource information such as their BRB rounds, for credit locking and resource reservation,
rmax and rfree . Note that each domain is responsible and a final step to confirm the offloading event. In this sce-
nario, Applicant peer pa in domain M1 intends to schedule
ep
for managing the resources of its peers, so peers be-

longing to the same domain are aware of each other’s a workload on a Solver peer ps in another domain M2 . We
resource information. Therefore, peers also include first detail the BRB round used for credit locking (steps
the resource information of the others in the Resour- 1-4):
ceInfo messages, allowing Applicants to collect and 1. Peer pa sends a Locking (SEND) message including
contrast this information from multiple sources. To the offloading event e to all peers in its parent domain
Pr
delimit the selection time, Applicant peers set a lo- M1 . This message contains the pre-selected candidate
cal timeout toutssp to wait for ResourceInfo messages. ps , the workload w to be executed and other param-
Once toutssp expires, pa compares the information re- eters such as the requested execution time texec , the
ceived and selects a Solver peer ps prioritizing replies payment per unit of time pratio and a timestamp in
5
1. Locking 2. Locking 3. Locking 4. Locking 5. Reservation 6. Reservation 7. Reservation 8. Event
(SEND) (ECHO) (READY) (CREDIT) (ECHO) (READY) (CREDIT) (CONFIRM)
d
pa e
sne
we
2f + 1 2f + 1 f+1 2f + 1
Next sne de
e
p2
M1
sne 2f + 1 2f + 1 f+1 2f + 1
de e
p3
ie
sne 2f + 1
de snr
snr rfree w e
ps Ignoring e...
ev
f+1 2f + 1 2f + 1
M2
p5
f+1 2f + 1 2f + 1
snr
r
rfree
toutssp tsstart
er
Figure 4: WRP workflow during which Applicant peer pa schedules a workload on a Solver peer ps . Steps show the number of messages
required from peers to continue the workflow.
pe
tuple (pa , sne ). Correct peers increment sne by one
Listing 1: Content of an offloading event (in JSON format).
after each event sending.
1 { 2. Each correct p ∈ M1 receives e and checks that sne
2 " applicant " : "7 d7918afebac ..." ,
is the next sequence number of pa . This check pre-
3 " sn_e " : 0 ,
vents Applicants from double-spending their credits
4 " to " : {
5 " domain " : " a6ab43a9113a ..." , by reusing sequence numbers since it does not al-
" solver " : "3 bf7ad8b7bf0 ..." , low receiving two different events/payments with the
ot
6
7 }, same sne . Peers also check that pa has enough credits
8 " workload " : { to cover the entire payment by calculating a deposit
9 " image " : " nginx " , de as texec multiplied by pratio . If so, correct peers
10 " resource_limit " : 1024 , temporarily lock de credits from the Applicant’s bal-
tn
11 " port " : 80 ance. If both conditions are satisfied, correct peers
12 }, that received e broadcast a Locking (ECHO) message
13 " t_exec " : { to M1 . Otherwise, peers ignore e.
14 " value " : 10 ,
3. Correct peers in M1 wait for at least 2f + 1 Locking
15 " unit " : " h "
16 },
(ECHO) valid messages that relate to e (a Byzantine
rin
17 " p_ratio " : { quorum). Once this is achieved, each correct p ∈ M1

18 " value " : 5 , broadcasts a Locking (READY) message to M1 con-
19 " unit " : " h " taining e. Alternatively, peers are allowed to send
20 }, a Locking (READY) message to M1 after receiving
21 " ts_start " : 1640995200 , f + 1 Locking (READY) messages from other peers
ep
22 " signature " : "6 e367d727a46 ..." (i.e., while they wait for the 2f + 1 Locking (ECHO)
23 } messages). This is known as the READY amplifica-
tion step.
4. Finally, correct peers that receive at least 2f +1 Lock-
ing (READY) messages send a Locking (CREDIT)
the future tsstart before which e must be confirmed. message including e to M2 (the domain the Solver
Pr
Listing 1 shows all fields of an offloading event in peer ps belongs to). A Locking (CREDIT) message
JSON format. Offloading events also include a se- constitutes a quorum certificate that attests to M2
quence number sne to track events/payments per Ap- of the offloading event and the payment offer made
plicant, so an event can be globally identified by the by pa . Now, M1 have to wait for M2 to approve the
6
resource reservation for w. 8) between the peers in M1 to confirm to each other the re-
d
ception of valid Reservation (CREDIT) messages and con-
Resource reservation. In the SSP, Solver peers are
firm that all correct peers agree on the same decision. In
only pre-selected, so an additional phase is needed to
this last step, each correct p ∈ M1 waits for the reception
reserve the requested resources. This reservation phase
we
of f + 1 Reservation (CREDIT) messages and then broad-
is crucial since Solvers may receive concurrent offloading
casts an Event (CONFIRM) message to M1 . Thereafter,
events trying to reserve the same resources. To overcome
correct peers collecting at least 2f + 1 Event (CONFIRM)
this, the reservation phase orders the reservation requests
messages can consider e as confirmed. At this point, faulty
addressed to each Solver peer. Note that the peers in the
or out-of-date peers receiving 2f + 1 Event (CONFIRM)
Solvers’ parent domain are responsible for reserving the re-
messages can update their local state to the actual one.
quested resources. Figure 4 illustrates the steps of the sec-
ie
Note that Applicant peers set for each offloading event a
ond BRB round (steps 5-7) for resource reservation, which
timestamp in the future tsstart before which the event must
are explained below:
be confirmed. This parameter is also key to the proper
5. Correct peers in M2 wait for f +1 Locking (CREDIT) monitoring of the workload executed by ps and the ac-
ev
messages to deliver the offloading event e. Once the counting of partial payments in the WEP phase described
Solver peer ps delivers e, it assigns its next reservation in Section 4.3.
sequence number snr to e in order to reserve in M2 Handling failures. So far we have assumed a WRP
the necessary resources to execute w. Then, ps sends workflow in which credit locking and resource reservation
a Reservation (ECHO) message to the peers in M2 rounds are successfully carried out. Since several require-
r
including snr . To prevent concurrent events with the ments are checked during the WRP workflow, such as se-
same snr (for example, initiated by a faulty ps ) from quence numbers, Applicants’ credit balances and Solvers’
being executed, correct peers that receive snr send
er free resources, it is common that in deployed settings peers
their Reservation (ECHO) messages to M2 including participating in an offloading event do not reach an agree-
a vote (YES or NO) that determines the next offload- ment. Therefore, our protocol needs to handle failures
ing event chosen to be executed. Thus, at most only during workload scheduling. Figure 5 shows additional
one event will succeed and the others will be cancelled steps that both M1 and M2 perform to cancel an offload-
pe
as they fail to collect enough votes. ing event in order to unlock deposits and release resources
6. Each correct p ∈ M2 waits for 2f + 1 Reservation to be used in future events.
(ECHO) messages including positive votes to guaran- Figure 5a shows the scenario in which, after M1 locked
tee the Byzantine quorum of the assignment (e, snr ). the credits offered by pa , the snr chosen by ps for the re-
Alternatively, peers can also receive negative votes. In source reservation is wrong or peer ps is not available to
case of receiving f + 1 Reservation (ECHO) messages execute w. In this scenario, correct peers in M2 broadcast
including negative votes, peers in M2 will cancel the a Reservation (CANCEL) message to M1 . Then, each cor-
ot
offloading event. Once the Byzantine quorum of the rect p ∈ M1 waits to collect f + 1 Reservation (CANCEL)
assignment is guaranteed, correct peers in M2 check messages to unlock de from the Applicant’s balance. The
that: (1) snr is the next reservation sequence num- second cancellation scenario takes place at the end of the
ber of ps , and (2) ps has enough resources to execute WRP workflow.
tn
w depending on the workload configuration included Figure 5b represents what happens if an offloading event
in e. If so, each correct p ∈ M2 locally updates the is not confirmed in M1 before reaching the timestamp
free resources rfree of ps and broadcasts a Reservation tsstart , i.e., correct peers do not receive 2f +1 Event (CON-
(READY) message to M2 . Note that this step also FIRM) messages before tsstart . In this case, correct peers
rely on the READY amplification step of the BRB in M1 first unlock de from the Applicant’s balance and
rin
protocol. then send Event (CANCEL) messages to M2 . Finally, cor-

7. At the end of the reservation BRB round, correct rect peers in M2 wait for f + 1 of these messages to release
peers that receive 2f + 1 Reservation (READY) mes- the resources of ps previously reserved for w. Furthermore,
sages send a Reservation (CREDIT) message back to Solver ps stops the execution of w.
the Applicant’s domain M1 as a quorum certificate
ep
that attests the resource reservation made in M2 for 4.3. Workload Execution Phase (WEP)
ps . Moreover, when ps receives 2f + 1 Reservation
By executing the WRP protocol, peers disseminate of-
(READY) messages, i.e., it achieves the Byzantine
floading events, attest to payment offers and reserve re-
quorum, ps can start the execution of w according to
sources for workload execution. The Workload Execution
the configuration parameters specified in e.
Phase (WEP) is responsible for ensuring the proper ex-
Pr
After credits are locked and the resources are reserved, ecution of workloads and settlement of payment offers.
domains M1 and M2 have proved both the willingness of Since there are peers that could fail or act maliciously, we
pa to pay for the execution of w and the willingness of ps to propose a workload monitoring mechanism that assembles
execute w. Figure 4 shows a last message exchange (step Byzantine quorums on the state of executed workloads.
7
4. Locking 5. Reservation 6. Reservation
(CREDIT) (ECHO) (CANCEL) 6. Reservation 7. Reservation 8. Event
d
... (READY) (CREDIT) (CANCEL)
...
pa e
pa Unlock de
f+1
we
e f+1
...
Unlock de
p2 e
M1 p2 Unlock de
f+1 M1
e f+1
...
Unlock de
p3 e
ie
p3 Unlock de
f+1
f+1
snr e
ps snr Unlock de
ps rfree ps w
s
ev
f+1 2f + 1 2f + 1 f+1 e
M2 M2 ... Release
resources
p5 p5
f+1 2f + 1 2f + 1 f+1 e
r
snr Release
rfree resources
tsstart
er
(a) Reservation (CANCEL) step taken when M2 determines that snr is (b) Event (CANCEL) step taken when M1 fails to confirm e in time.
wrong or ps is not available to execute w. Peers in M1 unlock de . Peers in M1 unlock de and peers in M2 release resources.
Figure 5: WRP workflow cancellation scenarios. Cancellation sent by Solver’s domain and Applicant’s domain respectively.
pe
The WEP employs a final BRB round to ensure the dis- within epochs in order to prevent ps from antic-
semination of the monitoring results used to determine the ipating when w is monitored. Validator peers
final payment sent to the Solver peer. Continuing with the send nmon Monitoring (REQUEST) messages
last step of the WRP, we now detail the WEP phase, which per epoch to w. This parameter can be con-
is also shown in Figure 6: figured to perform monitoring with varying in-
tensity.
ot
1. Once timestamp tsstart specified in e is reached, cor-

rect peers in M1 start the monitoring process of w. 2. Correct Validators count the number of monitoring re-
Note that tsstart prevents Applicant and Solver peers quests that fail due to no response by the Solver peer,
from starting the monitoring process themselves, thus malformed responses or insufficient QoS levels (e.g.,
tn
avoiding cheating (i.e., peers that notify only a sub- high latencies). In any case, if a Validator reaches a
set of the peers in M1 about the WRP completion). threshold fthr of failed monitoring requests, it notifies
Now, each p ∈ M1 that starts the monitoring process pa via a signed Monitoring (RESULT) message that
becomes a Validator peer pv . Since all correct peers in includes its personal decision, namely a negative mon-
M1 receive e in the WRP, they already know the pa- itoring result. Positive monitoring results are only
rameters texec and pratio , so each pv can determine the
rin
sent when texec expires without reaching fthr . Just

number of partial payments and monitoring requests after sending a Monitoring (RESULT) message, Val-
to be sent: idator peers stop sending monitoring requests. Note
• Partial payments are settled based on predefined that all correct Validators start the monitoring pro-
time epochs, settling one partial payment per cess at the same time (tsstart ), but it is also crucial for
epoch. The number of epochs nep and their du- Validators to agree on a shared end timestamp tsend .
ep
ration depends on the texec and pratio parameters. Timestamp tsend depends on the monitoring result
For example, if texec = 10 hours and pratio = 5 obtained by each Validator: the sum of texec to tsstart
credits per hour, each pv must settle ten partial in case of a positive result, or an arbitrary time in case
payments of five credits, i.e., ten epochs settling of a negative result. Regardless of the monitoring re-
pratio credits per epoch. For better understand- sult, Validators include their own tsend in Monitoring
Pr
ing, Figure 7 details the monitoring timeline of (RESULT) messages in order to later select a shared
two workloads showing different epochs and par- tsend with which peers in M1 can equally account for
tial payments. elapsed epochs and partial payments.
• Monitoring requests are sent at random times 3. Applicant pa waits for 2f + 1 valid Monitoring (RE-
8
1. Monitoring 2. Monitoring 3. Monitoring 4. Monitoring 5. Monitoring
(REQUEST) (RESULT) (SEND) (ECHO) (CREDIT)
d
pa and pv1
sig(tsend)
we
2f + 1 2f + 1 2f + 1
M1 pa balance
pv2 sig(tsend)
2f + 1 2f + 1
pa balance
ps w
ie
2f + 1
M2 ps balance
rfree
p4
ev
2f + 1
ps balance
rfree
tsstart tsend
r
Figure 6: WEP workflow during which Validator peers in M1 monitor the workload w executed by ps , select a shared tsend and settle the
Applicant’s payment. Finally, peers in M2 release the resources used by ps to execute w.
Expected texec
er message and check the signed monitoring results. If
the Monitoring (SEND) message contains 2f + 1
valid monitoring results from other peers, then cor-
rect peers broadcast a Monitoring (ECHO) message
pe
Monitoring containing the monitoring results to M1 .
requests Negative
mon. result 5. Peers receiving 2f + 1 identical Monitoring (ECHO)
w1 messages can consider as valid the Monitoring
tsend (SEND) message sent by pa . At this point, correct
tsstart tsend
peers in M1 send a Monitoring (CREDIT) message
w2 as quorum certificate including the monitoring results
ot
Positive to M1 and M2 . The partial payments settled from

mon. result
the deposit de depend on the number of epochs that
epoch1 epoch2 ... epochn-1 epochn have elapsed from tsstart to tsend . To obtain tsend
consistently, correct peers receiving 2f + 1 Monitor-
de = de - pratio de = ... de = ... de = ... de = 0
tn
ing (CREDIT) messages select the (f + 1)-th smallest

timestamp from the monitoring results. Finally, cor-
rect peers in M1 and M2 determine the number of
Figure 7: WEP monitoring timeline representing both a workload partial payments to be settled and update the bal-
with a negative monitoring result (w1 ) and a workload with a positive
monitoring result (w2 ).
ances of pa and ps . In addition, correct peers in M2
rin
release the resources of ps used by w.
SULT) messages. It does not matter what monitoring

results pa receives, i.e., positive, negative or a mix- 5. Security Analysis
ture, it only matters to receive 2f + 1 valid monitor-
ing results to eventually select a shared tsend . Once
ep
In this section we analyze the security of Light-

received, pa bundles the monitoring results and sends HIDRA by discussing the properties required by the un-
them via a Monitoring (SEND) message to the peers derlying BRB primitive on which it relies for the exchange
in M1 . This message starts the BRB round required of data related to offloading events (see Section 2 for more
to reach the Byzantine quorum on the monitoring re- details). We successively study its three phases and iden-
sults sent by pa . Note that without this BRB round, tify potential attack vectors concerning the different roles
Pr
a faulty pa could send different sets of monitoring involved in the system during the execution of an offload-
results, so peers would eventually select a different ing event. For each potential security risk in Light-
shared tsend . HIDRA, we describe the security measures that mitigate
4. Correct peers in M1 receive the Monitoring (SEND) it.
9
We start by recalling the BRB security properties and f + 1 peers belonging to the system or domain. If
d
how the Light-HIDRA protocol leverages them. First, the Applicant does not receive the same information
the validity property verifies that a message (an offloading from f + 1 peers, it discards its current selection and
event e, a reservation request or a monitoring result) sent searches for other candidate peers or domains.
we
by a correct peer is eventually delivered to every correct
peer. The BRB primitive guarantees the validity prop- • Another risk to consider is the selection of a faulty
erty in Light-HIDRA since, assuming a correct sender, peer as the Solver peer. In the SSP this is not a prob-
the correct peers in the system (or in a domain) that re- lem because the Applicant peer can choose another
ceive the message broadcast it again to the other peers via peer or send a new RequestResourceInfo message to a
ECHO messages. Consequently, each correct peer receives different domain after canceling the offloading event
in the WRP or obtaining a premature negative mon-
ie
at least N − f ECHO messages, and N − f ≥ 2f + 1,
so correct peers are able to deliver the sender’s message. itoring result in the WEP.
Regarding the no duplication property, peers in Light- • An Applicant peer could provide details of the offload-
HIDRA implement a message tracking mechanism that ing event during this phase that differ from what it
ev
uses sequence numbers, sender identities and message type will actually send within e in the WRP. In this case,
identifiers. This mechanism allows correct peers to detect peers asked for pre-selection will reply incorrectly
and discard duplicate messages. Light-HIDRA achieves based on this information. However, both credit lock-
the integrity and authenticity of exchanged messages by ing and resource reservation will be carried out us-
implementing authenticated links via digital signatures. ing the information sent within e in the first step of
r
This ensures that if a correct peer receives a message from the WRP. If the Applicant ultimately does not have
a (supposedly) correct sender, the message has indeed been enough credits or the Solver does not have available
sent by that sender and has not been tampered. The next
er resources, event e will be canceled. Additionally, po-
security property is consistency. This property is achieved tential Solvers can also compare the event details re-
by ECHO messages and Byzantine quorums, i.e., correct ceived in the SSP with those received in the second
peers have to collect at least 2f + 1 ECHOs of the same BRB round of the WRP. Thus, Solver peers are able
message in order to validate and deliver it. Thus, all cor- to cancel requests from this kind of faulty Applicants.
pe
rect peers achieve a consistent view of the sender’s mes-
sage. • Limited availability of peers participating in the SSP
In addition to the aforementioned security properties, it could hinder the pre-selection phase. Note that the re-
is necessary to guarantee totality in order to achieve responsibility for pre-selection and sending the offload-
liable message delivery in Light-HIDRA. This property ing event e lies with the Applicant peer. Therefore,
ensures final agreement in such a way that correct peers during the SSP, the Applicant is the only peer that
only deliver a message if all other correct peers deliver that must remain available. If peers being queried do not
ot
message. In Light-HIDRA, achieving the totality prop- reply, the Applicant will repeat the process with other
erty is essential since all correct peers in the system or peers and domains.
in a domain need to agree on whether an offloading event
has succeeded based on if (1) the Applicant’s credits have 5.2. WRP Risks and Measures
tn
been locked, (2) the resources have been reserved in the Once a Solver peer has been pre-selected, the Applicant
Solver, or (3) the execution of the workload has been suc- broadcasts the offloading event e to the peers in its par-
cessful. To accomplish this, Light-HIDRA incorporates ent domain and also to the Solver domain in case of an
a final broadcast round of READY messages. Again, cor- inter-domain request. The Workload Reservation Phase
rect peers collecting at least a Byzantine quorum of 2f + 1 is the most critical phase of the Light-HIDRA protocol,
rin
READY messages are able to deliver the sender’s message. since it must ensure a secure and fair credit locking and
resource reservation among participating peers, avoiding
5.1. SSP Risks and Measures any fraudulent action for individual gain. We now iden-
Applicant peers conduct the Solver Selection Phase to tify the potential attack vectors and discuss the security
pre-select the domains and Solver peers which execute measures for this second phase of Light-HIDRA:
ep
their workloads. To achieve this, Applicant peers itera-

tively query different domains and peers in the system un- • One of the most significant risks to consider is the
til they receive a response. Below, we detail the potential possibility of double spending by Applicant peers.
risks in this phase and the security measures employed in Light-HIDRA is an open, trustless P2P system in
Light-HIDRA to mitigate them: which peers participate and collaborate according to
the protocol rules. To send e and its related pay-
Pr
• A potential risk is that the Applicant peer receives ment to a Solver peer, an Applicant must first be
ResourceInfo messages with fake resource information approved by the system or parent domain to which
from faulty peers. Note that the Applicant is respon- it belongs. This procedure is managed by the first
sible for collecting the same information from at least BRB round of the WRP, which locks the payment
10
until the resource reservation and execution of w oc- before starting the WEP if it wants to succeed with-
d
cur. Therefore, Applicant peers are required to prove out obtaining a premature negative monitoring result.
their balances and willingness to pay to all participat-
ing peers in an offloading event. Note that payments
5.3. WEP Risks and Measures
we
are managed and settled in a decentralized way by
the Applicant’s peers, making it not possible to reject The Workload Execution Phase is responsible for mon-
a payment once sent (unless otherwise determined by itoring the workload executed by the Solver peer in the
the protocol) or to use the same credits for multiple WRP and, ultimately, settling the payment in both the
payments (since credits are locked). Applicant and Solver domains. The final payment depends
on the monitoring results obtained by Validator peers be-
• Once the Applicant’s payment is confirmed, it is also
ie
longing to the Applicant’s domain. The risks identified
crucial to ensure that the Solver peer follows the pro-
in the WEP and the measures implemented by Light-
tocol and makes a fair resource reservation. The re-
HIDRA to mitigate them are as follows:
sources in the system or domain are collectively man-
ev
aged by the peers within them, which prevents a • Once the WRP is completed, the Solver peer may not
Solver from conducting unfair actions on its own. To execute w or may not execute it on time. Applicant
minimize the risk in the case of faulty Solvers, Ap- peers add a timestamp tsstart to each offloading event
plicant’s payments are divided and settled in partial sent that determines the maximum time to perform
payments over time. Thus, Applicants can stop pay- the WRP and the WEP start time. If the Solver does
r
ing for the execution of workloads and recover part of not execute w or executes it out of time, the Validators
the locked credits. will get a premature negative monitoring result that
• Another potential risk is the sending of duplicated or
er will terminate e at no cost or minimal cost for the
simultaneous offloading events that compromise the Applicant. Therefore, Solver peers are responsible for
consistency of the system, i.e., that produce different the correct execution of w. Note also that the Solver
states in each peer (e.g., if two events arrive simultane- domain could deny an offloading event in the WRP in
ously in a different order at different peers). To avoid case it receives a tsstart too small. This will depend
pe
this, Light-HIDRA orders offloading events and re- on the configuration and requirements of the Solver
source reservations using sequence numbers. This en- domain and its peers.
sures that peers receiving offloading events with a sne ,
• Applicant peers are responsible for collecting and
and reservations including a snr , can execute them in
broadcasting the monitoring results that include the
an ordered way to preserve consistency regarding bal-
tsend timestamps. This is because if each Validator
ances, locked credits and available resources.
broadcasts its own tsend , the other peers might re-
ot
• Peers in Light-HIDRA must mutually confirm the ceive different sets of monitoring results, resulting in
credit locking and resource reservation for a workload the selection of a different shared tsend . Therefore,
to be eventually executed. If one of the two BRB potential risks could be that a faulty Applicant does
rounds of the WRP is not successfully completed, not send the Monitoring (SEND) messages or sends
tn
both the locked credits and reserved resources must different Monitoring (SEND) messages to each peer.
be released for use in future offloading events. The If an Applicant does not broadcast the monitoring
WRP supports several additional cancellation mes- results, the Validator peers will settle the entire pay-
sages (see Section 4.2 for more details) to allow partic- ment in favor of the Solver peer. Besides, sending
ipating domains and peers to report unsuccessful of- different sets of monitoring results to each peer is not
rin
floading events and release both credits and resources. feasible from the point of view of a faulty Applicant
Note that the timestamp tsstart is also crucial when since the WEP employs a third BRB round to safely
canceling an offloading event, since it determines the broadcast the monitoring results.
maximum time the event has to complete the locking
and reservation phases before starting the WEP and • Applicants and Solvers perform special tasks in the
ep
workload monitoring. WEP, i.e., the broadcasting of monitoring results and

timestamps tsend and the execution of workloads re-
• Finally, we discuss whether the availability of par- spectively, so it is crucial at this phase that both
ticipating peers in the WRP could hinder the lock- Applicant and Solver maintain a high level of avail-
ing and reservation phases. Once the Applicant peer ability. Note that it will be the responsibility of Ap-
sends e to its peers using a Locking (SEND) message, plicants and Solvers to remain available to maximize
Pr
it is no longer required for the Applicant to remain their profits, since it is not feasible to harm other par-
available during the WRP. The credit locking will be ticipating peers in case of low availability (Applicants
carried out by other available peers. However, the and Solvers are the only ones interested in completing
selected Solver peer must be available to execute w an offloading event).
11
6. Experimental Evaluation the blockchain. The smart contract then waits for a min-
d
imum number of votes (also configurable in the setup) to
This section presents the implementation of Light- notify the Solver node that it can execute the requested
HIDRA and assesses its feasibility and performance, com- workload. Finally, the Solver node solves the offloading
we
pared to the state-of-the-art in this field. We com- event once it finishes executing the workload. It should be
pare Light-HIDRA with the HIDRA scheduling system, noted that the security and performance of HIDRA will
which is our previous proposal for resource scheduling in depend on the consensus mechanism used by the underly-
Fog-IoT environments [6]. In particular, our experiments ing blockchain.
answer the following questions: Implementation. Light-HIDRA is developed in the
Python 3 programming language and is based on the IPv8
1. How does the bandwidth usage of Light-HIDRA
ie
peer-to-peer networking library.1 This lightweight library
and HIDRA scale with the network size (Section 6.2)?
enables authenticated data exchange among peers belong-
2. What is the end-to-end latency of an offloading event ing to the same overlay network. Moreover, HIDRA is im-
in Light-HIDRA and HIDRA, and how does this plemented in the Golang programming language and uti-
ev
latency change when increasing the number of events lizes the Ethereum platform, the Geth client, and Solid-
(Section 6.3)? ity smart contracts for the processing of offloading events.
3. How does the CPU and memory usage of Light- Both proposals employ libraries for asynchronous event
HIDRA and HIDRA scale with the network size processing and multiprocessing. All software artifacts of
(Section 6.4)? both Light-HIDRA2 and HIDRA3 are available online.
r
Considering the testbed chosen to carry out the exper-
iments (detailed in Section 6.1), our main findings are as 6.1. Experimental Setup
follows:
1. Light-HIDRA reduces bandwidth usage by up
er The main objective of our experiments is to com-
pare both Light-HIDRA and HIDRA on different as-
pects. Our aim is to establish the scalability and perfor-
to 57× compared to HIDRA under the same work-
load. mance benefits of Light-HIDRA as a decentralized and
lightweight approach that sidesteps the need for a global
pe
2. Light-HIDRA reduces the latency of offloading
consensus algorithm to maintain a shared state of pay-
events by up to 142× compared to HIDRA under
ments and resource reservations in the system. To this end,
the same workload.
our experiments measure key, non-functional attributes
3. Light-HIDRA demonstrates superior through- such as the bandwidth, latency and resource usage (CPU
put performance compared to HIDRA, exhibiting and memory usage) of offloading events sent over Light-
a notably lower average event fulfil latency across all HIDRA and HIDRA networks of differing sizes. An inno-
evaluated system loads.
ot
vative part of Light-HIDRA is the partitioning of peers

4. Light-HIDRA reduces CPU usage by up to 10× into distinct domains. To demonstrate the benefits of do-
and memory usage by up to 9.6× compared to mains, our experiments consider two possible configura-
HIDRA under the same workload. tions of Light-HIDRA: (1) a configuration in which all
tn
Baseline. HIDRA schedules workloads in a distributed peers in the network belong to the overall system, so there
way leveraging blockchain technology and smart contracts. are no domains (or there is only one “virtual” domain) and
Each peer belonging to a HIDRA network executes a offloading events are sent globally (intra-domain), and (2)
management client and a blockchain client to record and a configuration that divides the network peers into differ-
share information via blockchain transactions, thus allow- ent domains so offloading events are sent across domain
(inter-domain).
rin
ing all nodes to know the current state of scheduling flows.

Blockchain transactions allow HIDRA nodes to perform Testbed. To carry out the experiments, different
tasks such as node registration, sending offloading events Light-HIDRA and HIDRA networks, composed of up
and selecting Solver nodes that execute the scheduled to 400 peers, have been deployed on an Ubuntu 22.04.2
workloads. We remark that in HIDRA the Solver selection server with 64 Intel Xeon Gold 5218 CPUs and 504GB of
memory. Note that the HIDRA networks deployed for the
ep
process is carried out by voting of the nodes participating

in the network. HIDRA involves four steps of informa- experiments are permissioned networks using a lightweight
tion exchange via blockchain transactions. When an Ap- consensus algorithm such as Proof-of-Authority (PoA) and
plicant node sends an offloading event to the network, the a zero block time (i.e., instant transactions). We config-
other nodes reply by sending information needed for the ure the HIDRA networks to require the same number of
selection of a Solver (e.g., current resource usages, node replying peers as in Light-HIDRA, i.e., at least 2f + 1
Pr
location, etc). Then, HIDRA waits for the response from

a minimum number of nodes, a parameter configurable in 1 See https://github.com/Tribler/py-ipv8.
the network setup. Using the collected information, nodes 2 See https://github.com/swarleynunez/HIDRA_IPv8
deterministically select a Solver and publish their vote on 3 See https://github.com/swarleynunez/HIDRA
12
HIDRA Light-HIDRA (no domains) Light-HIDRA (with domains) 200
2000
180
d
1800
1647.6 160
Total bandwidth usage (MB)

1600
Total bandwidth usage (MB)
140
we
1400
120 116.32
1200
1047.6 100
1000 86.79
800 80
65.06
600 60
426.1 44.82
412.1 40
400
ie
28.16
231.3
200 20 16.18
77.8 26.9 27.5 109.2 7.54
29.1 29.5 28.9 1.9
0 0
100 200 300 400 25 50 75 100 125 150 175 200
Total peers Peers per domain
ev
Figure 8: Total bandwidth usage in the scheduling of an offloading Figure 9: Total bandwidth usage of an offloading event in Light-
event sent both on-chain (via HIDRA) and off-chain (via Light- HIDRA using different domain sizes.
HIDRA).
r
peers sending replies and votes. In order to ensure a fair Results. Figure 8 displays the total bandwidth us-
comparison, the experiments take into account several as- age of HIDRA and Light-HIDRA, for different net-
sumptions when executing offloading events and measur- er work sizes. We compare three settings: HIDRA, Light-
ing the results. On the one hand, we omit network laten- HIDRA without domains and Light-HIDRA with do-
cies between peers to avoid interference with the obtained mains. In the latter configuration we fix the domain size
results. Thus, the results solely relate to the execution to 100 peers. Figure reveals that bandwidth usage in-
of the Light-HIDRA and HIDRA scheduling protocols. creases as the network size grows. The graph also shows
pe
On the other hand, the experiments do not include statis- high bandwidth usage of HIDRA compared to Light-
tics related to network bootstrapping and peer discovery, HIDRA. Even without dividing the network into domains,
and we assume peers know each other in advance when the Light-HIDRA uses significantly less bandwidth than the
experiment starts. For example, the results obtained for baseline system. For example, in a network comprising
HIDRA do not include the overhead of initial on-chain 400 peers, HIDRA consumes a total of 1647.6 MB, while
transactions such as the smart contract deployment and Light-HIDRA consumes at most 412.1 MB and 28.9 MB
the registration of each peer in the system. when using domains: a reduction of 75.0% and 98.2%, re-
ot
spectively. We also observe differences in bandwidth usage

Workloads. We prepare synthetic workloads that can
between the two configurations of Light-HIDRA: in the
be handled by both HIDRA and Light-HIDRA to carry
case of Light-HIDRA without domains, larger networks
out the experiments. As mentioned in Section 3, Light-
result in higher bandwidth usages, whereas in Light-
HIDRA focuses on workloads that offer services accessible
tn
HIDRA with domains the bandwidth remains constant.

via HTTP such as an Nginx web server or a Nextcloud
Note that the first measurement yields similar bandwidth
storage service. In the experiments, we simulate the exe-
results for both Light-HIDRA configurations, since the
cution of the services in order to avoid interference in the
total number of peers is 100 and we fix the domain size
bandwidth, latency, and resource usage results. Note that
to 100 peers for this experiment, so there can only be one
synthetic workloads are similar to real workloads and can
rin
domain.
be repeatedly applied to HIDRA and Light-HIDRA sys-
tems. To conduct a fair comparison, in each experiment Figure 9 showcases the effect of using domains of differ-
both proposals execute (one or more) offloading events ent sizes on bandwidth usage, detailing the evolution of
that contain the same workloads. bandwidth usage with respect to the number of peers per
domain. In this experiment, we deploy two domains for
ep
each domain size. Thus, for a domain size of 200 peers,

6.2. Bandwidth Usage
we actually deploy a Light-HIDRA network with 400
We first evaluate the bandwidth generated when send- peers. Comparing the obtained results with those from
ing an offloading event in Light-HIDRA and HIDRA Figure 8, the use of two domains with 200 peers in Light-
networks of different sizes. HIDRA (400 peers in total) incurs 3.66 times less band-
Setup. We employ the tcpdump tool to measure the width than an HIDRA network with 200 peers, and 14.17
Pr
bandwidth usage from the start to the completion of one times less bandwidth than an analog HIDRA network of
offloading event in both proposals. For each network type 400 peers. Finally, we note that Light-HIDRA networks
and size, a random peer belonging to that network sends with domains add a slight bandwidth overhead compared
the same event including the same workload. to Light-HIDRA networks without domains. This is be-
13
HIDRA Light-HIDRA (no domains) Light-HIDRA (with domains) HIDRA Light-HIDRA
300
d
270 120
240 240.72 105

Event fulfil latency (s)
Event fulfil latency (s)
we
210 90
180 75
150
60
120
101.4 45
90
30
60
ie
30 25.03 15
5.05 1.76 8.4 1.73 12.39
4.02 1.83 1.7 1.68
0 0
100 200 300 400 10 20 30 40 50 60
Total peers Total events
ev
Figure 10: Fulfil latency of an offloading event in HIDRA and Light- Figure 11: Fulfil latency when sending multiple offloading events.
HIDRA networks of different sizes.
the configurable timeouts of Light-HIDRA (i.e., toutssp

cause in inter-domain offloading events, the Applicant and
r
and tsstart ).
Solver domains have to exchange additional data than in
Results. Figure 10 shows the event fulfil latencies of an
the case of intra-domain events. For example, peers in
offloading event in HIDRA and Light-HIDRA networks
inter-domain events are required to send the Monitoring
(CREDIT) messages to both peers in their parent domain
and to peers in the Solver’s domain (more details in Sec-
er ranging from 100 to 400 peers, with domains composed
of 100 peers. Figure 10 shows high latency for HIDRA:
it takes over four minutes to fulfil an offloading event in
tion 4.3), which duplicates the bandwidth for this type
a network of 400 peers. We observe that the latency in-
of message. In contrast, peers in intra-domain events only
pe
creases between the different HIDRA networks are sig-
exchange Monitoring (CREDIT) messages with each other
nificantly larger (superlinear) than the increases occurring
within their parent domain.
in Light-HIDRA networks. In contrast, the event fulfil
Conclusions. We demonstrated that Light-HIDRA
latencies in Light-HIDRA, both with and without do-
incurs significantly less bandwidth compared to HIDRA.
mains, are significantly lower. In a network of 400 peers,
The usage of domains in Light-HIDRA further reduces
Figure 10 demonstrates a reduction 19.4× and 142× for
bandwidth usage. By dividing the peers of a network into
Light-HIDRA without and with domains, respectively.
ot
domains, the overall computation required to perform an

Note that in Light-HIDRA, the steps that contribute
offloading event is reduced. Note that we assume networks
the most to increase latencies are those with O(N 2 ) com-
with f faulty peers and at least 3f + 1 peers, so the larger
plexity, i.e., steps that involve an all-to-all communication
a Light-HIDRA network is, the more peers will need to
and have to guarantee the Byzantine quorum before the
tn
participate in the exchange of messages in order to guar-

execution flow can continue (ECHO and READY messages
antee the Byzantine quorums. By dividing peers into do-
in the different BRB rounds).
mains, Light-HIDRA reduces the overhead of offloading
Our next experiments explore the throughput of
events for the same number of participating peers.
HIDRA and Light-HIDRA with domains. We mea-
sure the throughput of offloading events for both systems
6.3. Latency and Throughput of Offloading Events
rin
in networks with 100 peers and domains composed of 50

We next quantify the sustainable throughput and end- peers. We expose both systems to an increasing number
to-end latencies of offloading events in HIDRA and of offloading events, and measure the increase in event
Light-HIDRA. This latency is the time between the cre- fulfil latency. This is a common approach to measure the
ation of an offloading event by an application peer and the throughput of distributed algorithms [14]. Figure 11 shows
an increase of the fulfil latencies per offloading event as the
ep
moment the workload gets assigned to a Solver peer.

Setup. To conduct a fair comparison between both pro- number of simultaneous events sent increases for both sys-
posals, we only measure the time required by the schedul- tems. We also show the standard deviation in latency with
ing protocols on their own to complete offloading events. error bars. Our first observation is that Light-HIDRA
We do not include in the results additional times such as shows significantly lower average event fulfil latencies for
the blockchain block time. This is because the block time all evaluated loads. For example, when sending 60 offload-
Pr
will depend on the blockchain network on which HIDRA ing events, HIDRA shows an average fulfil latency of 89.86
is executed and will always increase the fulfill latency of seconds, while Light-HIDRA achieves an average of 4.7
an offloading event (since we use instant transactions in seconds per event, 19.1× lower.
the experiments). We also do not include in the results As the system load increases, Figure 11 shows a notable
14
HIDRA Light-HIDRA (no domains) Light-HIDRA (with domains) HIDRA Light-HIDRA (no domains) Light-HIDRA (with domains)
50 250
d
45 225
40 38.02 200
Total memory usage (GB)

184.02
we
35 175
Total CPU usage (%)
30 150
27.18
25 125 120.17
20 20.2 100
15 75 72.37
10 50
ie
7.1 8.08
6.17 30.83
5 4.41 3.73 25 19.72 19.23
2.26 3.01 9.86 9.47 14.89 14.38
1.56 1.58 4.9 4.69
0 0
100 200 300 400 100 200 300 400
Total peers Total peers
ev
(a) CPU usage. (b) Memory usage.
Figure 12: Total resource usage employed by HIDRA and Light-HIDRA networks with different number of peers for sending an offloading
event.
r
increase of event fulfil latencies in HIDRA whereas Light- of resources of our testbed. The obtained results for
HIDRA is mostly indifferent to this increase. We do notice er CPU usages (Figure 12a) and memory usages (Figure 12b)
a small increase latency for Light-HIDRA when sending demonstrate a high resource consumption by HIDRA in
more than 50 simultaneous offloading events. Specifically, comparison with Light-HIDRA. Taking as example the
when increasing the load from 50 to 60 events, the average measurement of a 400-peer network, HIDRA has a CPU
event fulfil latency of Light-HIDRA increases by 1.63 consumption of 38.02% compared to 8.08% for Light-
times. We also noticed that in some executions, HIDRA HIDRA without domains, which represents a 4.71× re-
pe
is unable to handle more than 60 simultaneous events and duction in CPU usage. Another observation is the dif-
is unable to fulfil some of these events in these conditions. ference in CPU usage between the two Light-HIDRA
Conclusions. Light-HIDRA shows significant reduc- configurations. Figure 12a shows approximately double
tions in the fulfil latency of offloading events compared of CPU usage in Light-HIDRA networks without do-
to HIDRA, namely up to 142×. Light-HIDRA also mains, except for the measurement with 100 peers, since
demonstrates superior throughput performance compared there is only one domain. This is because all peers in
ot
to HIDRA, exhibiting a notably lower average event fulfil networks without domains fully execute the three phases
latency across all evaluated system loads. of the Light-HIDRA protocol, whereas in networks with
domains the tasks are distributed among the Applicant
6.4. CPU and Memory Usage and Solver domains.
tn
Our final set of experiments measure the CPU and mem- Figure 12b shows that Light-HIDRA significant re-
ory overhead of HIDRA and Light-HIDRA. duces memory usage compared to HIDRA. In a 400-peer
Setup. We measure the resource usage of the HIDRA network, Light-HIDRA uses up to 9.6× less memory
and Light-HIDRA networks deployed for the experi- than HIDRA. We also observe that memory usage for the
ments in Figures 8 and 10. This helps us to assess the feasi- two configuration of Light-HIDRA is mostly the same,
rin
bility of running Light-HIDRA on lightweight, resource- and domains do not impact memory usage.
constrained devices. To this end, we add some additional
features to the management clients of HIDRA and Light- It should be noted that the high CPU and memory
HIDRA in order to monitor the resource usage of each usages of HIDRA are partially attributed to the use of
peer deployed in the experiments. Specifically, we employ its two software clients, i.e., the management client and
ep
the psutil library in both proposals to monitor peers dur- the blockchain client (Geth), in comparison with Light-
ing the lifecycle of an offloading event. Note that the over- HIDRA, which only requires to execute the management
head produced by the monitoring features is excluded from client since it is an off-chain solution. We decided to add
the obtained results. the resource usage of the underlying blockchain to the re-
Results. Figure 12 highlights the CPU and memory us- sults as it is an essential component in HIDRA.
ages of HIDRA and Light-HIDRA networks with vary-
Pr
ing sizes, when sending a single offloading event. Figure Conclusions. Light-HIDRA consumes significantly
shows the overall CPU and memory usage of all peers less CPU and memory resources compared to HIDRA,
belonging to the network deployed in each experiment. and therefore is more suitable for deployment on
The values are displayed in relation to the total amount lightweight devices.
15
7. Related Work system’s security is significantly enhanced, effectively pro-
d
tecting against potential denial of service (DoS) attacks
Workload scheduling in Fog-IoT environments is an in- and physical threats. More recently, S-HIDRA [10] has
tegral part of resource orchestration. According to the been developed to address Fog-IoT environments that are
we
survey presented in [29], the vast majority of proposals geographically broader and organized in domains com-
for orchestration in fog environments adhere to a cen- posed of fog nodes/end devices. To further empower the
tralized architecture. This survey also identifies several decentralized orchestration of containerized services, S-
goals addressed by orchestrators, including Service Level HIDRA integrates Software-Defined Networking (SDN)
Agreement (SLA) guarantees, service cycle management, capabilities. This strategic fusion of SDN technology and
and more, with resource management being the most fre- the HIDRA orchestrator, along with S-HIDRA domains,
ie
quently researched goal. enables dynamic and programmable management of net-
Given that applications and services are often encapsu- work traffic, facilitating efficient and scalable operations
lated as containers for easier deployment and management, across the fog computing landscape.
a growing trend is to leverage Kubernetes-like container In contrast, existing distributed ledger technologies pose
ev
orchestrators for fog/edge resources. To this end, special- some scalability and performance issues that the scientific
ized versions of Kubernetes tailored to fit resource-scarce community is currently analyzing [34–36]. In the field of
distributed nodes have been developed, such as K3s [30] online payments, decentralized alternatives beyond those
or KubeEdge [31]. However, note that in all these cases, based on blockchain technology have been explored. Au-
resource orchestration is still performed by a centralized thors in [19] propose Astro, an off-chain decentralized pay-
r
server. Furthermore, the scalability of the Kubernetes’ ment system based on the BRB broadcast primitive that
ecosystem is approached through the federation of different avoids the need for consensus to prevent double-spending.
Kubernetes clusters, exemplified by Karmada [32], which
er Astro employs a sharding scheme to partition nodes into
again relies on a centralized control plane governing mul- different shards or domains. The goal of sharding is to
tiple Kubernetes clusters. improve scalability and avoid the requirement of a global
However, a centralized approach poses challenges such system state shared by all nodes.
as potential single points of failure, increased latency and
pe
scalability limitations. To address these issues, researchers 8. Conclusions
are exploring alternate solutions based on distributed re-
source orchestration. Due to the intrinsic decentralized This paper introduced Light-HIDRA, a novel and ef-
nature of fog computing, its confluence with blockchain ficient approach for decentralized resource orchestration
technologies seems natural, not only in the application within IoT ecosystems. By building upon the Byzan-
domain (in order to track and secure data from Fog-IoT tine Reliable Broadcast algorithm for the orchestration of
environments), but also to achieve a truly distributed re- resources, Light-HIDRA bypasses the need for consen-
ot
source management. The EdgeChain framework [33] pro- sus, dramatically reducing communication overhead and
poses a credit-based resource management system based latency compared to existing approaches that rely on
on a permissioned blockchain and a currency system. The distributed ledger technology. Our system achieves fur-
behavior of the IoT devices and rule enforcement is reg- ther scalability by grouping peers into distinct domains
tn
ulated by means of smart contracts. Another prominent and reducing inter-domain communication. Our compre-
work in the field of distributed resource management is hensive security analysis and real-world data evaluation
MODiCuM [26]. The authors present an open resource show Light-HIDRA’s robustness and efficiency. Notably,
outsourcing market based on blockchain technology and our experimental results reveal the superior performance
smart contracts in which resource owners and end users of Light-HIDRA over HIDRA, a state-of-the-art ap-
rin
exchange computational resources and credits. To avoid proach for decentralized resource orchestration. Specifi-
misbehavior by system participants, MODiCuM models cally, Light-HIDRA reduces the bandwidth usage by up
the exchange of resources as a game-theoretic model with to 57 times and the latency of workload offloading by up to
the objective of assigning them fair rewards and penalties. 142 times, whilst maintaining higher throughput. These
The authors of Light-HIDRA also proposed HIDRA, findings establish Light-HIDRA as a promising solution
ep
a fully distributed orchestrator designed for managing for the challenges associated with resource orchestration.
fog/edge resources [6]. The primary focus of this re-
search was to effectively orchestrate workloads as con- Acknowledgments
tainers within local fog clusters, harnessing the combined
power of blockchain networks and lightweight virtualiza- This work was supported by
tion technologies. In HIDRA, the workload scheduling MCIN/AEI/10.13039/501100011033 and European
Pr
tasks rely on a set of smart contracts. Consequently, Regional Development Fund (ERDF), “A way to make
the control plane of HIDRA is deliberately decentralized, Europe” (ref. PID2021-123627OB-C52), and under 2023-
avoiding the risks associated with single points of failure. GRIN-34056 grant funded by the Regional Government
By distributing control across all nodes in the cluster, the of Castilla-La Mancha for Consolidated Research Groups.
16
References tional Conference on Dependable Systems and Networks (DSN),
IEEE, 2020, pp. 26–38.
d
[1] M. Marjani, F. Nasaruddin, A. Gani, A. Karim, I. A. T. [20] O. Ersoy, J. Decouchant, S. P. Kumble, S. Roos, Syncpcn/p-
Hashem, A. Siddiqa, I. Yaqoob, Big iot data analytics: ar- syncpcn: Payment channel networks without blockchain syn-
chitecture, opportunities, and open research challenges, ieee chrony, in: Proceedings of the 4th ACM Conference on Ad-
we
access 5 (2017) 5247–5261. vances in Financial Technologies, 2022, pp. 16–29.
[2] F. Bonomi, R. Milito, J. Zhu, S. Addepalli, Fog computing [21] C. Cachin, J. A. Poritz, Secure intrusion-tolerant replication
and its role in the internet of things, in: Proceedings of the on the internet, in: Proceedings International Conference on
first edition of the MCC workshop on Mobile cloud computing, Dependable Systems and Networks, IEEE, 2002, pp. 167–176.
2012, pp. 13–16. [22] C. Cachin, R. Guerraoui, L. Rodrigues, Reliable Broadcast,
[3] B. Jamil, H. Ijaz, M. Shojafar, K. Munir, R. Buyya, Resource Springer Berlin Heidelberg, Berlin, Heidelberg, 2011, pp. 73–
allocation and task scheduling in fog computing and internet 135.
of everything environments: A taxonomy, review, and future [23] J. Wang, H. Wang, Monoxide: Scale out blockchains with asyn-
ie
directions, ACM Computing Surveys (CSUR) 54 (2022) 1–38. chronous consensus zones., in: NSDI, volume 2019, 2019, pp.
[4] I. B. Lahmar, K. Boukadi, Resource allocation in fog computing: 95–112.
A systematic mapping study, in: 2020 Fifth International Con- [24] E. Kokoris-Kogias, P. Jovanovic, L. Gasser, N. Gailly, E. Syta,
ference on Fog and Mobile Edge Computing (FMEC), IEEE, B. Ford, Omniledger: A secure, scale-out, decentralized ledger
2020, pp. 86–93.
ev
via sharding, in: 2018 IEEE symposium on security and privacy
[5] C. Carrión, Kubernetes scheduling: Taxonomy, ongoing issues (SP), IEEE, 2018, pp. 583–598.
and challenges, ACM Computing Surveys 55 (2022) 1–37. [25] J. Hu, K. Yang, K. Wang, K. Zhang, A blockchain-based re-
[6] C. Núñez-Gómez, B. Caminero, C. Carrión, HIDRA: A Dis- ward mechanism for mobile crowdsensing, IEEE Transactions
tributed Blockchain-Based Architecture for Fog/Edge Com- on Computational Social Systems 7 (2020) 178–191.
puting Environments, IEEE Access 9 (2021) 75231–75251. [26] S. Eisele, T. Eghtesad, N. Troutman, A. Laszka, A. Dubey,
doi:10.1109/ACCESS.2021.3082197. Mechanisms for outsourcing computation via a decentralized
r
[7] S. Jošilo, G. Dán, Decentralized algorithm for randomized task market, in: Proceedings of the 14th ACM International Con-
allocation in fog computing systems, IEEE/ACM Transactions ference on Distributed and Event-Based Systems, DEBS ’20,
on Networking 27 (2018) 85–97. Association for Computing Machinery, New York, NY, USA,
[8] Z. A. Mann, Decentralized application placement in fog com-
33 (2022) 3262–3273.
er
puting, IEEE Transactions on Parallel and Distributed Systems
[9] S. Tuli, R. Mahmud, S. Tuli, R. Buyya, Fogbus: A blockchain-

[27]
2020, p. 61–72.
C. Dwork, N. Lynch, L. Stockmeyer, Consensus in the presence
of partial synchrony, Journal of the ACM (JACM) 35 (1988)
288–323.
based lightweight framework for edge and fog computing, Jour- [28] M. Haghi Kashani, A. M. Rahmani, N. Jafari Navimipour,
nal of Systems and Software 154 (2019) 22–36. Quality of service-aware approaches in fog computing, Inter-
pe
[10] C. Núñez-Gómez, C. Carrión, B. Caminero, F. M. Delicado, S- national Journal of Communication Systems 33 (2020) e4340.
HIDRA: A blockchain and SDN domain-based architecture to [29] B. Costa, J. Bachiega, L. R. de Carvalho, A. P. F. Araujo,
orchestrate fog computing environments, Computer Networks Orchestration in fog computing: A comprehensive survey, ACM
221 (2023) 109512. doi:https://doi.org/10.1016/j.comnet. Comput. Surv. 55 (2022).
2022.109512. [30] K3s Project Authors, K3s: Lightweight Kubernetes, 2023. URL:
[11] Z. Xiong, S. Feng, W. Wang, D. Niyato, P. Wang, Z. Han, https://k3s.io.
Cloud/fog computing resource management and pricing for [31] KubeEdge Project Authors, KubeEdge: Kubernetes Native
blockchain networks, IEEE Internet of Things Journal 6 (2018) Edge Computing Framework, 2023. URL: https://kubeedge.
ot
4585–4600. io.
[12] Y. Jiao, P. Wang, D. Niyato, K. Suankaewmanee, Auction [32] Karmada Authors, Karmada: Open, Multi-Cloud, Multi-
mechanisms in cloud/fog computing resource allocation for pub- Cluster Kubernetes Orchestration, 2023. URL: https://
lic blockchain networks, IEEE Transactions on Parallel and karmada.io.
Distributed Systems 30 (2019) 1975–1989. [33] J. Pan, J. Wang, A. Hester, I. Alqerm, Y. Liu, Y. Zhao,
tn
[13] P. W. Eklund, R. Beck, Factors that impact blockchain scala- EdgeChain: An Edge-IoT Framework and Prototype Based on
bility, in: Proceedings of the 11th international conference on Blockchain and Smart Contracts, IEEE Internet of Things Jour-
management of digital ecosystems, 2019, pp. 126–133. nal 6 (2019) 4719–4732. doi:10.1109/JIOT.2018.2878154.
[14] B. Nasrulin, M. De Vos, G. Ishmaev, J. Pouwelse, Gromit: [34] M. H. Nasir, J. Arshad, M. M. Khan, M. Fatima, K. Salah,
Benchmarking the performance and scalability of blockchain R. Jayaraman, Scalable blockchains — a systematic review,
systems, in: 2022 IEEE International Conference on Decentral- Future Generation Computer Systems 126 (2022) 136–162.
ized Applications and Infrastructures (DAPPS), IEEE, 2022, doi:https://doi.org/10.1016/j.future.2021.07.035.
rin
pp. 56–63. [35] D. Yang, C. Long, H. Xu, S. Peng, A review on scalability of

[15] G. Bracha, Asynchronous byzantine agreement protocols, In- blockchain, in: Proceedings of the 2020 The 2nd International
formation and Computation 75 (1987) 130–143. Conference on Blockchain Technology, ICBCT’20, Association
[16] S. Bonomi, J. Decouchant, G. Farina, V. Rahli, S. Tixeuil, for Computing Machinery, New York, NY, USA, 2020, p. 1–6.
Practical byzantine reliable broadcast on partially connected [36] Q. Zhou, H. Huang, Z. Zheng, J. Bian, Solutions to scalability
networks, in: 2021 IEEE 41st International Conference on Dis- of blockchain: A survey, IEEE Access 8 (2020) 16440–16455.
tributed Computing Systems (ICDCS), IEEE, 2021, pp. 506– doi:10.1109/ACCESS.2020.2967218.
ep
516.
[17] D. Kozhaya, J. Decouchant, P. Esteves-Verissimo, Rt-byzcast:
Byzantine-resilient real-time reliable broadcast, IEEE Transac-
tions on Computers 68 (2018) 440–454.
[18] D. Kozhaya, J. Decouchant, V. Rahli, P. Esteves-Verissimo,
Pistis: an event-triggered real-time byzantine-resilient protocol
suite, IEEE Transactions on Parallel and Distributed Systems
Pr
32 (2021) 2277–2290.
[19] D. Collins, R. Guerraoui, J. Komatovic, P. Kuznetsov,
M. Monti, M. Pavlovic, Y.-A. Pignolet, D.-A. Seredinschi,
A. Tonkikh, A. Xygkis, Online payments by merely broad-
casting messages, in: 2020 50th Annual IEEE/IFIP Interna-
17

SSRN Id4594430

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

SSRN Id4594430

Uploaded by

Copyright:

Available Formats

Light-HIDRA: Scalable and Decentralized Resource Orchestration in Fog-IoT

1. Introduction apply complex techniques to support high availability (and

vices that might also be faulty, unresponsive, or malicious

1. We introduce Light-HIDRA, a novel, secure and

Moreover, BRB implements an amplification step for send-

old depends on n, the number of total peers in the system.

rency payments in a decentralized way [19], and multi-hops

in the Solver peer intra-domain (2a) or inter-domain (2b).

Validators to lock and settle payments gradually according

Solver peers for the execution of workloads. The proto-

asynchronous network (i.e., peers could delay message de-

ate in asynchronous networks. However, some steps of the

3. Solver selection. Peers reply to the RequestRe-

for managing the resources of its peers, so peers be-

17 " p_ratio " : { quorum). Once this is achieved, each correct p ∈ M1

protocol. then send Event (CANCEL) messages to M2 . Finally, cor-

1. Once timestamp tsstart specified in e is reached, cor-

sent when texec expires without reaching fthr . Just

Positive to M1 and M2 . The partial payments settled from

ing (CREDIT) messages select the (f + 1)-th smallest

release the resources of ps used by w.

SULT) messages. It does not matter what monitoring

In this section we analyze the security of Light-

their workloads. To achieve this, Applicant peers itera-

workload monitoring. WEP, i.e., the broadcasting of monitoring results and

vative part of Light-HIDRA is the partitioning of peers

ing all nodes to know the current state of scheduling flows.

process is carried out by voting of the nodes participating

location, etc). Then, HIDRA waits for the response from

Total bandwidth usage (MB)

spectively. We also observe differences in bandwidth usage

HIDRA with domains the bandwidth remains constant.

each domain size. Thus, for a domain size of 200 peers,

240 240.72 105

Event fulfil latency (s)

the configurable timeouts of Light-HIDRA (i.e., toutssp

domains, the overall computation required to perform an

participate in the exchange of messages in order to guar-

in networks with 100 peers and domains composed of 50

moment the workload gets assigned to a Solver peer.

Total memory usage (GB)

[9] S. Tuli, R. Mahmud, S. Tuli, R. Buyya, Fogbus: A blockchain-

pp. 56–63. [35] D. Yang, C. Long, H. Xu, S. Peng, A review on scalability of

You might also like