arxiv: 2604.18049 · v1 · submitted 2026-04-20 · 💻 cs.DC

Recognition: unknown

Trust, but Verify: ByzTwin-Range, a Digital Twin Cyber-Range for Byzantine Faults

Tadeu Freitas , Jo\~ao Soares , Rolando Martins

Authors on Pith no claims yet

Pith reviewed 2026-05-10 04:08 UTC · model grok-4.3

classification 💻 cs.DC

keywords Byzantine fault tolerancedigital twincyber rangecritical infrastructuresynchrony vulnerabilitiesfault injectioncyber-physical systemsBFT testing

0 comments

The pith

ByzTwin-Range pairs a live BFT system with a digital twin to run safe fault-injection tests and return hardening advice.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper introduces a dual-layer setup that links a production BFT deployment to a digital twin so operators can inject Byzantine faults and timing attacks using live data. The twin runs what-if simulations to expose misconfigured timeouts, false suspicions, and delay exploits that real-world conditions can trigger. Insights flow back through a secure channel to update the operational system. This approach addresses the gap between lab testing, which lacks timing realism, and production testing, which risks live infrastructure.

Core claim

ByzTwin-Range integrates a production-grade BFT deployment with a Digital Twin that mirrors real system state, executes co-simulation and emulation for what-if analyses, identifies synchrony vulnerabilities such as misconfigured timeouts and adversarial delay exploits, and feeds insights back through a secure advisory channel to support continuous validation and adaptive hardening.

What carries the argument

Dual-layer architecture that couples a live BFT deployment with a Digital Twin for co-simulation, fault injection, and secure feedback using standards such as OPC UA, TSN, FMI/HLA, and QUIC/mTLS.

If this is right

Operators gain a safe way to stress-test BFT protocols under realistic cyber-physical timing conditions.
Synchrony assumptions in BFT deployments can be checked and tightened before deployment.
Continuous feedback loops allow adaptive configuration changes without halting operations.
Industry-standard interfaces make the approach compatible with existing industrial CPS workflows.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

The same twin structure could be applied to other fault models or consensus protocols beyond BFT.
Differential-privacy techniques mentioned for analytics could allow sharing of vulnerability data across organizations.
Repeated twin runs might produce statistical profiles of timing sensitivity that guide protocol parameter selection.
Integration with time-sensitive networking opens paths to test BFT behavior under bounded-delay guarantees.

Load-bearing premise

The digital twin can replicate the real system's timing behavior, state, and network conditions with enough fidelity to reveal genuine vulnerabilities rather than artifacts of the model itself.

What would settle it

Running the twin against a BFT system with known timing faults and finding that it either misses those faults or reports vulnerabilities that do not appear when the same faults are injected directly in the live system.

Figures

Figures reproduced from arXiv: 2604.18049 by Jo\~ao Soares, Rolando Martins, Tadeu Freitas.

read the original abstract

Critical infrastructures increasingly rely on interconnected and software-driven Cyber-Physical Systems (CPS), exposing operational processes to both accidental failures and sophisticated adversarial behavior. While Byzantine Fault Tolerant (BFT) protocols offer robustness against arbitrary faults, evaluating their behavior under realistic cyber-physical conditions remains challenging: traditional cyber ranges lack timing fidelity, and testing in production environments is unsafe. This paper introduces ByzTwin-Range, a dual-layer architecture that integrates a production-grade BFT deployment with a Digital Twin (DT) to enable controlled experimentation, stress testing, and Byzantine fault injection using live operational data. The DT mirrors real system state, executes "What-if" analyses through co-simulation and emulation, and identifies synchrony vulnerabilities, i.e., misconfigured timeouts, timing-sensitive false suspicions, and adversarial delay exploits, configuration weaknesses, and adversarial behaviors that may undermine BFT guarantees. Insights from the twin are fed back into the operational deployment through a secure advisory channel, supporting continuous validation and adaptive hardening. The proposed design leverages industry-standard technologies (Open Platform Communications Unified Architecture, Time-Sensitive Networking, Functional Mock-up Unit/High-Level Architecture, QUIC/mutual TLS) to maximize feasibility and compatibility with existing industrial workflows. ByzTwin-Range establishes a practical foundation for next-generation, BFT-aware cyber ranges and paves the way for more resilient CPSs through continuous testing, differential-privacy-enabled analytics, and future proof-of-concept implementations.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

2 major / 1 minor

Summary. The manuscript proposes ByzTwin-Range, a dual-layer architecture that integrates a production-grade Byzantine Fault Tolerant (BFT) deployment with a Digital Twin (DT) to enable controlled experimentation, stress testing, and Byzantine fault injection using live operational data from cyber-physical systems. The DT is described as mirroring real system state, performing what-if co-simulations and emulations to identify synchrony vulnerabilities such as misconfigured timeouts, timing-sensitive false suspicions, and adversarial delay exploits, with insights fed back to the operational system via a secure advisory channel. The design relies on industry standards including OPC UA, Time-Sensitive Networking (TSN), FMI/HLA, and QUIC/mTLS.

Significance. If the timing fidelity and state replication claims hold, the architecture could provide a practical advance over existing cyber ranges by allowing safe, high-fidelity testing of BFT protocols under realistic CPS conditions, potentially enabling continuous validation and adaptive hardening of critical infrastructure without production risk.

major comments (2)

[Architecture description and abstract] The manuscript supplies only a high-level architectural description and contains no prototype implementation, timing-accuracy measurements, comparison against a real BFT deployment, or analysis of how emulation error propagates into false-positive or false-negative vulnerability reports. This directly undermines the central claim that the DT can reliably surface synchrony vulnerabilities (misconfigured timeouts, adversarial delays) at a precision finer than BFT timeout windows.
[Digital Twin co-simulation and emulation components] The assumption that the DT can faithfully replicate network delays, clock skew, and message timing without introducing artifacts that mask or fabricate faults is stated but never demonstrated or bounded; no error-propagation analysis or fidelity requirements relative to BFT protocol parameters are provided, making all downstream claims about actionable hardening advice ungrounded.

minor comments (1)

[Abstract] The abstract is lengthy and repeats the list of identified vulnerabilities; condensing it would improve readability.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for the detailed and insightful comments. We agree that the manuscript is a high-level architectural proposal without prototype implementation or empirical measurements, and we will revise to clarify its conceptual scope, temper claims about vulnerability detection, and outline required future validation steps.

read point-by-point responses

Referee: [Architecture description and abstract] The manuscript supplies only a high-level architectural description and contains no prototype implementation, timing-accuracy measurements, comparison against a real BFT deployment, or analysis of how emulation error propagates into false-positive or false-negative vulnerability reports. This directly undermines the central claim that the DT can reliably surface synchrony vulnerabilities (misconfigured timeouts, adversarial delays) at a precision finer than BFT timeout windows.

Authors: We acknowledge this assessment is accurate. The paper proposes the dual-layer architecture and its use of standards such as TSN and FMI/HLA to support timing fidelity, but presents no implemented system or quantitative results. The claims about surfacing synchrony vulnerabilities are therefore prospective and rest on the design rationale rather than demonstrated performance. In revision we will rewrite the abstract and introduction to frame the contribution explicitly as a design proposal, add a dedicated limitations and future-work section that specifies planned prototype development, timing-accuracy metrics, error-propagation analysis, and a comparison methodology against live BFT deployments. revision: yes
Referee: [Digital Twin co-simulation and emulation components] The assumption that the DT can faithfully replicate network delays, clock skew, and message timing without introducing artifacts that mask or fabricate faults is stated but never demonstrated or bounded; no error-propagation analysis or fidelity requirements relative to BFT protocol parameters are provided, making all downstream claims about actionable hardening advice ungrounded.

Authors: We accept the criticism. The manuscript states that TSN and FMI/HLA will enable faithful replication but supplies neither bounds on emulation error nor an analysis of how such error could affect false-positive or false-negative vulnerability reports relative to BFT timeout windows. We will revise the co-simulation and emulation sections to articulate the fidelity assumptions explicitly, discuss potential artifact sources (for example, twin synchronization latency), define minimum fidelity requirements in terms of BFT parameters, and include a preliminary error model together with a validation roadmap in the future-work section. revision: yes

Circularity Check

0 steps flagged

No circularity: descriptive architecture proposal with no derivations or fitted claims

full rationale

The manuscript is a high-level system design proposal for ByzTwin-Range that describes an integration of BFT deployments with a Digital Twin using standard industrial protocols (OPC UA, TSN, FMI/HLA, QUIC/mTLS). It contains no equations, mathematical derivations, fitted parameters, predictions derived from data subsets, or load-bearing self-citations. The central claims concern the feasibility of controlled experimentation and vulnerability identification via co-simulation; these are presented as design goals rather than results that reduce to the paper's own inputs by construction. No uniqueness theorems, ansatzes, or renamings of known results are invoked. The work is self-contained as an architectural outline without internal circular steps.

Axiom & Free-Parameter Ledger

0 free parameters · 2 axioms · 1 invented entities

The proposal rests on standard domain assumptions about BFT robustness and digital-twin fidelity rather than new axioms or fitted parameters.

axioms (2)

domain assumption Byzantine Fault Tolerant protocols offer robustness against arbitrary faults
Invoked in the opening sentence as background for the need of the twin.
domain assumption A digital twin can accurately mirror real system state and timing for co-simulation
Implicit in the claim that the twin enables reliable what-if analyses and vulnerability identification.

invented entities (1)

ByzTwin-Range dual-layer architecture no independent evidence
purpose: To combine live BFT operation with a digital twin for safe fault injection and feedback
The system itself is the novel construct introduced by the paper.

pith-pipeline@v0.9.0 · 5565 in / 1409 out tokens · 44676 ms · 2026-05-10T04:08:29.918222+00:00 · methodology

discussion (0)

Reference graph

Works this paper leans on

32 extracted references · 3 canonical work pages

[1]

Gheorghe, A review of the information technology and operational technology convergence using internet of things within the circular economy, in: Proc

S.-D. Gheorghe, A review of the information technology and operational technology convergence using internet of things within the circular economy, in: Proc. Int. Conf. Bus. Excell, V ol. 18, 2024, pp. 829–845

2024
[2]

Falco, et al., Stuxnet: Facts and figures, Tech

M. Falco, et al., Stuxnet: Facts and figures, Tech. rep., NATO Cooper- ative Cyber Defence Centre of Excellence, Tallinn, Estonia (2012)

2012
[3]

M. J. Assante, R. M. Lee, D. U. Case, Analysis of the cyber attack on the ukrainian power grid, Tech. rep., Electricity Information Sharing and Analysis Center (E-ISAC) and SANS ICS (March 2016)

2016
[4]

P. W. Parfomak, Colonial pipeline: The darkside strikes, Tech. Rep. IN11667, Congressional Research Service (May 2021)

2021
[5]

T. D. Ashley, S. N. G. Gourisetti, N. B. Brown, C. A. Bone- brake, Aggregate attack surface management for network discovery of operational technology, Computers & Security 123 (2022) 102939. doi:10.1016/j.cose.2022.102939

work page doi:10.1016/j.cose.2022.102939 2022
[6]

Nankya, R

M. Nankya, R. Chataut, R. Akl, Securing industrial control systems: Components, cyber threats, and machine learning-driven defense strate- gies, Sensors 23 (21) (2023) 8840. doi:10.3390/s23218840

work page doi:10.3390/s23218840 2023
[7]

rep., European Union Agency for Cybersecurity (September 2024)

European Union Agency for Cybersecurity (ENISA), Enisa threat land- scape 2024, Tech. rep., European Union Agency for Cybersecurity (September 2024). doi:10.2824/0710888

work page doi:10.2824/0710888 2024
[8]

P. R. Chintamaneni, P. Jalote, Y .-B. Shieh, S. K. Tripathi, On fault tolerance in manufacturing systems, IEEE Network 2 (3) (2002) 32– 39

2002
[9]

Ertugrul, W

N. Ertugrul, W. Soong, G. Dostal, D. Saxon, Fault tolerant motor drive system with redundancy for critical applications, in: 2002 IEEE 33rd Annual IEEE Power Electronics Specialists Conference. Proceedings (Cat. No. 02CH37289), V ol. 3, IEEE, 2002, pp. 1457–1462

2002
[10]

Nasreen, A

M. Nasreen, A. Ganesh, C. Sunitha, A study on byzantine fault tolerance methods in distributed networks, Procedia Computer Science 87 (2016) 50–54

2016
[11]

Huang, C

S. Huang, C. M. Poskitt, L. K. Shar, Security modelling for cyber- physical systems: A systematic literature review, ACM Transactions on Cyber-Physical Systems (2024)

2024
[12]

V . E. Urias, W. M. Stout, B. Van Leeuwen, H. Lin, Cyber range infrastructure limitations and needs of tomorrow: A position paper, in: 2018 international Carnahan conference on security technology (ICCST), IEEE, 2018, pp. 1–5

2018
[13]

Grieves, J

M. Grieves, J. Vickers, Digital twin: Mitigating unpredictable, undesir- able emergent behavior in complex systems, in: Transdisciplinary per- spectives on complex systems: New findings and approaches, Springer, 2016, pp. 85–113

2016
[14]

Nogueira, M

A. Nogueira, M. Garcia, A. Bessani, N. Neves, On the challenges of building a bft scada, in: 2018 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), IEEE, 2018, pp. 163–170

2018
[15]

Suhail, R

S. Suhail, R. Hussain, R. Jurdak, A. Oracevic, K. Salah, C. S. Hong, R. Matuleviˇcius, Blockchain-based digital twins: Research trends, issues, and future challenges, ACM Computing Surveys (CSUR) 54 (11s) (2022) 1–34

2022
[16]

H. Foundation, Hyperledger fabric v3: Deliv- ering smart byzantine-fault-tolerant consensus, https://www.lfdecentralizedtrust.org/blog/ hyperledger-fabric-v3-delivering-smart-byzantine- fault-tolerant-consensus, accessed: 2025-11-17 (2024)

2025
[17]

Z. Dong, Z. Li, D. Mi, L. Zhang, Byzantine fault tolerance consensus in cyber-physical system: Probabilistic reliability analysis under various network topologies, IEEE Transactions on Industrial Cyber-Physical Systems (2025)

2025
[18]

R. Hao, X. Dai, X. Xie, Doppel: A bft consensus algorithm for cyber- physical systems with low latency, Journal of Systems Architecture 148 (2024) 103087

2024
[19]

S. R. Jeremiah, A. El Azzaoui, N. N. Xiong, J. H. Park, A compre- hensive survey of digital twins: applications, technologies and security challenges, Journal of Systems Architecture 151 (2024) 103120

2024
[20]

Soares, R

J. Soares, R. Fernandez, M. Silva, T. Freitas, R. Martins, Zermia-a fault injector framework for testing byzantine fault tolerant protocols, in: International Conference on Network and System Security, Springer, 2021, pp. 38–60

2021
[21]

Pinto, R

R. Pinto, R. Martins, C. Novo, Infrastructure as code for cybersecurity training, Journal of Cybersecurity Education, Research and Practice 2024 (1) (2023) 5

2024
[22]

A. B. Shitole, N. K. Kandasamy, L. S. Liew, L. Sim, A. K. Bui, Real-time digital twin of residential energy storage system for cyber- security study, in: 2021 IEEE 2nd International Conference on Smart Technologies for Power, Energy and Control (STPEC), IEEE, 2021, pp. 1–6

2021
[23]

Dietz, M

M. Dietz, M. Vielberth, G. Pernul, Integrating digital twin security simulations in the security operations center, in: Proceedings of the 15th International Conference on Availability, Reliability and Security, 2020, pp. 1–9

2020
[24]

Eckhart, A

M. Eckhart, A. Ekelhart, Towards security-aware virtual environments for digital twins, in: Proceedings of the 4th ACM workshop on cyber- physical system security, 2018, pp. 61–72

2018
[25]

F. Flammini, Digital twins as run-time predictive models for the re- silience of cyber-physical systems: a conceptual framework, Philosoph- ical Transactions of the Royal Society A 379 (2207) (2021) 20200369

2021
[26]

Nguyen, M

L. Nguyen, M. Segovia, W. Mallouli, E. M. d. Oca, A. R. Cavalli, Digital twin for iot environments: a testing and simulation tool, in: International Conference on the Quality of Information and Communications Tech- nology, Springer, 2022, pp. 205–219

2022
[27]

P. G. Larsen, L. Esterle, J. Fitzgerald, M. Frasheri, Fault injection in co-simulation and digital twins for cyber-physical robotic systems, in: Applicable formal methods for safe industrial products: essays dedicated to Jan Peleska on the occasion of his 65th birthday, Springer, 2023, pp. 222–236

2023
[28]

Dettoni, L

F. Dettoni, L. C. Lung, M. Correia, A. F. Luiz, Byzantine fault-tolerant state machine replication with twin virtual machines, in: 2013 IEEE Symposium on Computers and Communications (ISCC), IEEE, 2013, pp. 000398–000403

2013
[29]

Sahal, S

R. Sahal, S. H. Alsamhi, K. N. Brown, D. O’Shea, B. Alouffi, Blockchain-based digital twins collaboration for smart pandemic alert- ing: Decentralized covid-19 pandemic alerting use case, Computational Intelligence and Neuroscience 2022 (1) (2022) 7786441

2022
[30]

M. J. Amiri, C. Wu, D. Agrawal, A. El Abbadi, B. T. Loo, M. Sadoghi, The bedrock of byzantine fault tolerance: A unified platform for {BFT}protocols analysis, implementation, and experimentation, in: 21st USENIX Symposium on Networked Systems Design and Implementa- tion (NSDI 24), 2024, pp. 371–400

2024
[31]

Loveless, R

A. Loveless, R. Dreslinski, B. Kasikci, L. T. X. Phan, Igor: Accelerating byzantine fault tolerance for real-time systems with eager execution, in: 2021 IEEE 27th Real-Time and Embedded Technology and Applications Symposium (RTAS), IEEE, 2021, pp. 360–373

2021
[32]

B ¨ohm, T

H. B ¨ohm, T. Distler, P. W ¨agemann, Tinybft: Byzantine fault-tolerant replication for highly resource-constrained embedded systems, in: 2024 IEEE 30th Real-Time and Embedded Technology and Applications Symposium (RTAS), IEEE, 2024, pp. 225–238

2024