B.
Back to projects

Secure Distributed Auction System

Overview

A multi-user fault-tolerant auction system with passive replicas built using Java RPC. It began as a simple multi-client RMI service and was then extended with RSA-based challenge-response authentication and time-limited access tokens. I then implemented a RAFT-like replication layer to ensure my project is resilient if a node crashes or falls out of sync.

What it does

  • Users can register, create listings, place bids and close their own auctions from a stateless front end.
  • The stateless frontend routes all requests to the primary replica.
  • Replicas use a RAFT-like algorithm with log-replication and leader election to maintain a consistent state and handle replicas falling out of sync or failing (even if it’s the primary replica).
  • Clients are authenticated using time-limited tokens which they receive after completing an asymmetric challenge-response.

Why it’s interesting

This project is interesting because it required me to think about security and key distributed systems principles (like fault tolerance and availability) on a complex auction system. This led to me architecting a highly-available, concurrent and secure auction system.

Key Technical Points

  • Efficient secure sessions: Verified user identity with RSA challenge-response on login. Then issued unique, time-limited access tokens for privileged tasks so high-frequency auction bursts could be authorised without expensive request-by-request public-key checks whilst keeping a short replay window.
  • Safe multi-client access: Used Java RMI with thread-safe collections and atomic counters/hashmaps so multiple concurrent clients could safely register, create auctions and place bids.
  • Fault-tolerant replica coordination: Built RAFT-inspired leader election and operation-log synchronisation from scratch to allow the system to recover from node failure, primary replica loss and stale state after rejoining.
  • Stateless frontend: Used a stateless frontend to locate the current primary and forward client calls, keeping routing logic independent from the replicas.

Tech Stack

Language: Java
Tools / Methodologies: Maven, RAFT Consensus
Security: Cryptography, Challenge-Response, Signatures