Stealing bandwidth from BitTorrent seeders

BitTorrent continues to comprise the largest fraction of Internet traffic. While significant progress has been made in understanding the BitTorrent choking mechanism, its security vulnerabilities have not been investigated thoroughly. This paper presents an experimental analysis of bandwidth attacks against different choking algorithms in the BitTorrent seed state. We reveal a simple exploit that allows malicious peers to receive a considerably higher download rate than contributing leechers, therefore introducing significant efficiency degradations for benign peers. We show the damage caused by the proposed attack in two different environments: a lab testbed comprising 32 peers and a PlanetLab testbed with 300 peers. Our results show that 3 malicious peers can degrade the download rate up to 414.99% for all peers. Combined with a Sybil attack that consists of as many attackers as leechers, it is possible to degrade the download rate by more than 1000%. We propose a novel choking algorithm which is immune against bandwidth attacks and a countermeasure against the revealed attack

On the Impact of Practical P2P Incentive Mechanisms on User Behavior

In this paper we report on the results of a large-scale measurement study of two popular peer-topeer systems, namely BitTorrent and eMule, that use practical and lightweight incentive mechanisms to encourage cooperation between users. We focus on identifying the strategic behavior of users in response to those incentive mechanisms. Our results illustrate a gap between what system designers and researchers expect from users in reaction to an incentive mechanism, and how users react to those incentives. In particular, we observe that the majority of BitTorrent users appear to cooperate well, despite the existence of known ways to tamper with the incentive mechanism, users engaging in behavior that could be regarded as cheating comprised only around 10% of BitTorrent’s population. That is, although we know that users can easily cheat, they actually do not currently appear to cheat at a large enough scale. In the eMule system, we identify several distinct classes of users based on their behavior. A large fraction of users appears to perceive cooperation as a good strategy, and openly share all the files they obtained. Other users engage in more subtle strategic choices, by actively optimizing the number and types of files they share in order to improve their standing in eMule’s waiting queues; they tend to remove files for which downloading is complete and keep a limited total volume of files shared

An Analysis of incentives mechanisms and evaluation on BitTorrent

Since the first peer-to-peer communities appeared, their number of users has increased considerably owing to the benefits they offer compared to their alternative architectures in the sharing and distribution of multimedia content. However, due to its distributed nature, they can suffer an important problem of misuse: free-riding. Free-riding consists on users consuming resources without contributing to the system. Such behaviour not only is not fair for the rest of the users, but also threatens the success of this type of nets. With the motivation to avoid free-riding, the mechanisms of incentives were born. They provide the system with a method to motivate the nodes and make them share their resources with the other users. In one word, they provide the net with the needed fairness to achieve a good performance for all users. This thesis is organised in two main parts. In the first part there is a comprehensive study of the state of the art regarding the incentive mechanisms, resulting in a classification depending on the characteristics of the studied algorithms. That study provides the reader with a first sight of the strengths and weaknesses of each algorithm. In the second part there is a test scenario based in the virtualization of machines that was useful to evaluate empirically some of the studied algorithms. Finally, a series of experiments were carried out in order to compare some characteristics of these algorithms and thus verify or deny the conclusions resulted in the study of the state of the art

Study of Peer-to-Peer Network Based Cybercrime Investigation: Application on Botnet Technologies

The scalable, low overhead attributes of Peer-to-Peer (P2P) Internet protocols and networks lend themselves well to being exploited by criminals to execute a large range of cybercrimes. The types of crimes aided by P2P technology include copyright infringement, sharing of illicit images of children, fraud, hacking/cracking, denial of service attacks and virus/malware propagation through the use of a variety of worms, botnets, malware, viruses and P2P file sharing. This project is focused on study of active P2P nodes along with the analysis of the undocumented communication methods employed in many of these large unstructured networks. This is achieved through the design and implementation of an efficient P2P monitoring and crawling toolset. The requirement for investigating P2P based systems is not limited to the more obvious cybercrimes listed above, as many legitimate P2P based applications may also be pertinent to a digital forensic investigation, e.g, voice over IP, instant messaging, etc. Investigating these networks has become increasingly difficult due to the broad range of network topologies and the ever increasing and evolving range of P2P based applications. In this work we introduce the Universal P2P Network Investigation Framework (UP2PNIF), a framework which enables significantly faster and less labour intensive investigation of newly discovered P2P networks through the exploitation of the commonalities in P2P network functionality. In combination with a reference database of known network characteristics, it is envisioned that any known P2P network can be instantly investigated using the framework, which can intelligently determine the best investigation methodology and greatly expedite the evidence gathering process. A proof of concept tool was developed for conducting investigations on the BitTorrent network.Comment: This is a thesis submitted in fulfilment of a PhD in Digital Forensics and Cybercrime Investigation in the School of Computer Science, University College Dublin in October 201

Experimental Assessment of BitTorrent Completion Time in Heterogeneous TCP/uTP swarms

BitTorrent, one of the most widespread used P2P application for file-sharing, recently got rid of TCP by introducing an application-level congestion control protocol named uTP. The aim of this new protocol is to efficiently use the available link capacity, while minimizing its interference with the rest of user traffic (e.g., Web, VoIP and gaming) sharing the same access bottleneck. In this paper we perform an experimental study of the impact of uTP on the torrent completion time, the metric that better captures the user experience. We run BitTorrent applications in a flash crowd scenario over a dedicated cluster platform, under both homogeneous and heterogeneous swarm population. Experiments show that an all-uTP swarms have shorter torrent download time with respect to all-TCP swarms. Interestingly, at the same time, we observe that even shorter completion times can be achieved under careful mixtures of TCP and uTP traffic.Comment: 14 pages, under submissio