Asynchronous Covert Communication Using BitTorrent Trackers

Covert channels enable communicating parties to exchange messages without being detected by an external observer. In this paper we propose a novel covert channel mechanism based on BitTorrent trackers. The proposed mechanism uses common HTTP commands, thus having the appearance of genuine web traffic and consists of communications that are both indirect and asynchronous: no messages are directly exchanged between the sender and the receiver (of covert communications) and there is a potentially considerable delay between the sender's message to the relaying party and the receiver collecting this message. We present details of the proposed scheme in which a centralized BitTorrent tracker is used for storing covert messages and evaluate its performance based on the implemented prototype. We analyze the detectability of covert communications by an adversary and show that, while the common nature of the BitTorrent traffic and the large number of clients make the detection unlikely, the low temporal correlation between the writer and the reader (the two communicating parties) further increases the detection difficulty. Finally we discuss a variant of our scheme that uses a decentralized tracker (based on distributed hash tables), increasing the scalability and enabling a larger number of parallel covert communication channels.Les canaux de communication cachés permettent à des parties d'échanger des messages sans être détectés par un observateur extérieur. Dans ce papier, nous proposons un nouveau mécanisme de canaux cachés reposant sur les trackers BitTorrent. Le système proposé repose sur l'utilisation de commandes HTTP, lui donnant ainsi l'aspect d'un simple trafic web. De plus ce système permet des communications qui sont à la fois directes et asynchrones : aucun message n'est directement échangé entre l'émetteur et le récepteur (du canal caché) et il peut exister un délai considérable entre le moment où le message est transmis au relai et celui où il est lu. Nous présentons les détails du système proposé dans lequel un trackeur BitTorrent est utilisé pour stocker les messages, et nous évaluons ses performances grâce à un prototype. Nous analysons la détectabilité des communications cachés par un adversaire, et nous montrons qu'en plus de la nature commune des communications BitTorrent et du grand nombre d'utilisateurs de ce système, la faible corrélation temporelle entre les opérations de lecture et d'écriture rendent la détection difficile. Finalement, nous présentons une variante de ce système utilisant un trackeur décentralisé (basé sur une table de hachage distribuée), qui permet un meilleur passage à l'échelle et l'utilisation de plusieurs canaux en parallèle

More Than Movies: Social Formations in Informal Networks of Media Sharing

This project examines the social structures, formations, and practices of informal networks of media sharing (INMSs) through both historical and sociological lenses. INMSs are comprised of individuals who distribute and circulate media to one another through noncommercial, unauthorized networks. The networks can be centered around texts, such as the early videophile publication The Videophile’s Newsletter, or they can be constituted by disparate groups of people who come together as a community using digital platforms like BitTorrent. While nominally concerned with circulating media, INMSs are also sources of social sustenance for their members and are sites of struggle for social and symbolic capital and power. They illuminate the complex ways in which community members utilize media as a starting point to satisfy a variety of needs, including developing bodies of cultural and technical knowledge, thinking through legal and ethical concerns, creating social bonds, and engaging in a variety of pedagogical practices. In short, INMSs are loci of social and cultural meaning-making for their members. This dissertation catalogs and analyzes the social practices and formations of three INMSs, the aforementioned Videophile’s Newsletter and two private, BitTorrent networks focused on cinema, Great Cinema and FilmDestruction, showing there to be diachronic and transplatform similarities between different networks. Rather than instances of rupture and divergence, this project argues that these networks are best understood through an evolutionary lens. It contends that INMSs and other similar formations should be increasingly studied because of their prevalence throughout the 20th and 21st centuries and their importance to consumers as unauthorized media distribution spaces whereby network members have greater latitude to experiment with media and create unique, diverse social structures and practices that are not contingent upon restrictions imposed by the media and copyright industries

Performance Evaluation of a Field Programmable Gate Array-Based System for Detecting and Tracking Peer-to-Peer Protocols on a Gigabit Ethernet Network

Recent years have seen a massive increase in illegal, suspicious, and malicious traffic traversing government and military computer networks. Some examples include illegal file distribution and disclosure of sensitive information using the BitTorrent file sharing protocol, criminals and terrorists using Voice over Internet Protocol (VoIP) technologies to communicate, and foreign entities exfiltrating sensitive data from government, military, and Department of Defense contractor networks. As a result of these growing threats, the TRacking and Analysis for Peer-to-Peer (TRAPP) system was developed in 2008 to detect BitTorrent and VoIP traffic of interest. The TRAPP system, designed on a Xilinx Virtex-II Pro Field Programmable Gate Array (FPGA) proved valuable and effective in detecting traffic of interest on a 100 Mbps network. Using concepts and technology developed for the TRAPP system, the TRAPP-2 system is developed on a Xilinx ML510 FPGA. The goals of this research are to evaluate the performance of the TRAPP-2 system as a solution to detect and track malicious packets traversing a gigabit Ethernet network. The TRAPP-2 system detects a BitTorrent, Session Initiation Protocol (SIP), or Domain Name System (DNS) packet, extracts the payload, compares the data against a hash list, and if the packet is suspicious, logs the entire packet for future analysis. Results show that the TRAPP-2 system captures 95.56% of BitTorrent, 20.78% of SIP INVITE, 37.11% of SIP BYE, and 91.89% of DNS packets of interest while under a 93.7% network utilization (937 Mbps). For another experiment, the contraband hash list size is increased from 1,000 to 131,072,000 unique items. The experiment reveals that each doubling of the hash list size results in a mean increase of approximately 16 central processing unit cycles. These results demonstrate the TRAPP-2 system’s ability to detect traffic of interest under a saturated network utilization while maintaining large contraband hash lists

Warez

When most people think of piracy, they think of Bittorrent and The Pirate Bay. These public manifestations of piracy, though, conceal an elite worldwide, underground, organized network of pirate groups who specialize in obtaining media – music, videos, games, and software – before their official sale date and then racing against one another to release the material for free. Warez: The Infrastructure and Aesthetics of Piracy is the first scholarly research book about this underground subculture, which began life in the pre-internet era Bulletin Board Systems and moved to internet File Transfer Protocol servers (“topsites”) in the mid- to late-1990s. The “Scene,” as it is known, is highly illegal in almost every aspect of its operations. The term “Warez” itself refers to pirated media, a derivative of “software.” Taking a deep dive in the documentary evidence produced by the Scene itself, Warez describes the operations and infrastructures an underground culture with its own norms and rules of participation, its own forms of sociality, and its own artistic forms. Even though forms of digital piracy are often framed within ideological terms of equal access to knowledge and culture, Eve uncovers in the Warez Scene a culture of competitive ranking and one-upmanship that is at odds with the often communalist interpretations of piracy. Broad in scope and novel in its approach, Warez is indispensible reading for anyone interested in recent developments in digital culture, access to knowledge and culture, and the infrastructures that support our digital age

Peer-to-peer-based file-sharing beyond the dichotomy of 'downloading is theft' vs. 'information wants to be free': How Swedish file-sharers motivate their action

This thesis aims to offer a comprehensive analysis of peer-to-peer based file-sharing by focusing on the discourses about use, agency and motivation involved, and how they interrelate with the infrastructural properties of file-sharing. Peer-to-peer-based file-sharing is here defined as the unrestricted duplication of digitised media content between autonomous end nodes on the Internet. It has become an extremely popular pastime, largely involving music, film, games and other media which is copied without the permission of the copyright holders. Due to its illegality, the popular understanding of the phenomenon tends to overstate its conflictual elements, framing it within a legalistic 'copyfight'. This is most markedly manifested in the dichotomised image of file-sharers as 'pirates' allegedly opposed to the entertainment industry. The thesis is an attempt to counter this dichotomy by using a more heterodox synthesis of perspectives, aiming to assimilate the phenomenon's complex intermingling of technological, infrastructural, economic and political factors. The geographic context of this study is Sweden, a country characterised by early broadband penetration and subsequently widespread unrestricted file-sharing, paralleled by a lively and well-informed public debate. This gives geographic specificity and further context to the file sharers' own justificatory discourses, serving to highlight and problematise some principal assumptions about the phenomenon. The thesis thus serves as a geographically contained case study which will have analytical implications outside of its immediate local context, and as an inquiry into two aspects of file-sharer argumentation: the ontological understandings of digital technology and the notion of agency. These, in turn, relate to particular forms of sociality in late modernity. Although the agencies and normative forces involved are innumerable, controversies about agency tend to order themselves in a more comprehensive way, as they are appropriated discursively. The invocation to agency that is found in the justificatory discourses - both in the public debate and among individual respondents - thus allows for a more productive and critically attentive understanding of the phenomenon than previously

Warez

When most people think of piracy, they think of Bittorrent and The Pirate Bay. These public manifestations of piracy, though, conceal an elite worldwide, underground, organized network of pirate groups who specialize in obtaining media – music, videos, games, and software – before their official sale date and then racing against one another to release the material for free. Warez: The Infrastructure and Aesthetics of Piracy is the first scholarly research book about this underground subculture, which began life in the pre-internet era Bulletin Board Systems and moved to internet File Transfer Protocol servers (“topsites”) in the mid- to late-1990s. The “Scene,” as it is known, is highly illegal in almost every aspect of its operations. The term “Warez” itself refers to pirated media, a derivative of “software.” Taking a deep dive in the documentary evidence produced by the Scene itself, Warez describes the operations and infrastructures an underground culture with its own norms and rules of participation, its own forms of sociality, and its own artistic forms. Even though forms of digital piracy are often framed within ideological terms of equal access to knowledge and culture, Eve uncovers in the Warez Scene a culture of competitive ranking and one-upmanship that is at odds with the often communalist interpretations of piracy. Broad in scope and novel in its approach, Warez is indispensible reading for anyone interested in recent developments in digital culture, access to knowledge and culture, and the infrastructures that support our digital age

Improving Security and Performance in Low Latency Anonymous Networks

Conventional wisdom dictates that the level of anonymity offered by low latency anonymity networks increases as the user base grows. However, the most significant obstacle to increased adoption of such systems is that their security and performance properties are perceived to be weak. In an effort to help foster adoption, this dissertation aims to better understand and improve security, anonymity, and performance in low latency anonymous communication systems. To better understand the security and performance properties of a popular low latency anonymity network, we characterize Tor, focusing on its application protocol distribution, geopolitical client and router distributions, and performance. For instance, we observe that peer-to-peer file sharing protocols use an unfair portion of the network’s scarce bandwidth. To reduce the congestion produced by bulk downloaders in networks such as Tor, we design, implement, and analyze an anonymizing network tailored specifically for the BitTorrent peer-to-peer file sharing protocol. We next analyze Tor’s security and anonymity properties and empirically show that Tor is vulnerable to practical end-to-end traffic correlation attacks launched by relatively weak adversaries that inflate their bandwidth claims to attract traffic and thereby compromise key positions on clients’ paths. We also explore the security and performance trade-offs that revolve around path length design decisions and we show that shorter paths offer performance benefits and provide increased resilience to certain attacks. Finally, we discover a source of performance degradation in Tor that results from poor congestion and flow control. To improve Tor’s performance and grow its user base, we offer a fresh approach to congestion and flow control inspired by techniques from IP and ATM networks