Decentralizing indexing and bootstrapping for online applications

https://doi.org/10.1049/blc2.12001Abstract Peer-to-peer (P2P) networks utilize centralized entities (trackers) to assist peers in finding and exchanging information. Although modern P2P protocols are now trackerless and their function relies on distributed hash tables (DHTs), centralized entities are still needed to build file indices (indexing) and assist users in joining DHT swarms (bootstrapping). Although the functionality of these centralized entities are limited, every peer in the network is expected to trust them to function as expected (e.g. to correctly index new files). In this work, a new approach for designing and building decentralized online applications is proposed by introducing DIBDApp. The approach combines blockchain, smart contracts and BitTorrent for building up a combined technology that permits to create decentralized applications that do not require any assistance from centralized entities. DIBDApp is a software library composed of Ethereum smart contracts and an API to the BitTorrent protocol that fully decentralizes indexing, bootstrapping and file storing. DIBDApp enables any peer to seamlessly connect to the designed smart contracts via the Web3J protocol. Extensive experimentation on the Rinkeby Ethereum testnet shows that applications built using the DIBDApp library can perform the same operations as in traditional back-end architectures with a gas cost of a few USD cents.Peer reviewe

I Know Where You are and What You are Sharing: Exploiting P2P Communications to Invade Users' Privacy

In this paper, we show how to exploit real-time communication applications to determine the IP address of a targeted user. We focus our study on Skype, although other real-time communication applications may have similar privacy issues. We first design a scheme that calls an identified targeted user inconspicuously to find his IP address, which can be done even if he is behind a NAT. By calling the user periodically, we can then observe the mobility of the user. We show how to scale the scheme to observe the mobility patterns of tens of thousands of users. We also consider the linkability threat, in which the identified user is linked to his Internet usage. We illustrate this threat by combining Skype and BitTorrent to show that it is possible to determine the file-sharing usage of identified users. We devise a scheme based on the identification field of the IP datagrams to verify with high accuracy whether the identified user is participating in specific torrents. We conclude that any Internet user can leverage Skype, and potentially other real-time communication systems, to observe the mobility and file-sharing usage of tens of millions of identified users.Comment: This is the authors' version of the ACM/USENIX Internet Measurement Conference (IMC) 2011 pape

Game piracy activity vs. metacritic score

The practice of illegally copying and distributing digital games is at the heart of one of the most heated and divisive debates in the international games environment, with stakeholders typically viewing it as a very positive (pirates) or very negative (the industry, policy makers). Despite the substantial interest in game piracy, there is very little objective information available about its magnitude or its distribution across game titles and game genres. This paper presents a large-scale analysis of the illegal distribution of digital game titles, which was conducted by monitoring the BitTorrent peer-to-peer (P2P) file-sharing protocol. The sample includes 173 games and a collection period of three months from late 2010 to early 2011. A total of 12.6 million unique peers were identified, making this the largest examination of game piracy via P2P networks to date. The ten most pirated titles encompass 5.27 million aggregated unique peers alone. In addition to genre, review scores were found to be positively correlated with the logarithm of the number of unique peers per game (p<0.05)

Piracy Activity vs. Product Features in Digital Games

The practice of illegally copying and distributing digital games is at the heart of one of the most heated and divisive debates in the international games environment, with stakeholders typically viewing it as a very positive (pirates) or very negative (the industry, policy makers). Despite the substantial interest in game piracy, there is very little objective information available about its magnitude or its distribution across game titles and game genres. This paper presents a large-scale analysis of the illegal distribution of digital game titles, which was conducted by monitoring the BitTorrent peer-to-peer (P2P) file-sharing protocol. The sample includes 173 games and a collection period of three months from late 2010 to early 2011. With a total of 12.6 million unique peers identified, it is the largest examination of game piracy via P2P networks to date. Analysis of the data shows that games of the “Action” genre, which include the majority of major commercial AAA-level titles, comprise 45% of the unique peers in the dataset, although games from “Racing”, “Role-Playing Game” and “Simulation” genres have higher numbers of unique peers on average than “Action” games. The ten most pirated titles encompass 5.27 million aggregated unique peers alone. In addition to genre, review scores were found to be positively correlated with the logarithm of the number of unique peers per game (p<0.05)

Censura en BitTorrent

BitTorrent es, hoy en día, una de las redes P2P (Peer-to-Peer) de compartición de objetos más populares. Tiene millones de usuarios. BitTorrent proporciona un mecanismo eficiente para compartir objetos entre un gran número de clientes, incentivando a aquellos que descargan un objeto a compartirlo con el resto. Para obtener peers con los que intercambiar un objeto, las versiones más recientes de BitTorrent empiezan a incorporar el uso de un DHT (Distributed Hash Table). El DHT es un mecanismo para distribuir el almacenamiento de las listas de peers participantes en la distribución de un objeto entre todos los nodos participantes en la red P2P. BitTorrent tiene dos DHTs: Mainline DHT y Azureus DHT. Este proyecto se centra en el estudio de Mainline DHT. Concretamente, este proyecto se centra en el estudio de la generación, distribución y obtención de valores en Mainline DHT. En primer lugar, se presenta un análisis teórico de esta parte concreta del DHT y, posteriormente, se contrasta con el comportamiento real. Se identifican situaciones inesperadas y casos en los que el rendimiento del DHT se podría mejorar. Además, de acuerdo con el análisis que se presenta, hay situaciones en las que el DHT es vulnerable, haciendo posible: censura mediante la denegación a nodos del acceso al intercambio de un objeto, encaminamiento de tráfico a modo de ataque DDoS (Distributed Denial of Service) y un problema de escala-bilidad. Se han comprobado estos problemas experimentalmente y se incluye una documentación de los mismos. El análisis ha ayudado a diseñar algunos experimentos que muestran la robustez del DHT contra la censura y, por otro lado, un serio problema de escalabilidad. Para llevar a cabo los experimentos, se ha desarrollado una colección de herramientas que sirve para monitorizar aspectos concretos del DHT. Estas herramientas son Open Source de modo que se puedan utilizar y ampliar para llevar a cabo más experimentos

Empirical and Analytical Perspectives on the Robustness of Blockchain-related Peer-to-Peer Networks

Die Erfindung von Bitcoin hat ein großes Interesse an dezentralen Systemen geweckt. Eine häufige Zuschreibung an dezentrale Systeme ist dabei, dass eine Dezentralisierung automatisch zu einer höheren Sicherheit und Widerstandsfähigkeit gegenüber Angriffen führt. Diese Dissertation widmet sich dieser Zuschreibung, indem untersucht wird, ob dezentralisierte Anwendungen tatsächlich so robust sind. Dafür werden exemplarisch drei Systeme untersucht, die häufig als Komponenten in komplexen Blockchain-Anwendungen benutzt werden: Ethereum als Infrastruktur, IPFS zur verteilten Datenspeicherung und schließlich "Stablecoins" als Tokens mit Wertstabilität. Die Sicherheit und Robustheit dieser einzelnen Komponenten bestimmt maßgeblich die Sicherheit des Gesamtsystems in dem sie verwendet werden; darüber hinaus erlaubt der Fokus auf Komponenten Schlussfolgerungen über individuelle Anwendungen hinaus. Für die entsprechende Analyse bedient sich diese Arbeit einer empirisch motivierten, meist Netzwerklayer-basierten Perspektive -- angereichert mit einer ökonomischen im Kontext von Wertstabilen Tokens. Dieses empirische Verständnis ermöglicht es Aussagen über die inhärenten Eigenschaften der studierten Systeme zu treffen. Ein zentrales Ergebnis dieser Arbeit ist die Entdeckung und Demonstration einer "Eclipse-Attack" auf das Ethereum Overlay. Mittels eines solchen Angriffs kann ein Angreifer die Verbreitung von Transaktionen und Blöcken behindern und Netzwerkteilnehmer aus dem Overlay ausschließen. Des weiteren wird das IPFS-Netzwerk umfassend analysiert und kartografiert mithilfe (1) systematischer Crawls der DHT sowie (2) des Mitschneidens von Anfragenachrichten für Daten. Erkenntlich wird hierbei, dass die hybride Overlay-Struktur von IPFS Segen und Fluch zugleich ist, da das Gesamtsystem zwar robust gegen Angriffe ist, gleichzeitig aber eine umfassende Überwachung der Netzwerkteilnehmer ermöglicht wird. Im Rahmen der wertstabilen Kryptowährungen wird ein Klassifikations-Framework vorgestellt und auf aktuelle Entwicklungen im Gebiet der "Stablecoins" angewandt. Mit diesem Framework wird somit (1) der aktuelle Zustand der Stablecoin-Landschaft sortiert und (2) ein Mittel zur Verfügung gestellt, um auch zukünftige Designs einzuordnen und zu verstehen.The inception of Bitcoin has sparked a large interest in decentralized systems. In particular, popular narratives imply that decentralization automatically leads to a high security and resilience against attacks, even against powerful adversaries. In this thesis, we investigate whether these ascriptions are appropriate and if decentralized applications are as robust as they are made out to be. To this end, we exemplarily analyze three widely-used systems that function as building blocks for blockchain applications: Ethereum as basic infrastructure, IPFS for distributed storage and lastly "stablecoins" as tokens with a stable value. As reoccurring building blocks for decentralized applications these examples significantly determine the security and resilience of the overall application. Furthermore, focusing on these building blocks allows us to look past individual applications and focus on inherent systemic properties. The analysis is driven by a strong empirical, mostly network-layer based perspective; enriched with an economic point of view in the context of monetary stabilization. The resulting practical understanding allows us to delve into the systems' inherent properties. The fundamental results of this thesis include the demonstration of a network-layer Eclipse attack on the Ethereum overlay which can be leveraged to impede the delivery of transaction and blocks with dire consequences for applications built on top of Ethereum. Furthermore, we extensively map the IPFS network through (1) systematic crawling of its DHT, as well as (2) monitoring content requests. We show that while IPFS' hybrid overlay structure renders it quite robust against attacks, this virtue of the overlay is simultaneously a curse, as it allows for extensive monitoring of participating peers and the data they request. Lastly, we exchange the network-layer perspective for a mostly economic one in the context of monetary stabilization. We present a classification framework to (1) map out the stablecoin landscape and (2) provide means to pigeon-hole future system designs. With our work we not only scrutinize ascriptions attributed to decentral technologies; we also reached out to IPFS and Ethereum developers to discuss results and remedy potential attack vectors

El bloqueo de sitios web: ¿evolución o revolución? Diez años de aplicación de las leyes de derechos de autor entre particulares

L’observança de la legislació sobre drets d’autor entre particulars funciona de la mateixa manera a tota la UE? Des de la creació de Napster, la còpia domèstica d’arxius digitals ha emprès el vol. Els primers proveïdors de programari o d’infraestructures per a l’intercanvi il·legal d’arxius van ser considerats responsables subsidiaris o contributius d’una infracció de drets d’autor. Com a resposta, van diluir ràpidament la cadena de responsabilitats fins al punt que ni els productors de programari ni els proveïdors de serveis van poder ser considerats responsables. Baixant de nivell en la cadena de comunicació, els titulars de drets exigeixen ara que els proveïdors d’internet els facilitin l’accés als usuaris finals per a ajudar-los a fer complir els seus drets. Aquest article aborda la jurisprudència relativa a l’aplicació dels drets d’autor per part dels proveïdors d’internet d’arreu d’Europa. A primera vista, l’aplicació dels drets d’autor ha estat harmonitzada per mitjà d’una sèrie de directives, i l’article 8(3) de la Directiva de drets d’autor (2001/29/EC) estableix que els estats membres de la UE han de garantir la posició dels titulars de drets en relació amb els requeriments judicials contra els proveïdors d’internet. Problema resolt? Aquest article analitza la jurisprudència de Dinamarca, Irlanda, Bèlgica, Noruega, Anglaterra, Països Baixos, Àustria i el Tribunal de Justícia de la UE. A més, examina les pràctiques legals vigents a Alemanya. El període de temps cobert per la jurisprudència va del 2003 al 2013; la jurisprudència ajuda a entendre millor les diferències que encara subsisteixen després de la implantació de la directiva.Copyright enforcement by private third parties – does it work uniformly across the EU? Since the inception of Napster, home copying of digital files has taken flight. The first providers of software or infrastructure for the illegal exchange of files were held contributory or vicariously liable for copyright infringement. In response, they quickly diluted the chain of liability to such an extent that neither the software producers, nor the service providers could be held liable. Moving further down the communication chain, the rights holders are now requiring Internet Service Providers (ISPs) that provide access to end customers to help them with the enforcement of their rights. This article discusses case law regarding the enforcement of copyright by Internet Access Providers throughout Europe. At first glance, copyright enforcement has been harmonised by means of a number of directives, and article 8(3) of the Copyright Directive (2001/29/EC) regulates that EU Member States must ensure the position of rights holders with regard to injunctions against ISPs. Problem solved? Case law from Denmark, Ireland, Belgium, Norway, England, The Netherlands, Austria and the Court of Justice of the EU was studied. In addition, the legal practice in Germany was examined. The period of time covered by case law is from 2003 to 2013; the case law gives insight into the differences that still exist after implementation of the directive.¿Funciona del mismo modo en toda la UE la observancia de la legislación sobre derechos de autor entre particulares? Desde la creación de Napster, la copia doméstica de archivos digitales ha emprendido el vuelo. Los primeros proveedores de software o de infraestructuras para el intercambio ilegal de archivos fueron considerados responsables subsidiarios o contributivos de una infracción de derechos de autor. Como respuesta, diluyeron rápidamente la cadena de responsabilidades hasta el punto de que ni los productores de software ni los proveedores de servicios pudieron ser considerados responsables. Bajando de nivel en la cadena de comunicación, los titulares de derechos exigen ahora que los proveedores de internet les faciliten el acceso a los usuarios finales para ayudarles a hacer cumplir sus derechos. Este artículo aborda la jurisprudencia relativa a la aplicación de los derechos de autor por parte de los proveedores de internet de toda Europa. A primera vista, la aplicación de los derechos de autor ha sido armonizada por medio de una serie de directivas, y el artículo 8(3) de la Directiva de derechos de autor (2001/29/EC) establece que los estados miembros de la UE tienen que garantizar la posición de los titulares de derechos en relación con los requerimientos judiciales contra los proveedores de internet. ¿Problema resuelto? Este artículo analiza la jurisprudencia de Dinamarca, Irlanda, Bélgica, Noruega, Inglaterra, Países Bajos, Austria y el Tribunal de Justicia de la UE. Además, examina las prácticas legales vigentes en Alemania. El periodo de tiempo cubierto por la jurisprudencia va de 2003 a 2013; la jurisprudencia ayuda a entender mejor las diferencias que todavía subsisten después de la implantación de la directiva

Vulnérabilités de la DHT de BitTorrent & Identification des comportements malveillants dans KAD

Le présent délivrable présente les résultats des travaux menés durant les six premiers mois (T0+6) du projet GIS 3SGS ACDAP2P dont l'objectif est de proposer une architecture collaborative pour la détection d'attaques dans les réseaux pair à pair. Nous détaillons dans ce rapport nos travaux concernant l'identification des comportements malveillants affectant le réseaux KAD (tâche T2) ainsi que l'identification des vulnérabilités affectant la DHT du réseau BitTorrent (tâche T3) qui sont au coeur du projet ACDAP2P. Pour introduire nos travaux, nous présentons tout d'abord leur contexte ainsi qu'une taxonomie des différentes attaques pouvant affecter les DHT.. Notre première contribution montre à travers plusieurs expériences que des failles de sécurité permettent la réalisation d'attaques efficaces pouvant altérer le bon fonctionnement de la DHT de BitTorrent. En prenant pour cas d'étude le réseau P2P KAD, nous recensons ensuite les pairs suspects en utilisant deux approches de détection et montrons ainsi que des milliers de contenus du réseau sont attaqués durant nos mesures. Finalement, nous constatons l'éphémérité de certains attaquants dans le réseau