70 research outputs found
Harnessing the power of BitTorrent for distributed denial-of-service attacks
BitTorrent is a popular peer-to-peer (P2P) file-sharing protocol that utilizes a central server, known as a \u27tracker\u27, to coordinate connections between peers in a \u27swarm\u27, a term used to describe a Bit Torrent ad-hoc file sharing network. The tracker of a swarm is specified by the original file distributor and trusted unconditionally by peers in the swarm. This central point of control provides an opportunity for a file distributor to deploy a modified tracker to provide peers in a swarm with malicious coordination data, directing peer connection traffic toward an arbitrary target machine on an arbitrary service port. Although such an attack does not generate huge amount of attack traffic, it would set up many connections with the victim server successfully, which could cause serious denial-of-service by exhausting the victim server\u27s connection resource. In this paper, we present and demonstrate such an attack that is entirely tracker-based, requiring no modifications to Bit Torrent client software and could be deployed by an attacker right now. The results from both emulation and real-world experiments show the applicability of this attack. Due to the skyrocketing popularity of Bit Torrent and numerous large-scale swarms existed in the Internet, Bit Torrent swarms provide an intriguing platform for launching distributed denial-of-service (DDoS) attacks based on connection exhaustion. Copyright (C) 2010 John Wiley & Sons, Ltd
Systematizing Decentralization and Privacy: Lessons from 15 Years of Research and Deployments
Decentralized systems are a subset of distributed systems where multiple
authorities control different components and no authority is fully trusted by
all. This implies that any component in a decentralized system is potentially
adversarial. We revise fifteen years of research on decentralization and
privacy, and provide an overview of key systems, as well as key insights for
designers of future systems. We show that decentralized designs can enhance
privacy, integrity, and availability but also require careful trade-offs in
terms of system complexity, properties provided, and degree of
decentralization. These trade-offs need to be understood and navigated by
designers. We argue that a combination of insights from cryptography,
distributed systems, and mechanism design, aligned with the development of
adequate incentives, are necessary to build scalable and successful
privacy-preserving decentralized systems
Peer-to-Peer sÀkerhet
Arbetets omrÄde Àr Peer-to-Peer sÀkerhet och baserar sig pÄ litteraturstudier. Ett Peer-to-Peer nÀtverk Àr ett datornÀtverk av sammankopplade noder som inte följer klient-server modellen. Noderna i nÀtverket kan agera i alla roller, vilket leder till att noderna kan kommunicera direkt med varandra utan behov av en server. En enhet kan fritt ansluta sig till ett P2P-nÀtverket, detta gör nÀtverket mycket sÄrbart eftersom skadliga enheter kan vara svÄra att skilja frÄn vanliga enheter. Olika skyddsmekanismer kan anvÀndas för att skydda sig mot specifika attacker men oftast Àr det vÀldigt svÄrt att fullstÀndigt skydda sig eftersom ett P2P-nÀtverk oftast Àr öppet för vem som helst. Arbetet kommer ta upp vad P2P-sÀkerhet Àr, populÀra P2P attacker, hur man skyddar sig mot dessa attacker och hur man överlag skyddar sig pÄ internet. Materialet som anvÀnts Àr olika forskningspapper kring omrÄdet som presenterats pÄ olika tillfÀllen. Arbetet gÄr inte in pÄ hur alla P2P-nÀtverk Àr uppbyggda utan begrÀnsar sig till sÀkerhetsattackerna och hur man skyddar sig mot dem
- âŠ