Harnessing the power of BitTorrent for distributed denial-of-service attacks

BitTorrent is a popular peer-to-peer (P2P) file-sharing protocol that utilizes a central server, known as a \u27tracker\u27, to coordinate connections between peers in a \u27swarm\u27, a term used to describe a Bit Torrent ad-hoc file sharing network. The tracker of a swarm is specified by the original file distributor and trusted unconditionally by peers in the swarm. This central point of control provides an opportunity for a file distributor to deploy a modified tracker to provide peers in a swarm with malicious coordination data, directing peer connection traffic toward an arbitrary target machine on an arbitrary service port. Although such an attack does not generate huge amount of attack traffic, it would set up many connections with the victim server successfully, which could cause serious denial-of-service by exhausting the victim server\u27s connection resource. In this paper, we present and demonstrate such an attack that is entirely tracker-based, requiring no modifications to Bit Torrent client software and could be deployed by an attacker right now. The results from both emulation and real-world experiments show the applicability of this attack. Due to the skyrocketing popularity of Bit Torrent and numerous large-scale swarms existed in the Internet, Bit Torrent swarms provide an intriguing platform for launching distributed denial-of-service (DDoS) attacks based on connection exhaustion. Copyright (C) 2010 John Wiley & Sons, Ltd

Systematizing Decentralization and Privacy: Lessons from 15 Years of Research and Deployments

Decentralized systems are a subset of distributed systems where multiple authorities control different components and no authority is fully trusted by all. This implies that any component in a decentralized system is potentially adversarial. We revise fifteen years of research on decentralization and privacy, and provide an overview of key systems, as well as key insights for designers of future systems. We show that decentralized designs can enhance privacy, integrity, and availability but also require careful trade-offs in terms of system complexity, properties provided, and degree of decentralization. These trade-offs need to be understood and navigated by designers. We argue that a combination of insights from cryptography, distributed systems, and mechanism design, aligned with the development of adequate incentives, are necessary to build scalable and successful privacy-preserving decentralized systems

Peer-to-Peer säkerhet

Arbetets område är Peer-to-Peer säkerhet och baserar sig på litteraturstudier. Ett Peer-to-Peer nätverk är ett datornätverk av sammankopplade noder som inte följer klient-server modellen. Noderna i nätverket kan agera i alla roller, vilket leder till att noderna kan kommunicera direkt med varandra utan behov av en server. En enhet kan fritt ansluta sig till ett P2P-nätverket, detta gör nätverket mycket sårbart eftersom skadliga enheter kan vara svåra att skilja från vanliga enheter. Olika skyddsmekanismer kan användas för att skydda sig mot specifika attacker men oftast är det väldigt svårt att fullständigt skydda sig eftersom ett P2P-nätverk oftast är öppet för vem som helst. Arbetet kommer ta upp vad P2P-säkerhet är, populära P2P attacker, hur man skyddar sig mot dessa attacker och hur man överlag skyddar sig på internet. Materialet som använts är olika forskningspapper kring området som presenterats på olika tillfällen. Arbetet går inte in på hur alla P2P-nätverk är uppbyggda utan begränsar sig till säkerhetsattackerna och hur man skyddar sig mot dem