Stealing bandwidth from BitTorrent seeders

BitTorrent continues to comprise the largest fraction of Internet traffic. While significant progress has been made in understanding the BitTorrent choking mechanism, its security vulnerabilities have not been investigated thoroughly. This paper presents an experimental analysis of bandwidth attacks against different choking algorithms in the BitTorrent seed state. We reveal a simple exploit that allows malicious peers to receive a considerably higher download rate than contributing leechers, therefore introducing significant efficiency degradations for benign peers. We show the damage caused by the proposed attack in two different environments: a lab testbed comprising 32 peers and a PlanetLab testbed with 300 peers. Our results show that 3 malicious peers can degrade the download rate up to 414.99% for all peers. Combined with a Sybil attack that consists of as many attackers as leechers, it is possible to degrade the download rate by more than 1000%. We propose a novel choking algorithm which is immune against bandwidth attacks and a countermeasure against the revealed attack

Paradoxes of Property: Piracy and Sharing in Information Capitalism

All societies both suffer and benefit from levels of what is perceived as disorder, and the guiding principles of the society may be contradictory, or paradoxical, in that their ordering systems create disorder. Our aim in this text is explore the disorders and vagaries of property that seem essential to its continuance, construction and destruction, and then demonstrate how these paradoxes play out in the information economy in particular within the domain of peer-to-peer (P2P) file-sharing. We do not wish to reduce these paradoxes and contradictions to a temporary error or to a future ordered synthesis, but to take them as they are in all their splintered fury. Much contemporary social action stems from these incoherencies, and the disputes, displays of power, and innovations which circle around them. In the P2P field the disorder generated by the order of property provides opportunities for new productive and adaptive social and technical forms of life to emerge. By contrasting order and disorder we are not implying the necessary existence of a binary distinction between the two, or that those definitions of order and disorder will not change depending on the social position of the definers. Disorder is not always and everywhere the same. It resists definition, which adds to its effect

Covert Channel in the BitTorrent Tracker Protocol

Covert channels have the unique quality of masking evidence that a communication has ever occurred between two parties. For spies and terrorist cells, this quality can be the difference between life and death. However, even the detection of communications in a botnet could be troublesome for its creators. To evade detection and prevent insights into the size and members of a botnet, covert channels can be used. A botnet should rely on covert channels built on ubiquitous protocols to blend in with legitimate traffic. In this paper, we propose a covert channel built on the BitTorrent peer-to-peer protocol. In a simple application, this covert channel can be used to discretely and covertly send messages between two parties. However, this covert channel can also be used to stealthily distribute commands or the location of a command and control server for use in a botnet

Analysis of bandwidth attacks in a bittorrent swarm

The beginning of the 21st century saw a widely publicized lawsuit against Napster. This was the first Peer-to-Peer software that allowed its users to search for and share digital music with other users. At the height of its popularity, Napster boasted 80 million registered users. This marked the beginning of a Peer-to-Peer paradigm and the end of older methods of distributing cultural possessions. But Napster was not entirely rooted in a Peer-to-Peer paradigm. Only the download of a file was based on Peer-to-Peer interactions; the search process was still based on a central server. It was thus easy to shutdown Napster. Shortly after the shutdown, Bram Cohen developed a new Peer-to-Peer protocol called BitTorrent. The main principle behind BitTorrent is an incentive mechanism, called a choking algorithm, which rewards peers that share. Currently, BitTorrent is one of the most widely used protocols on the Internet. Therefore, it is important to investigate the security of this protocol. While significant progress has been made in understanding the Bit- Torrent choking mechanism, its security vulnerabilities have not yet been thoroughly investigated. This dissertation provides a security analysis of the Peer-to-Peer protocol BitTorrent on the application and transport layer. The dissertation begins with an experimental analysis of bandwidth attacks against different choking algorithms in the BitTorrent seed state. I reveal a simple exploit that allows malicious peers to receive a considerably higher download rate than contributing leechers, thereby causing a significant loss of efficiency for benign peers. I show the damage caused by the proposed attack in two different environments—a lab testbed comprised of 32 peers and a global testbed called PlanetLab with 300 peers. Our results show that three malicious peers can degrade the download rate by up to 414.99 % for all peers. Combined with a Sybil attack with as many attackers as leechers, it is possible to degrade the download rate by more than 1000 %. I propose a novel choking algorithm which is immune against bandwidth attacks and a countermeasure against the revealed attack. This thesis includes a security analysis of the transport layer. To make BitTorrent more Internet Service Provider friendly, BitTorrent Inc. invented the Micro Transport Protocol. It is based on User Datagram Protocol with a novel congestion control called Low Extra Delay Background Transport. This protocol assumes that the receiver always provides correct feedback, otherwise this deteriorates throughput or yields to corrupted data. I show through experimental evaluation, that a misbehaving Micro Transport Protocol receiver which is not interested in data integrity, can increase the bandwidth of the sender by up to five times. This can cause a congestion collapse and steal a large share of a victim’s bandwidth. I present three attacks, which increase bandwidth usage significantly. I have tested these attacks in real world environments and demonstrate their severity both in terms of the number of packets and total traffic generated. I also present a countermeasure for protecting against these attacks and evaluate the performance of this defensive strategy. In the last section, I demonstrate that the BitTorrent protocol family is vulnerable to Distributed Reflective Denial-of-Service attacks. Specifically, I show that an attacker can exploit BitTorrent protocols (Micro Transport Protocol, Distributed Hash Table, Message Stream Encryption and BitTorrent Sync to reflect and amplify traffic from Bit- Torrent peers to any target on the Internet. I validate the efficiency, robustness, and the difficulty of defence of the exposed BitTorrent vulnerabilities in a Peer-to-Peer lab testbed. I further substantiate lab results by crawling more than 2.1 million IP addresses over Mainline Distributed Hash Table and analyzing more than 10,000 BitTorrent handshakes. The experiments suggest that an attacker is able to exploit BitTorrent peers to amplify traffic by a factor of 50, and in the case of BitTorrent Sync 120. Additionally, I observe that the most popular BitTorrent clients are the most vulnerable ones

PariTorrent: seeding strategies

Uno dei protocolli peer-to-peer più diffusi ai nostri giorni è BitTorrent, di cui esistono numerose implementazioni. Il plugin Torrent sviluppato all'interno del progetto PariPari è un client BitTorrent scritto in Java che supporta molte delle funzionalità fornite dai client più comuni disponibili gratuitamente su Internet. In questa tesi discuteremo principalmente alcuni metodi che mirino ad ottimizzare l'efficienza dell'upload dei pezzi che compongono un .torrent, al fine di massimizzare l'utilizzo del canale di upload, riducendo così i tempi di download per i peer che stanno condividendo lo stesso file .torrent, penalizzando al contempo i peer malevoli (noti anche come free-rider) che non effettuano upload nella ret

Typhoid Mario: Video Game Piracy as Viral Vector and National Security Threat

Current academic and policy discussions regarding video game piracy focus on the economic losses inherent to copyright infringement. Unfortunately, this approach neglects the most significant implication of video game piracy: malware distribution. Copyright-motivated efforts to shut down file-sharing sites do little to reduce piracy and actually increase viral malware infection. Pirated video games are an ideal delivery device for malware, as users routinely launch unverified programs and forego virus detection. The illicit nature of the transaction forces users to rely almost entirely on the reputation of websites, uploaders, and other users to determine if a file is safe to download. In spite of this, stakeholders continue to push for ineffectual anti-infringement actions that destroy this reputational infrastructure. Scholars and policymakers have not made a case for utility by considering only first-stage economic incentives to create content. In addition to the economic consequences, malware must be taken seriously as a threat to infrastructure and national security, especially in light of Russia’s efforts to infect machines to influence and delegitimize elections. Accordingly, this Article proposes that we adopt a harm reduction philosophy that both dissuades piracy and decreases the malware risk attendant to ongoing piracy

Incentive-driven QoS in peer-to-peer overlays

A well known problem in peer-to-peer overlays is that no single entity has control over the software, hardware and configuration of peers. Thus, each peer can selfishly adapt its behaviour to maximise its benefit from the overlay. This thesis is concerned with the modelling and design of incentive mechanisms for QoS-overlays: resource allocation protocols that provide strategic peers with participation incentives, while at the same time optimising the performance of the peer-to-peer distribution overlay. The contributions of this thesis are as follows. First, we present PledgeRoute, a novel contribution accounting system that can be used, along with a set of reciprocity policies, as an incentive mechanism to encourage peers to contribute resources even when users are not actively consuming overlay services. This mechanism uses a decentralised credit network, is resilient to sybil attacks, and allows peers to achieve time and space deferred contribution reciprocity. Then, we present a novel, QoS-aware resource allocation model based on Vickrey auctions that uses PledgeRoute as a substrate. It acts as an incentive mechanism by providing efficient overlay construction, while at the same time allocating increasing service quality to those peers that contribute more to the network. The model is then applied to lagsensitive chunk swarming, and some of its properties are explored for different peer delay distributions. When considering QoS overlays deployed over the best-effort Internet, the quality received by a client cannot be adjudicated completely to either its serving peer or the intervening network between them. By drawing parallels between this situation and well-known hidden action situations in microeconomics, we propose a novel scheme to ensure adherence to advertised QoS levels. We then apply it to delay-sensitive chunk distribution overlays and present the optimal contract payments required, along with a method for QoS contract enforcement through reciprocative strategies. We also present a probabilistic model for application-layer delay as a function of the prevailing network conditions. Finally, we address the incentives of managed overlays, and the prediction of their behaviour. We propose two novel models of multihoming managed overlay incentives in which overlays can freely allocate their traffic flows between different ISPs. One is obtained by optimising an overlay utility function with desired properties, while the other is designed for data-driven least-squares fitting of the cross elasticity of demand. This last model is then used to solve for ISP profit maximisation

A DISPERSÃO DE DADOS COMO CRITÉRIO PARA A POLÍTICA DE SELEÇÃO DE PEERS EM UMA REDE BITTORRENT PARA STREAMING SOB DEMANDA INTERATIVO

Este artigo analisa o impacto da dispersão de dados na política de seleção de peers de uma rede BitTorrent utilizada para o serviço de streaming sob demanda interativo. Para tanto, a política original de seleção de peers do protocolo BitTorrent é modificada com o intuito de priorizar aqueles peers que menos introduzem dispersão. Em seguida, através de simulações em cenários reais de distribuição de conteúdo multimídia, a qualidade de serviço do sistema é avaliada usando diferentes métricas de desempenho. Comparado ao sistema tradicional, os resultados finais permitem conjecturar que a dispersão de dados é um importante critério a ser considerado para a seleção de peers em virtude da otimização de serviço que foi possível observar. Por exemplo, houve registro de reduções de até 34% com relação ao número de pedaços perdidos pelos clientes durante sessões de transferências de dados multimídia. Ante o exposto, a principal contribuição deste artigo é a possibilidade de implementação de protocolos de streaming sob demanda mais eficientes usando o critério da dispersão de dados