An FPGA-Based System for Tracking Digital Information Transmitted Via Peer-to-Peer Protocols

This paper presents a Field Programmable Gate Array (FPGA)-based tool designed to process file transfers using the BitTorrent Peer-to-Peer (P2P) protocol and VoIP phone calls made using the Session Initiation Protocol (SIP). The tool searches selected control messages in real time and compares the unique identifier of the shared file or phone number against a list of known contraband files or phone numbers. Results show the FPGA tool processes P2P packets of interest 92% faster than a software-only configuration and is 97.6% accurate at capturing and processing messages at a traffic load of 89.6 Mbps

An FPGA-Based System for Tracking Digital Information Transmitted via Peer-to-Peer Protocols

This thesis addresses the problem of identifying and tracking digital information that is shared using peer-to-peer file transfer and Voice over IP (VoIP) protocols. The goal of the research is to develop a system for detecting and tracking the illicit dissemination of sensitive government information using file sharing applications within a target network, and tracking terrorist cells or criminal organizations that are covertly communicating using VoIP applications. A digital forensic tool is developed using an FPGA-based embedded software application. The tool is designed to process file transfers using the BitTorrent peer-to-peer protocol and VoIP phone calls made using the Session Initiation Protocol (SIP). The tool searches a network for selected peer-to-peer control messages using payload analysis and compares the unique identifier of the file being shared or phone number being used against a list of known contraband files or phone numbers. If the identifier is found on the list, the control packet is added to a log file for later forensic analysis. Results show that the FPGA tool processes peer-to-peer packets of interest 92% faster than a software-only configuration and is 99.0% accurate at capturing and processing BitTorrent Handshake messages under a network traffic load of at least 89.6 Mbps. When SIP is added to the system, the probability of intercept for BitTorrent Handshake messages remains at 99.0% and the probability of intercept for SIP control packets is 97.6% under a network traffic load of at least 89.6 Mbps, demonstrating that the tool can be expanded to process additional peer-to-peer protocols with minimal impact on overall performance

Performance Evaluation of a Field Programmable Gate Array-Based System for Detecting and Tracking Peer-to-Peer Protocols on a Gigabit Ethernet Network

Recent years have seen a massive increase in illegal, suspicious, and malicious traffic traversing government and military computer networks. Some examples include illegal file distribution and disclosure of sensitive information using the BitTorrent file sharing protocol, criminals and terrorists using Voice over Internet Protocol (VoIP) technologies to communicate, and foreign entities exfiltrating sensitive data from government, military, and Department of Defense contractor networks. As a result of these growing threats, the TRacking and Analysis for Peer-to-Peer (TRAPP) system was developed in 2008 to detect BitTorrent and VoIP traffic of interest. The TRAPP system, designed on a Xilinx Virtex-II Pro Field Programmable Gate Array (FPGA) proved valuable and effective in detecting traffic of interest on a 100 Mbps network. Using concepts and technology developed for the TRAPP system, the TRAPP-2 system is developed on a Xilinx ML510 FPGA. The goals of this research are to evaluate the performance of the TRAPP-2 system as a solution to detect and track malicious packets traversing a gigabit Ethernet network. The TRAPP-2 system detects a BitTorrent, Session Initiation Protocol (SIP), or Domain Name System (DNS) packet, extracts the payload, compares the data against a hash list, and if the packet is suspicious, logs the entire packet for future analysis. Results show that the TRAPP-2 system captures 95.56% of BitTorrent, 20.78% of SIP INVITE, 37.11% of SIP BYE, and 91.89% of DNS packets of interest while under a 93.7% network utilization (937 Mbps). For another experiment, the contraband hash list size is increased from 1,000 to 131,072,000 unique items. The experiment reveals that each doubling of the hash list size results in a mean increase of approximately 16 central processing unit cycles. These results demonstrate the TRAPP-2 system’s ability to detect traffic of interest under a saturated network utilization while maintaining large contraband hash lists

The control, resistance, and evolution of digital artifacts: a materialist study of internet culture

My goal is to demonstrate that a coevolutionary relationship exists between decentralized networks over which digital media are used and the control mechanisms placed on those networks and digital media. The resisting digital media and the control mechanisms placed on them push each other toward further decentralization. The aspects of a network that are externally controlled tend to decentralize to evade capture, and the control mechanisms tend to also use decentralized strategies so that they may better control decentralized networks. Using the interdisciplinary terminology of Gilles Deleuze and Felix Guattari, and other critical theorists, I investigate the movements of files on computer networks. By analyzing examples of digital artifacts that were distributed in a decentralized way in response to pressure placed on them by intellectual property enforcing institutions, I show that digital artifacts can respond to selection pressures in a way similar to evolution. I also examine the decentralized control strategies that attempt to regulate the spread of digital artifacts that contain elements that have been marked as intellectual property. I conclude that control and resistance do push each other toward decentralization

Air Force Institute of Technology Research Report 2009

This report summarizes the research activities of the Air Force Institute of Technology’s Graduate School of Engineering and Management. It describes research interests and faculty expertise; lists student theses/dissertations; identifies research sponsors and contributions; and outlines the procedures for contacting the school. Included in the report are: faculty publications, conference presentations, consultations, and funded research projects. Research was conducted in the areas of Aeronautical and Astronautical Engineering, Electrical Engineering and Electro-Optics, Computer Engineering and Computer Science, Systems and Engineering Management, Operational Sciences, Mathematics, Statistics and Engineering Physics

Internet Daemons: Digital Communications Possessed

We’re used to talking about how tech giants like Google, Facebook, and Amazon rule the internet, but what about daemons? Ubiquitous programs that have colonized the Net’s infrastructure—as well as the devices we use to access it—daemons are little known. Fenwick McKelvey weaves together history, theory, and policy to give a full account of where daemons come from and how they influence our lives—including their role in hot-button issues like network neutrality. Going back to Victorian times and the popular thought experiment Maxwell’s Demon, McKelvey charts how daemons evolved from concept to reality, eventually blossoming into the pandaemonium of code-based creatures that today orchestrates our internet. Digging into real-life examples like sluggish connection speeds, Comcast’s efforts to control peer-to-peer networking, and Pirate Bay’s attempts to elude daemonic control (and skirt copyright), McKelvey shows how daemons have been central to the internet, greatly influencing everyday users. Internet Daemons asks important questions about how much control is being handed over to these automated, autonomous programs, and the consequences for transparency and oversight. Table of Contents Abbreviations and Technical Terms Introduction 1. The Devil We Know: Maxwell’s Demon, Cyborg Sciences, and Flow Control 2. Possessing Infrastructure: Nonsynchronous Communication, IMPs, and Optimization 3. IMPs, OLIVERs, and Gateways: Internetworking before the Internet 4. Pandaemonium: The Internet as Daemons 5. Suffering from Buffering? Affects of Flow Control 6. The Disoptimized: The Ambiguous Tactics of the Pirate Bay 7. A Crescendo of Online Interactive Debugging? Gamers, Publics and Daemons Conclusion Acknowledgments Appendix: Internet Measurement and Mediators Notes Bibliography Index Reviews Beneath social media, beneath search, Internet Daemons reveals another layer of algorithms: deeper, burrowed into information networks. Fenwick McKelvey is the best kind of intellectual spelunker, taking us deep into the infrastructure and shining his light on these obscure but vital mechanisms. What he has delivered is a precise and provocative rethinking of how to conceive of power in and among networks. —Tarleton Gillespie, author of Custodians of the Internet Internet Daemons is an original and important contribution to the field of digital media studies. Fenwick McKelvey extensively maps and analyzes how daemons influence data exchanges across Internet infrastructures. This study insightfully demonstrates how daemons are transformative entities that enable particular ways of transferring information and connecting up communication, with significant social and political consequences. —Jennifer Gabrys, author of Program Eart