Attacks on BitTorrent

Presented by Andrew Sprouse

Attacks on BitTorrent
y What is BitTorrent? y Why is it important? y How does BitTorrent work? y BitTorrent vulnerabilities y Current solutions y The future

Attacks on BitTorrent
y What is BitTorrent? y Why is it important? y How does BitTorrent work? y BitTorrent vulnerabilities y Current solutions y The future

What is BitTorrent?
y Created by Brahm Cohen in 2001 y A peer-to-peer file transfer protocol y Extremely popular today

Attacks on BitTorrent y What is BitTorrent? y Why is it important? y How does BitTorrent work? y BitTorrent vulnerabilities y Current solutions y The future .

.Why is it Important? y It is used by millions of file sharers across the globe. y Corporations and open source companies use it to save bandwidth.

Verizon and Time Warner. y This has raised concerns amongst ISPs such a Comcast. .Why is it Important? (cont¶d) y In 2004 CacheLogic determined BitTorrent was responsible for 35% of internet Traffic.

Attacks on BitTorrent y What is BitTorrent? y Why is it important? y How does BitTorrent work? y BitTorrent vulnerabilities y Current solutions y The future .

y Users each download different pieces from the original uploader (seed). y Users exchange the pieces with their peers to obtain the ones they are missing. y This process is organized by a centralized server called the Tracker. .BitTorrent Basics y Files are broken into pieces.

BitTorrent Protocol y 1. y Seeder ± A client sharing 100% of the shared file. . Seeder generates a torrent file y Uploads torrent to a web server.

. The seeder notifies the tracker that it is sharing the file described in the torrent file.BitTorrent Protocol y 2.

.BitTorrent Protocol y 3. A leecher downloads the torrent file from the web server y Leecher ± client downloading the shared file from the seeder.

.BitTorrent Protocol y The leecher connects to the tracker specified in the torrent file. y The tracker returns a list of other peers who are sharing the file.

BitTorrent Protocol y 5. The leecher connects to its peers to retrieve pieces of the files. .

torrent file. y Transfer-rate based y Clients periodically disconnect from clients to connect to new ones. y Called ³Optimistic Unchoking´ . y Clients use a tit-for-tat strategy for choosing peers to upload/download to/from.BitTorrent Client Details y Clients verify the each downloaded piece against a SHA-1 hash contained in the .

Attacks on BitTorrent y What is BitTorrent? y Why is it important? y How does BitTorrent work? y BitTorrent vulnerabilities y Current solutions y The future .

BitTorrent Vulnerabilities y BitTorrent is vulnerable to the following attacks: y Pollution Attack y DDOS Attack y Bandwidth Shaping .

BitTorrent Vulnerabilities y BitTorrent is vulnerable to the following attacks: y Pollution Attack y DDOS Attack y Bandwidth Shaping .

The peers receive the peer list from the tracker.Pollution Attack y 1. .

One peer contacts the attacker for a chunk of the file. .Pollution Attack y 2.

y This false chunk will fail its hash and will be discarded. .Pollution Attack y The attacker sends back a false chunk.

Pollution Attack y 4. Attacker requests all chunks from swarm and wastes their upload bandwidth. .

.Pollution Attack (cont¶d) y Pollution attack have become increasingly popular and have been used by anti-piracy groups y In 2005 HBO used pollution attacks to prevent people from downloading their show Rome.

BitTorrent Vulnerabilities y BitTorrent is vulnerable to the following attacks: y Pollution Attack y DDOS Attack y Bandwidth Shaping .

DDOS Attack y DDOS = Distributed denial of service y Based on the fact the BitTorrent Tracker has no mechanism for validating peers. y Uses modified client software .

DDOS Attack y 1. . The attacker downloads a large number of torrent files from a web server.

.DDOS Attack y 2. The attacker parses the torrent files with a modified BitTorrent client and spoofs his IP address and port number with the victims as he announces he is joining the swarm.

As the tracker receives requests for a list of participating peers from other clients it sends the victims IP and port number. .DDOS Attack y 3.

The peers then attempt to connect to the victim to try and download a chunk of the file.DDOS Attack y 4. .

BitTorrent Vulnerabilities y BitTorrent is vulnerable to the following attacks: y Pollution Attack y DDOS Attack y Bandwidth Shaping .

. y Unencrypted BitTorrent packets are easily identified and filtered.Bandwidth Shaping y Typically done by the BitTorrent user¶s ISP y Comcast has recently admitted to filtering BitTorrent traffic. y Sophisticated filtering software can detect BitTorrent like behavior.

Attacks on BitTorrent y What is BitTorrent? y Why is it important? y How does BitTorrent work? y BitTorrent vulnerabilities y Current solutions y The future .

Current Solutions: Bandwidth Shaping y Encryption y Most popular BitTorrent clients come with option to encrypt the packets they send. y Won¶t work against filters which profile behavior over network boundaries. y Fools unsophisticated filters which simply look at the contents of the packet. .

y Successfully bypasses filters. y However due to the peer-to-peer nature of BitTorrent. .Current Solutions: Bandwidth Shaping (cont¶d) y Tunneling y Using VPN software to connect to an unfiltered network. your peers must also be on an unfiltered network to take full advantage.

y Blocks connections from blacklisted IPs which are downloaded from an online database.Current Solutions: Pollution Attacks y Blacklisting y Achieved using software such as Peer Guardian or moBlock. .

Attacks on BitTorrent y What is BitTorrent? y Why is it important? y How does BitTorrent work? y BitTorrent vulnerabilities y Current solutions y The future .

y Through the use of a ³Trust Management System´ .The Future y There has been much research in the area of peer-topeer networking. y One of the most popular suggestions in recent research is the integration of the notion of trustworthiness.

y Currently BitTorrent's fairness system does not prevent free riders and malicious peers. y BitTorrent uses a Rate fairness ratio only no notion of trust. . y These scores will allow better selection of peers. Penalties are not in place for these "bad" users.Trust management y A trustworthiness score is assigned to each peer in the swarm.

An Example Trust Management System y Debit-Credit Reputation system a trust score for their peers uploaded y Each client calculates y Based on valid pieces y Tracker combines these individual scores to make a global score .

An Example Trust Management System (cont¶d) y Global trust managed by the tracker prevents clients from being dishonest. y Prevent DDOS attacks because the victim will earn a low trust score and be ignored. . y Solve the issue of pollution attacks by ignoring untrustworthy peers y Trust systems are more flexible than blacklisting because peers can earn back their trust through good behavior.

THE END .

neu.yahoo.com/041103/137/2ho4i.com/archives/2005/10/hbo_attacking _bittorrent.oreilly.org/beps/bep_0003.ccs.References y This presentation is based on research paper done for CSU645 co-written by Timothy Biron and Andrew Sprouse y http://www.html .html y http://radar.edu/home/als/termpaper.pdf y http://www.tech.html y http://in.bittorrent.

Master your semester with Scribd & The New York Times

Special offer for students: Only $4.99/month.

Master your semester with Scribd & The New York Times

Cancel anytime.