DOCSLIB.ORG

P2P File-Sharing in Hell: Exploiting Bittorrent Vulnerabilities to Launch Distributed Reflective Dos Attacks

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
P2P File-Sharing in Hell: Exploiting Bittorrent Vulnerabilities to Launch Distributed Reflective Dos Attacks P2P File-Sharing in Hell: Exploiting BitTorrent Vulnerabilities to Launch Distributed Reflective DoS Attacks Florian Adamsky Syed Ali Khayam Rudolf Jäger City University London PLUMgrid Inc. THM Friedberg [email protected] [email protected] [email protected] Muttukrishnan Rajarajan City University London [email protected] Abstract what they received from the attacker—i.e. the reflectors act as amplifiers. In this paper, we demonstrate that the BitTorrent proto- The impact of a DRDoS attack is proportional to the col family is vulnerable to distributed reflective denial- adoption of the protocol that it is exploiting, as wide of-service (DRDoS) attacks. Specifically, we show adoption makes it easier to find and scale-out the ampli- that an attacker can exploit BitTorrent protocols (Mi- fier population. The two attacks mentioned above were cro Transport Protocol (uTP) [32], Distributed Hash Ta- particularly devastating because they exploited DNS and ble (DHT) [30], Message Stream Encryption (MSE) [8]) NTP, both of which are widely-used protocols in the In- and BitTorrent Sync (BTSync) [6] to reflect and amplify ternet today. traffic from peers. We validate the efficiency, robustness In this paper, we show that BitTorrent, one of the most and evadability of the exposed BitTorrent vulnerabilities popular P2P file sharing protocols2, can also be exploited in a P2P lab testbed. We further substantiate the lab to launch DRDoS attacks. BitTorrent and BTSync make results by crawling more than 2.1 million IP addresses use of UDP protocols. Since these protocols do not in- over Mainline DHT (MLDHT) and analyzing more than clude mechanisms to prevent IP source address spoofing, 10,000 BitTorrent handshakes. Our experiments reveal an attacker can use peer-discovery techniques like track- that an attacker is able to exploit BitTorrent peers to am- ers, DHT or Peer Exchange (PEX) [7] to collect millions plify the traffic up to a factor of 50 times and in case of of possible amplifiers. BTSync up to 120 times. Additionally, we observe that We use the following three criteria to understand the the most popular BitTorrent clients are the most vulnera- impact of the vulnerabilities exposed in this work: ble ones. 1. Efficiency: defined in terms of Bandwidth Amplifi- 1 Introduction cation Factor (BAF) [39] and ease of amplifier iden- tification; DDoS attacks continue to become increasingly devastat- 2. Robustness: defined in terms of attack resilience un- ing, despite widespread adoption of mechanisms to cir- der amplifier churn; and cumvent IP spoofing1. In 2013, CloudFlare registered a DDoS bandwidth record by an attack which gener- 3. Evadability: in terms of difficulty of attack circum- ated nearly 300 Gbps traffic [36]. A year later, a new vention (at amplifiers and victims) and ease of eva- record was established by a DDoS attack that generated sion. 400 Gbps [37]. Both these record-setting attacks be- longed to a category of DoS attacks where the attacker We evaluate the detected vulnerabilities on the above does not send traffic directly to the victim; traffic is in- criteria. Experiments are first performed on a custom stead sent to reflectors (with spoofed source IP of the vic- testbed with 33 peers. We further substantiate our find- tim) which in turn flood the victim with responses. Such ings by crawling 2.1 million IP addresses over MLDHT a DRDoS attack becomes particularly potent if the re- and analyzing more than 10,000 BitTorrent handshakes. flectors send higher volumes of traffic to the victim than Our experiments demonstrate that BitTorrent has a bandwidth amplification factor (BAF) of 50 times and 1According to the Spoofer project [9], more than 70 % of the pub- lic networks implement BCP 38 [18] to circumvent IP source address 2According to some recent measurements, BitTorrent comprises spoofing. 3.35 % of the worldwide bandwidth [35]. 1 Internet-wide scanning tools like ZMap [17] can help to PA identify possible amplifiers. The speed and ease of iden- B BA V tifying new amplifier is fundamentally important to all the criteria (attack efficiency, robustness under amplifier BV churn, and evadability at amplifiers and victims) that we BA PA PA PV used as a efficacy benchmark throughout this paper. After the attacker has identified amplifiers, PA initi- B BV A ates the attack by sending small packets BA to the am- plifiers PA. Instead of using its own socket address, the attacker spoofs the address in the packet BA from the vic- PA tim PV . The amplifiers respond to the victim PV with a larger packet BV . This type of attack has several advan- Attacker Amplifiers Victim tages: • the attacker hides his own identity, since the attacks Figure 1: Schematic diagram of the threat model of a uses IP spoofing (evadability advantage); DRDoS attack. • it can be initiated by a single computer, but results in a distributed attack (efficiency advantage); and in case of BTSync up to 120 times. Moreover, we ob- serve that the most widely-used BitTorrent clients like • the amplifiers send a larger packet to the victim uTorrent, Mainline and Vuze are also the most vulner- and therefore increase the impact of the attack (effi- able ones. We also show that a possible attack is quite ciency advantage). robust under amplifier churn as the BitTorrent protocol The ratio of the smaller and larger packet is known as is widely-adopted and new amplifiers can be discovered BAF [39]: quite quickly using standard peer discovery mechanisms. Finally, we show that due to its use of dynamic port jB j ranges and encryption during handshake (in terms of BAF = v ; (1) jB j MSE), a DRDoS attack that exploits BitTorrent cannot a be detected using a standard firewall, and would instead where the payload to the victim is denoted as jBvj and the require Deep Packet Inspection (DPI) to be detected. amplified payload from the victim as jBaj. For instance, a BAF of 5 times means, that an attacker with 1 Gbps upload capacity can send 5 Gbps of traffic to the victim. 2 Background Similar to BAF, a Packet Amplification Factor (PAF) is defined as the ratio of the number of packets sent from In this section, we provide a brief overview of DRDoS the amplifier to the victim and the number of packets sent attacks and the BitTorrent protocol family. While dis- from the attacker to the amplifier. cussing BitTorrent, we highlight the vulnerabilities that can be exploited. 2.2 BitTorrent Protocol Family 2.1 Distributed Reflective Denial-of- In this section, we first introduce the BitTorrent termi- Service (DRDoS) Attacks nology which we used throughout this paper. We then briefly discuss the different protocols. An attacker which initiates a DRDoS does not send the traffic directly to the victim; instead he/she sends it to Node: A physical or virtual machine with an IP stack. amplifiers which reflect the traffic to the victim. The at- tacker does this by exploiting network protocols which Peer: A node that runs a BitTorrent client. are vulnerable to IP spoofing. A DRDoS attack results in Swarm: All the peers sharing a torrent. a distributed attack which can be initiated by one or mul- tiple attacker nodes. Figure 1 outlines the threat model Torrent: A file that contains metadata about the BitTor- of a DRDoS attack. rent swarm and the distributed files. The attacker PA in Figure 1 needs to identify am- plifiers before initiating the attack. This step is depen- Info-hash: SHA-1 hash (160 bit) from the .torrent file dent on the protocol which the attacker wants to exploit. which identifies a swarm. 2 Peer-id: Unique ID which identifies a single peer which Initiator Receiver is chosen at random. SYN_SENT ST_SYN Seeder: A peer that has downloaded the complete con- CONNECTED tent and shares it with other peers. ST_STATE Leecher: A peer which is downloading content of the CONNECTED torrent. connection established BitTorrent is the most commonly-used P2P protocol Figure 2: Two-way handshake to initiate a connection 3 of the world today . The novelty of this protocol is, that between two uTP nodes. The text on the outer edge re- it provides solutions for the free riding problem [11] and flects the state of the protocol. the last piece problem [23]. To overcome the first prob- lem, BitTorrent uses an incentive mechanism called the choking algorithm [13] which results in a tit-for-tat-ish measurements. If the difference between the measure- way of sharing. BitTorrent solves the second problem by ments increases, the sender automatically throttles back. introducing the rarest piece first algorithm [28]. uTP [32] adopts a few ideas from TCP. It controls the Similar to all P2P systems, BitTorrent also has to over- flow with a sliding window, verifies data integrity with come the bootstrapping problem: how can a new peer sequence numbers and initiates a connection with a hand- join the network when there is no central contact point? shake. Unlike TCP, uTP uses a two-way handshake in- The original BitTorrent specification introduces the con- stead of a three-way handshake. Figure 2 depicts the cept of a tracker, which is a server that registers all par- message flow to establish a connection between two uTP ticipating peers. Before a newly-joined peer can partic- nodes. ipate, it requests the tracker for contact information of It can be seen that the initiator sends a ST_SYN packet other peers. to the receiver to initiate a connection. This is similar to Over time, a number of extensions to the BitTorrent the SYN packet in TCP. The receiver acknowledges the protocol have been proposed to avoid a central (tracker) ST_SYN packet with a ST_STATE packet.
Load more

Recommended publications
  • Analysis of Bittorrent Protocol and Its Effect on the Network ENSC 427: Final Project Report Spring 2011
    SIMON FRASER UNIVERSITY Analysis of BitTorrent Protocol and Its Effect on the Network ENSC 427: Final Project Report Spring 2011 Group 11 www.sfu.ca/~kna5/ensc427 Ken Kyoungwoo Nam 301046747 Kna5 @sfu.ca Yu Jie Xu 301083552 Xya14 @ sfu.ca Abstract The first version of the peer-to-peer file sharing protocol was invented in 1999, called Napster protocol. From then on, the application of peer-to-peer protocol has been widely spread in the internet. The advantage of the network with p2p protocol is that it needs much less server bandwidth compare to the basic client and server network. Moreover, in the p2p network, the client itself is the server, so they can communicate with each other without the central sever. Nowadays, there are two primary peer-to-peer file sharing protocol that dominate in the network: the Gnutella protocol and BitTorrent Protocol. In our project, we will focus on BitTorrent Protocol. To do this, we will create three different networks in OPNET, and investigate the network performance with and without BitTorrent nodes. 2 Table of contents 1. Introduction…………..……………………………………………………………......4 2. Theory……………...………………………………………………………………......4 2.1 Terminology and Definition…………………………………………………......5 2.2 Peer-to-Peer Protocol…………………………………………………………….5 2.3 BitTorrent Protocol………………………………………………………………6 2.4 BitTorrent Tracker………………………………………………………………7 2.5 Rarest Algorithm…………………………………………………………………8 2.6 Choke Algorithm…………………………………………………………………9 3. Implementation…...…………………………………………………………..……...10 3.1 Packet Formats………………………………………………………………….11 3.2 Normal Client and Server Node Models………………………………………11 3.3 Plain Peer-to-Peer Node Model……………………………………..…………12 3.4 BitTorrent Node Model……………………………………………………...…13 3.5 Building the Small Network……………………………………………………14 3.6 Building the Large Network…………………………………………………...15 4.
    [Show full text]
  • Uila Supported Apps
    Uila Supported Applications and Protocols updated Oct 2020 Application/Protocol Name Full Description 01net.com 01net website, a French high-tech news site. 050 plus is a Japanese embedded smartphone application dedicated to 050 plus audio-conferencing. 0zz0.com 0zz0 is an online solution to store, send and share files 10050.net China Railcom group web portal. This protocol plug-in classifies the http traffic to the host 10086.cn. It also 10086.cn classifies the ssl traffic to the Common Name 10086.cn. 104.com Web site dedicated to job research. 1111.com.tw Website dedicated to job research in Taiwan. 114la.com Chinese web portal operated by YLMF Computer Technology Co. Chinese cloud storing system of the 115 website. It is operated by YLMF 115.com Computer Technology Co. 118114.cn Chinese booking and reservation portal. 11st.co.kr Korean shopping website 11st. It is operated by SK Planet Co. 1337x.org Bittorrent tracker search engine 139mail 139mail is a chinese webmail powered by China Mobile. 15min.lt Lithuanian news portal Chinese web portal 163. It is operated by NetEase, a company which 163.com pioneered the development of Internet in China. 17173.com Website distributing Chinese games. 17u.com Chinese online travel booking website. 20 minutes is a free, daily newspaper available in France, Spain and 20minutes Switzerland. This plugin classifies websites. 24h.com.vn Vietnamese news portal 24ora.com Aruban news portal 24sata.hr Croatian news portal 24SevenOffice 24SevenOffice is a web-based Enterprise resource planning (ERP) systems. 24ur.com Slovenian news portal 2ch.net Japanese adult videos web site 2Shared 2shared is an online space for sharing and storage.
    [Show full text]
  • What Is Peer-To-Peer File Transfer? Bandwidth It Can Use
    sharing, with no cap on the amount of commonly used to trade copyrighted music What is Peer-to-Peer file transfer? bandwidth it can use. Thus, a single NSF PC and software. connected to NSF’s LAN with a standard The Recording Industry Association of A peer-to-peer, or “P2P,” file transfer 100Mbps network card could, with KaZaA’s America tracks users of this software and has service allows the user to share computer files default settings, conceivably saturate NSF’s begun initiating lawsuits against individuals through the Internet. Examples of P2P T3 (45Mbps) internet connection. who use P2P systems to steal copyrighted services include KaZaA, Grokster, Gnutella, The KaZaA software assesses the quality of material or to provide copyrighted software to Morpheus, and BearShare. the PC’s internet connection and designates others to download freely. These services are set up to allow users to computers with high-speed connections as search for and download files to their “Supernodes,” meaning that they provide a How does use of these services computers, and to enable users to make files hub between various users, a source of available for others to download from their information about files available on other create security issues at NSF? computers. users’ PCs. This uses much more of the When configuring these services, it is computer’s resources, including bandwidth possible to designate as “shared” not only the and processing capability. How do these services function? one folder KaZaA sets up by default, but also The free version of KaZaA is supported by the entire contents of the user’s computer as Peer to peer file transfer services are highly advertising, which appears on the user well as any NSF network drives to which the decentralized, creating a network of linked interface of the program and also causes pop- user has access, to be searchable and users.
    [Show full text]
  • Compsci 514: Computer Networks Lecture 13: Distributed Hash Table
    CompSci 514: Computer Networks Lecture 13: Distributed Hash Table Xiaowei Yang Overview • What problems do DHTs solve? • How are DHTs implemented? Background • A hash table is a data structure that stores (key, object) pairs. • Key is mapped to a table index via a hash function for fast lookup. • Content distribution networks – Given an URL, returns the object Example of a Hash table: a web cache http://www.cnn.com0 Page content http://www.nytimes.com ……. 1 http://www.slashdot.org ….. … 2 … … … • Client requests http://www.cnn.com • Web cache returns the page content located at the 1st entry of the table. DHT: why? • If the number of objects is large, it is impossible for any single node to store it. • Solution: distributed hash tables. – Split one large hash table into smaller tables and distribute them to multiple nodes DHT K V K V K V K V A content distribution network • A single provider that manages multiple replicas. • A client obtains content from a close replica. Basic function of DHT • DHT is a virtual hash table – Input: a key – Output: a data item • Data Items are stored by a network of nodes. • DHT abstraction – Input: a key – Output: the node that stores the key • Applications handle key and data item association. DHT: a visual example K V K V (K1, V1) K V K V K V Insert (K1, V1) DHT: a visual example K V K V (K1, V1) K V K V K V Retrieve K1 Desired properties of DHT • Scalability: each node does not keep much state • Performance: look up latency is small • Load balancing: no node is overloaded with a large amount of state • Dynamic reconfiguration: when nodes join and leave, the amount of state moved from nodes to nodes is small.
    [Show full text]
  • Cisco SCA BB Protocol Reference Guide
    Cisco Service Control Application for Broadband Protocol Reference Guide Protocol Pack #60 August 02, 2018 Cisco Systems, Inc. www.cisco.com Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco website at www.cisco.com/go/offices. THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS. THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY. The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California. NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
    [Show full text]
  • ஜ Torrent Is Not Seeding ஜ Скачать: Torrent Is Not Seeding
    ▬▬▬▬▬▬▬ஜ Torrent is not seeding ஜ▬▬▬▬▬▬▬ Скачать: ➤ Torrent is not seeding Download: ➤ Torrent is not seeding ▬▬▬▬▬▬▬ஜ Torrent is not seeding ஜ▬▬▬▬▬▬▬ . Torrent is not seeding We are a thriving community dedicated to helping users old and new understand and use torrents. I think is stable enough. A peer or downloader becomes a seed when it starts uploading the already downloaded content for other peers to download from. Do not send - not taken into account. Please check the Accepted clients list. When it completes you switch to a torrent is not seeding and dedicate that stream to simply uploading. My upload speed limit should be all I need instead of limiting upload slots. Then add the port you selected in step 5. Torrent files contain information like the file list, sizes, pieces, etc. Every piece received is first checked against the hash. If yes, please state the libtorrent version used by your distro. However, whether to seed or not, or how much to seed, depends on the availability of downloaders and the choice of the peer at the seeding end. I tried raising my connection limits to higher and higher numbers currently at 1000, 500, 500, 500 I have a static port so I can forward it. For legal torrents try. I advice you to use only one active seeding torrent when capturing. Current settings: DHT: off PeX: off Local peer discovery: on Anonymous mode: off Max downloads: 5 Max uploads: 7 Max active: 12 Do not count slow torrents in these limits: on no see ratio limits set. Each seed adds 1.
    [Show full text]
  • Peer-To-Peer Systems
    Peer-to-Peer Systems Winter semester 2014 Jun.-Prof. Dr.-Ing. Kalman Graffi Heinrich Heine University Düsseldorf Peer-to-Peer Systems Unstructured P2P Overlay Networks – Unstructured Heterogeneous Overlays This slide set is based on the lecture "Communication Networks 2" of Prof. Dr.-Ing. Ralf Steinmetz at TU Darmstadt Unstructured Heterogeneous P2P Overlays Unstructured P2P Structured P2P Centralized P2P Homogeneous P2P Heterogeneous P2P DHT-Based Heterogeneous P2P 1. All features of 1. All features of 1. All features of 1. All features of 1. All features of Peer-to-Peer Peer-to-Peer Peer-to-Peer Peer-to-Peer Peer-to-Peer included included included included included 2. Central entity is 2. Any terminal 2. Any terminal 2. Any terminal 2. Peers are necessary to entity can be entity can be entity can be organized in a provide the removed without removed without removed hierarchical service loss of loss of without loss of manner 3. Central entity is functionality functionality functionality 3. Any terminal some kind of 3. ! no central 3. ! dynamic central 3. ! No central entity can be index/group entities entities entities removed without database 4. Connections in loss of functionality the overlay are Examples: “fixed” Examples: Examples: § Gnutella 0.6 Examples: Examples: § Napster § Gnutella 0.4 § Fasttrack § Chord • AH-Chord § Freenet § eDonkey § CAN • Globase.KOM § Kademlia from R.Schollmeier and J.Eberspächer, TU München HHU – Technology of Social Networks – JProf. Dr. Kalman Graffi – Peer-to-Peer Systems – http://tsn.hhu.de/teaching/lectures/2014ws/p2p.html
    [Show full text]
  • Comodo System Cleaner Version 3.0
    Comodo System Cleaner Version 3.0 User Guide Version 3.0.122010 Versi Comodo Security Solutions 525 Washington Blvd. Jersey City, NJ 07310 Comodo System Cleaner - User Guide Table of Contents 1.Comodo System-Cleaner - Introduction ............................................................................................................ 3 1.1.System Requirements...........................................................................................................................................5 1.2.Installing Comodo System-Cleaner........................................................................................................................5 1.3.Starting Comodo System-Cleaner..........................................................................................................................9 1.4.The Main Interface...............................................................................................................................................9 1.5.The Summary Area.............................................................................................................................................11 1.6.Understanding Profiles.......................................................................................................................................12 2.Registry Cleaner............................................................................................................................................. 15 2.1.Clean.................................................................................................................................................................16
    [Show full text]
  • The Edonkey File-Sharing Network
    The eDonkey File-Sharing Network Oliver Heckmann, Axel Bock, Andreas Mauthe, Ralf Steinmetz Multimedia Kommunikation (KOM) Technische Universitat¨ Darmstadt Merckstr. 25, 64293 Darmstadt (heckmann, bock, mauthe, steinmetz)@kom.tu-darmstadt.de Abstract: The eDonkey 2000 file-sharing network is one of the most successful peer- to-peer file-sharing applications, especially in Germany. The network itself is a hybrid peer-to-peer network with client applications running on the end-system that are con- nected to a distributed network of dedicated servers. In this paper we describe the eDonkey protocol and measurement results on network/transport layer and application layer that were made with the client software and with an open-source eDonkey server we extended for these measurements. 1 Motivation and Introduction Most of the traffic in the network of access and backbone Internet service providers (ISPs) is generated by peer-to-peer (P2P) file-sharing applications [San03]. These applications are typically bandwidth greedy and generate more long-lived TCP flows than the WWW traffic that was dominating the Internet traffic before the P2P applications. To understand the influence of these applications and the characteristics of the traffic they produce and their impact on network design, capacity expansion, traffic engineering and shaping, it is important to empirically analyse the dominant file-sharing applications. The eDonkey file-sharing protocol is one of these file-sharing protocols. It is imple- mented by the original eDonkey2000 client [eDonkey] and additionally by some open- source clients like mldonkey [mlDonkey] and eMule [eMule]. According to [San03] it is with 52% of the generated file-sharing traffic the most successful P2P file-sharing net- work in Germany, even more successful than the FastTrack protocol used by the P2P client KaZaa [KaZaa] that comes to 44% of the traffic.
    [Show full text]
  • IPFS and Friends: a Qualitative Comparison of Next Generation Peer-To-Peer Data Networks Erik Daniel and Florian Tschorsch
    1 IPFS and Friends: A Qualitative Comparison of Next Generation Peer-to-Peer Data Networks Erik Daniel and Florian Tschorsch Abstract—Decentralized, distributed storage offers a way to types of files [1]. Napster and Gnutella marked the beginning reduce the impact of data silos as often fostered by centralized and were followed by many other P2P networks focusing on cloud storage. While the intentions of this trend are not new, the specialized application areas or novel network structures. For topic gained traction due to technological advancements, most notably blockchain networks. As a consequence, we observe that example, Freenet [2] realizes anonymous storage and retrieval. a new generation of peer-to-peer data networks emerges. In this Chord [3], CAN [4], and Pastry [5] provide protocols to survey paper, we therefore provide a technical overview of the maintain a structured overlay network topology. In particular, next generation data networks. We use select data networks to BitTorrent [6] received a lot of attention from both users and introduce general concepts and to emphasize new developments. the research community. BitTorrent introduced an incentive Specifically, we provide a deeper outline of the Interplanetary File System and a general overview of Swarm, the Hypercore Pro- mechanism to achieve Pareto efficiency, trying to improve tocol, SAFE, Storj, and Arweave. We identify common building network utilization achieving a higher level of robustness. We blocks and provide a qualitative comparison. From the overview, consider networks such as Napster, Gnutella, Freenet, BitTor- we derive future challenges and research goals concerning data rent, and many more as first generation P2P data networks, networks.
    [Show full text]
  • Asynchronous Covert Communication Using Bittorrent Trackers Mathieu Cunche, Mohamed Ali Kaafar, Roksana Boreli
    Asynchronous Covert Communication Using BitTorrent Trackers Mathieu Cunche, Mohamed Ali Kaafar, Roksana Boreli To cite this version: Mathieu Cunche, Mohamed Ali Kaafar, Roksana Boreli. Asynchronous Covert Communication Using BitTorrent Trackers. International Symposium on Cyberspace Safety and Security (CSS), Aug 2014, Paris, France. hal-01053147 HAL Id: hal-01053147 https://hal.inria.fr/hal-01053147 Submitted on 29 Jul 2014 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. Asynchronous Covert Communication Using BitTorrent Trackers Mathieu Cunche∗†, Mohamed-Ali Kaafar†‡, Roksana Boreli‡ †Inria, France ∗INSA-Lyon CITI, France ‡National ICT Australia fi[email protected][email protected] Abstract—Covert channels enable communicating parties to in a swarm (set of peers downloading and/or sharing a given exchange messages without being detected by an external ob- content). Our contributions are as follows. server. We propose a novel covert channel mechanism based We present a communication scheme that enables two on BitTorrent trackers. The proposed mechanism uses common HTTP commands, thus having the appearance of genuine web parties to perform a hidden exchange of information through traffic and consists of communications that are both indirect and the centralized BitTorrent tracker.
    [Show full text]
  • [Hal-00744922, V1] Improving Content Availability in the I2P Anonymous
    Improving Content Availability in the I2P Anonymous File-Sharing Environment Juan Pablo Timpanaro, Isabelle Chrisment*, Olivier Festor INRIA Nancy-Grand Est, France *LORIA - ESIAL, Universit´ede Lorraine Email: fjuanpablo.timpanaro, [email protected] Email: [email protected] Abstract. Anonymous communication has gained more and more inter- est from Internet users as privacy and anonymity problems have emerged. Dedicated anonymous networks such as Freenet and I2P allow anony- mous file-sharing among users. However, one major problem with anony- mous file-sharing networks is that the available content is highly reduced, mostly with outdated files, and non-anonymous networks, such as the BitTorrent network, are still the major source of content: we show that in a 30-days period, 21648 new torrents were introduced in the BitTor- rent community, whilst only 236 were introduced in the anonymous I2P network, for four different categories of content. Therefore, how can a user of these anonymous networks access this varied and non-anonymous content without compromising its anonymity? In this paper, we improve content availability in an anonymous environment by proposing the first internetwork model allowing anonymous users to access and share content in large public communities while remaining anonymous. We show that our approach can efficiently interconnect I2P users and public BitTorrent swarms without affecting their anonymity nor their performance. Our model is fully implemented and freely usable. 1 Introduction Peer-to-peer file-sharing has always been one of the major sources of the Internet hal-00744922, version 1 - 24 Oct 2012 traffic, since its early beginnings in 2000. It has been moving from semi-central approaches (eDonkey2000, for example), to semi-decentralized approaches (Kazaa, for instance) to fully decentralized file-sharing architectures (like the KAD net- work).
    [Show full text]