Network Traffic Exposed and Concealed

Total Page:16

File Type:pdf, Size:1020Kb

Network Traffic Exposed and Concealed Network Traffic Exposed and Concealed Dissertation submitted for the degree of Doctor of Engineering Presented by Thomas Zink at the Faculty of Sciences Department of Computer and Information Science Date of the oral examination: 2014-12-18 First supervisor: Prof. Dr. Marcel Waldvogel Second supervisor: Prof. Dr. Oliver Haase Konstanzer Online-Publikations-System (KOPS) URL: http://nbn-resolving.de/urn:nbn:de:bsz:352-0-268285 (CC BY 4.0) This work is licensed under a Creative Commons Attribution 4.0 International License. To view a copy of this license, visit http://creativecommons.org/licenses/by/4.0/. To Valerian and Floriana. You have enriched my life beyond belief. May the force be with you. Abstract Cyberspace: a world at war. Our privacy, freedom of speech, and with them the very foundations of democracy are under attack. In the virtual world frontiers are not set by nations or states, they are set by those, who control the flows of information. And control is, what everybody wants. The Five Eyes are watching, storing, and evaluating every transmission. Internet corporations compete for our data and decide if, when, and how we gain access to that data and to their pretended free services. Search engines control what information we are allowed - or want - to consume. Network access providers and carriers are fighting for control of larger networks and for better ways to shape the traffic. Interest groups and copyright holders struggle to limit access to specific content. Network operators try to keep their networks and their data safe from outside - or inside - adversaries. And users? Many of them just don't care. Trust in concepts and techniques is implicit. Those who do care try to take back control of the Internet through privacy-preserving techniques. This leads to an arms race between those who try to classify the traffic, and those who try to obfuscate it. But good or bad lies in the eye of the beholder, and one will find himself fighting on both sides. Network Traffic Classification is an important tool for network security. It allows identification of malicious traffic and possible intruders, and can also optimize network usage. Network Traffic Obfuscation is required to protect transmissions of important data from unauthorized observers, to keep the information private. However, with security and privacy both crumbling under the grip of legal and illegal black hat crackers, we dare say that contemporary traffic classification and obfuscation techniques are fundamentally flawed. The underlying concepts cannot keep up with technological evolution. Their implementation is insufficient, inefficient and requires too much resources. We provide (1) a unified view on the apparently opposed fields of traffic classification and obfuscation, their deficiencies and limitations, and how they can be improved. We show that (2) using multiple classification techniques, optimized for specific tasks improves overall resource requirements and subsequently increases classification speed. (3) Classification based on application domain behavior leads to more accurate information than trying to identify communication protocols. (4) Current approaches to identify signatures in packet content are slow and require much space or memory. Enhanced methods reduce these requirements and allow faster matching. (5) Simple and easy to implement obfuscation techniques allow circumvention of even sophisticated contemporary classification systems. (6) Trust and privacy can be increased by reducing communication to a required minimum and limit it to known and trustworthy communication partners. Our techniques improve both security and privacy and can be applied efficiently on a large scale. It is but a small step in taking back the Web. Kurzfassung Es herrscht Krieg im Cyberspace. Unsere Privatsph¨are,das Recht auf Meinungsfreiheit, und mit ihnen die Grundlagen der Demokratie werden angegriffen. In der virtuellen Welt werden Grenzen nicht von Staaten gezogen, sondern von denen, die die Informationsfl¨usse kontrollieren. Und diese Kontrolle wollen alle. Die \Five Eyes"-Staaten beobachten und speichern jegliche Daten¨ubertragung und werten diese aus. Internetfirmen konkurrieren um unsere Daten und entscheiden ob, wann und wie wir auf diese Daten oder die von ihnen scheinbar kostenlos bereitgestellten Dienstleistungen zugreifen d¨urfen.Suchmaschinen kontrollieren welche Informationen wir konsumieren d¨urfen{ oder wollen. Netzbetreiber k¨ampfenum die Kontrolle noch gr¨oßerer Netzwerke und um bessere Methoden den Datenverkehr zu beeinflussen. Interessengruppen und Rechteverwerter bem¨uhensich um Limitierung oder gar Zensur bestimmter Inhalte. Administratoren versuchen ihre Netze und Daten vor Gegnern zu sch¨utzen. Und die Benutzer? Die meißten interessieren sich f¨urall dies gar nicht. Das Vertrauen in Konzepte und Techniken wird vorbehaltlos gegeben. Doch diejenigen, die sich interessieren, versuchen die Kontrolle ¨uber das Internet zur¨uck zu gewinnen. Sie versuchen dies mit Techniken, die die Privatsph¨areerhalten sollen. Dies f¨uhrtzu einem Wettr¨ustenzwischen denen, die den Netzwerkverkehr identifizieren wollen, und denen, die ihn verschleiern wollen. Aber Gut und B¨oseliegen im Auge des Betrachters und so wird man sich an beiden Fronten k¨ampfensehen. Netzwerkverkehr-Analyse ist ein wichtiges Werkzeug zur Erhaltung der Netzwerk- Sicherheit. Es erlaubt, sch¨adlichen Datentransfer und Einbrecher zu erkennen und kann ebenfalls dazu genutzt werden, die Auslastung der Infrastruktur zu optimieren. Netzwerkverkehr-Verschleierung wird ben¨otigtum die Ubertragung¨ wichtiger Daten vor unbefugten Beobachtern zu sch¨utzen.Es dient dem Datenschutz. Aber Sicherheit und Datenschutz brechen unter der eisernen Faust von legalen und illegalen Hackern zusammen. Wir wagen zu behaupten dass sowohl Netzwerkverkehr-Analyse als auch Netzwerkverkehr- Verschleierung fundamentale M¨angelaufweisen. Die Grundkonzepte k¨onnennicht mit den Entwicklungen der letzten Jahre mithalten. Ihre Implementierungen sind nicht ausreichend, ineffizient und ben¨otigenzu viele Ressourcen. Wir zeigen (1) eine umfassende Ubersicht¨ der vermeintlich entgegengesetzten Felder der Verkehrsanalyse und der Verkehrsverschleierung. (2) Die Kombination mehrerer optimierter Klassifikationstechniken kann Anforderungen an Ressourcen reduzieren und dadurch die Leistung erh¨ohen.(3) Klassifizierung von Anwendungsdom¨anenliefert aus- sagekr¨aftigereErgebnisse als die Identifizierung von Kommunikationsprotokollen. (4) Derzeitige Techniken zur Erkennung von Signaturen sind langsam und ben¨otigenviel Spe- icher. Diese Anforderungen k¨onnenreduziert werden und die Suche beschleunigt werden. (5) Einfach zu implementierende Verschleierungstechnicken k¨onnenselbst hochentwickelte Klassifizierungstechniken umgehen. (6) Vertrauen und Datensicherheit k¨onnenverbessert werden, indem man Kommunikation vermeidet und auf ein Mindestmaß beschr¨ankt. Unsere Techniken verbessern sowohl die Datensicherheit als den Datenschutz und k¨onneneffizient eingesetzt werden. Es ist ein kleiner Schritt, um das Netz zur¨uck zu erobern. vi Contents I Overview 1 1 Introduction 3 1.1 In a Nutshell . 4 1.2 Motivation . 5 1.3 Claims and Contribution . 7 1.3.1 Publications . 9 1.3.2 Software . 10 1.4 Outline and Content . 10 2 Background 13 2.1 Protocols, Layers, and Encapsulation . 13 2.2 Router Functions . 15 2.3 Of Packets and Flows . 16 2.4 Traffic Classification and Obfuscation . 17 3 The Art of Traffic Classification and Obfuscation 21 3.1 Traffic Classification Issues . 25 3.1.1 No publicly available or shareable Data and Rulesets. 25 3.1.2 No standard Measurement and evaluation Metrics. 26 3.1.3 Different Classification Scope and Goals. 26 3.1.4 Few publicly available Classification Tools. 26 3.1.5 No Baseline or Ground Truth. 26 3.1.6 Increasing Line-Speeds and Scalability. 27 3.2 Traffic Classification Challenges . 27 3.3 Traffic Classification Techniques . 29 3.3.1 Point Location . 30 3.3.2 Pattern Matching . 30 3.3.3 Machine Learning . 31 3.3.4 Behavior Analysis . 32 3.4 A unified Taxonomy . 33 3.4.1 Purpose . 33 3.4.2 Goal . 34 3.4.3 Scope . 35 3.4.4 Application . 35 3.4.5 Link Location . 35 3.4.6 Data . 35 3.4.7 Method . 36 vii Contents 3.4.8 Traffic Features . 36 3.4.9 Metrics . 36 3.5 Effective Traffic Obfuscation . 37 3.5.1 Encrypt Payload . 38 3.5.2 Obfuscate Flow Features . 38 3.5.3 Traffic Hiding . 39 3.6 Conclusion . 39 II Traffic Identification 41 4 Building better Multi-Classification Systems 43 4.1 Traditional Rulesets and Multi-Classification . 44 4.1.1 Traditional Rulesets . 44 4.1.2 Multi-classification . 47 4.2 Rules Anatomy . 47 4.3 From Rules to Circuits . 49 4.3.1 Rule Preprocessing . 51 4.3.2 Ruleset Partitioning . 52 4.3.3 Compile the Engines . 54 4.4 Evaluation . 56 4.4.1 Ruleset Structure . 56 4.4.2 Ruleset Preprocessing . 57 4.4.3 Rule Matching . 59 4.5 Conclusion . 60 5 Efficient P2P flow classification on Physical Interface Cards 63 5.1 Introduction . 64 5.2 Related Work . 64 5.3 A brief history of Peer-to-Peer Protocols . 65 5.3.1 P2P Properties . 66 5.3.2 Obfuscation and Encryption in P2P networks . 67 5.4 Efficient P2P Classification . 68 5.4.1 Challenges in classifying P2P traffic . 68 5.4.2 Classification Algorithm . 69 5.4.3 A Guide for Hardware Implementation . 74 5.5 Evaluation . 77 5.5.1 Dataset, Baseline, and Metrics . 78 5.5.2 Converting Flows and Building a Baseline . 78 5.5.3 Results . 79 5.6 Conclusion . 82 6 Enhanced String Matching 85 6.1 Introduction . 86 6.2 Related Work . 87 6.3 Generic Single-Byte Matching engine . 88 6.3.1 Regular Expression Encoding . 89 6.3.2 Rule Encoding . 91 viii Contents 6.3.3 Rule Matching . 93 6.3.4 Constraints and Limitations . 94 6.4 Evaluation . 95 6.5 Conclusion . 96 III Traffic Obfuscation 99 7 Efficient BitTorrent Traffic Obfuscation 101 7.1 Introduction . 102 7.2 Related Work . 103 7.3 Introduction to BitTorrent . 105 7.4 Obfuscated Handshaking . 105 7.4.1 Concealing Signatures, a first approach . 105 7.4.2 Achieving true randomness . 106 7.4.3 Reducing Reconnects: Magic Peer ID . 108 7.4.4.
Recommended publications
  • Lab 5: Bittorrent Client Implementation
    Lab 5: BitTorrent Client Implementation Due: Nov. 30th at 11:59 PM Milestone: Nov. 19th during Lab Overview In this lab, you and your lab parterner will develop a basic BitTorrent client that can, at minimal, exchange a file between multiple peers, and at best, function as a full feature BitTorrent Client. The programming in this assignment will be in C requiring standard sockets, and thus you will not need to have root access. You should be able to develop your code on any CS lab machine or your personal machine, but all code will be tested on the CS lab. Deliverable Your submission should minimally include the following programs and files: • REDME • Makefile • bencode.c|h • bt lib.c|h • bt setup.c|h • bt client • client trace.[n].log • sample torrent.torrent Your README file should contain a short header containing your name, username, and the assignment title. The README should additionally contain a short description of your code, tasks accomplished, and how to compile, execute, and interpret the output of your programs. Your README should also contain a list of all submitted files and code and the functionality implemented in different code files. This is a large assignment, and this will greatly aid in grading. As always, if there are any short answer questions in this lab write-up, you should provide well marked answers in the README, as well as indicate that you’ve completed any of the extra credit (so that I don’t forget to grade it). Milestones The entire assignment will be submitted and graded, but your group will also hold a milestone meeting to receive feedback on your current implementation.
    [Show full text]
  • Digital Fountain Erasure-Recovery in Bittorrent
    UNIVERSITÀ DEGLI STUDI DI BERGAMO Facoltà di Ingegneria Corso di Laurea Specialistica in Ingegneria Informatica Classe n. 35/S – Sistemi Informatici Digital Fountain Erasure Recovery in BitTorrent: integration and security issues Relatore: Chiar.mo Prof. Stefano Paraboschi Correlatore: Chiar.mo Prof. Andrea Lorenzo Vitali Tesi di Laurea Specialistica Michele BOLOGNA Matricola n. 56108 ANNO ACCADEMICO 2007 / 2008 This thesis has been written, typeset and prepared using LATEX 2". Printed on December 5, 2008. Alla mia famiglia “Would you tell me, please, which way I ought to go from here?” “That depends a good deal on where you want to get to,” said the Cat. “I don’t much care where —” said Alice. “Then it doesn’t matter which way you go,” said the Cat. “— so long as I get somewhere,” Alice added as an explanation. “Oh, you’re sure to do that,” said the Cat, “if you only walk enough.” Lewis Carroll Alice in Wonderland Acknowledgments (in Italian) Ci sono molte persone che mi hanno aiutato durante lo svolgimento di questo lavoro. Il primo ringraziamento va ai proff. Stefano Paraboschi e Andrea Vitali per la disponibilità, la competenza, i consigli, la pazienza e l’aiuto tecnico che mi hanno saputo dare. Grazie di avermi dato la maggior parte delle idee che sono poi confluite nella mia tesi. Un sentito ringraziamento anche a Andrea Rota e Ruben Villa per l’aiuto e i chiarimenti che mi hanno gentilmente fornito. Vorrei ringraziare STMicroelectronics, ed in particolare il gruppo Advanced System Technology, per avermi offerto le infrastrutture, gli spa- zi e tutto il necessario per svolgere al meglio il mio periodo di tirocinio.
    [Show full text]
  • A Decentralized Cloud Storage Network Framework
    Storj: A Decentralized Cloud Storage Network Framework Storj Labs, Inc. October 30, 2018 v3.0 https://github.com/storj/whitepaper 2 Copyright © 2018 Storj Labs, Inc. and Subsidiaries This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 license (CC BY-SA 3.0). All product names, logos, and brands used or cited in this document are property of their respective own- ers. All company, product, and service names used herein are for identification purposes only. Use of these names, logos, and brands does not imply endorsement. Contents 0.1 Abstract 6 0.2 Contributors 6 1 Introduction ...................................................7 2 Storj design constraints .......................................9 2.1 Security and privacy 9 2.2 Decentralization 9 2.3 Marketplace and economics 10 2.4 Amazon S3 compatibility 12 2.5 Durability, device failure, and churn 12 2.6 Latency 13 2.7 Bandwidth 14 2.8 Object size 15 2.9 Byzantine fault tolerance 15 2.10 Coordination avoidance 16 3 Framework ................................................... 18 3.1 Framework overview 18 3.2 Storage nodes 19 3.3 Peer-to-peer communication and discovery 19 3.4 Redundancy 19 3.5 Metadata 23 3.6 Encryption 24 3.7 Audits and reputation 25 3.8 Data repair 25 3.9 Payments 26 4 4 Concrete implementation .................................... 27 4.1 Definitions 27 4.2 Peer classes 30 4.3 Storage node 31 4.4 Node identity 32 4.5 Peer-to-peer communication 33 4.6 Node discovery 33 4.7 Redundancy 35 4.8 Structured file storage 36 4.9 Metadata 39 4.10 Satellite 41 4.11 Encryption 42 4.12 Authorization 43 4.13 Audits 44 4.14 Data repair 45 4.15 Storage node reputation 47 4.16 Payments 49 4.17 Bandwidth allocation 50 4.18 Satellite reputation 53 4.19 Garbage collection 53 4.20 Uplink 54 4.21 Quality control and branding 55 5 Walkthroughs ...............................................
    [Show full text]
  • TI3800 Bachelorproject
    TI3800 Bachelorproject Android Tor Tribler Tunneling Final Report Authors: Supervisor: Rolf Jagerman Dr. Ir. Johan Pouwelse Laurens Versluis Project coach: Martijn de Vos Ir. Egbert Bouman June 23, 2014 Abstract Tribler is a decentralized peer-to-peer file sharing system. Recently the Tribler development team has introduced anonymous internet communication using a Tor-like protocol in their trial version. The goal of our bachelor project is to port this technology to Android devices. This is a challenging task because cross-compiling the necessary libraries to the ARM CPU architecture is uncharted territory. We have successfully ported all dependencies of Tribler to Android. An application called Android Tor Tribler Tunneling (AT3) has been developed that tests whether these libraries work. This application downloads a test torrent and measures information such as CPU usage and download speed. Based on this information we have concluded that it is currently not viable to run the anonymous tunnels on an Android smartphone. Creating circuits with several hops that use encryption is very computationally expensive and modern smartphones can hardly keep up. By using optimized cryptographic libraries such as gmp or with the recently announced ARMv8 architecture which supports hardware-accelerated AES encryption, creating such circuits might become possible. Preface This document describes the bachelor project we performed at the TU Delft. Without the help of certain people at the TU Delft (and outside), this project would not be possible. In particular, we would like to thank the following people: Johan Pouwelse, for his excellent guidance, deep insights and feedback. The Tribler team, for always being able to help us with problems and questions.
    [Show full text]
  • Credits in Bittorrent: Designing Prospecting and Investments Functions
    Credits in BitTorrent: designing prospecting and investments functions Ardhi Putra Pratama Hartono Credits in BitTorrent: designing prospecting and investment functions Master’s Thesis in Computer Science Parallel and Distributed Systems group Faculty of Electrical Engineering, Mathematics, and Computer Science Delft University of Technology Ardhi Putra Pratama Hartono March 17, 2017 Author Ardhi Putra Pratama Hartono Title Credits in BitTorrent: designing prospecting and investment functions MSc presentation Snijderzaal, LB01.010 EEMCS, Delft 16:00 - 17:30, March 24, 2017 Graduation Committee Prof. Dr. Ir. J.A. Pouwelse (supervisor) Delft University of Technology Prof. Dr. Ir. S. Hamdioui Delft University of Technology Dr. Ir. C. Hauff Delft University of Technology Abstract One of the cause of slow download speed in the BitTorrent community is the existence of freeriders. The credit system, as one of the most widely implemented incentive mechanisms, is designed to tackle this issue. However, in some cases, gaining credit efficiently is difficult. Moreover, the supply and demand misalign- ment in swarms can result in performance deficiency. As an answer to this issue, we introduce a credit mining system, an autonomous system to download pieces from selected swarms in order to gain a high upload ratio. Our main work is to develop a credit mining system. Specifically, we focused on an algorithm to invest the credit in swarms. This is composed of two stages: prospecting and mining. In prospecting, swarm information is extensively col- lected and then filtered. In mining, swarms are sorted by their potential and then selected. We also propose a scoring policy as a method to quantify swarms with a numerical score.
    [Show full text]
  • Sok: Tools for Game Theoretic Models of Security for Cryptocurrencies
    SoK: Tools for Game Theoretic Models of Security for Cryptocurrencies Sarah Azouvi Alexander Hicks Protocol Labs University College London University College London Abstract form of mining rewards, suggesting that they could be prop- erly aligned and avoid traditional failures. Unfortunately, Cryptocurrencies have garnered much attention in recent many attacks related to incentives have nonetheless been years, both from the academic community and industry. One found for many cryptocurrencies [45, 46, 103], due to the interesting aspect of cryptocurrencies is their explicit consid- use of lacking models. While many papers aim to consider eration of incentives at the protocol level, which has motivated both standard security and game theoretic guarantees, the vast a large body of work, yet many open problems still exist and majority end up considering them separately despite their current systems rarely deal with incentive related problems relation in practice. well. This issue arises due to the gap between Cryptography Here, we consider the ways in which models in Cryptog- and Distributed Systems security, which deals with traditional raphy and Distributed Systems (DS) can explicitly consider security problems that ignore the explicit consideration of in- game theoretic properties and incorporated into a system, centives, and Game Theory, which deals best with situations looking at requirements based on existing cryptocurrencies. involving incentives. With this work, we offer a systemati- zation of the work that relates to this problem, considering papers that blend Game Theory with Cryptography or Dis- Methodology tributed systems. This gives an overview of the available tools, and we look at their (potential) use in practice, in the context As we are covering a topic that incorporates many different of existing blockchain based systems that have been proposed fields coming up with an extensive list of papers would have or implemented.
    [Show full text]
  • Установка И Настройка Rtorrent+Rutorrent+Nginx+Php-Fpm В Arch Linux 1 / 9
    УСТАНОВКА И НАСТРОЙКА RTORRENT+RUTORRENT+NGINX+PHP-FPM В ARCH LINUX 1 / 9 Установка и настройка rtorrent+rutorrent+nginx+php-fpm в Arch Linux Предыстория Для работы с торрентами я достаточно долго использовал ktorrent. Сей клиент мои потребности в удобном управлении закачками удовлетворял полностью, пока я не заметил, что на популярных торрентах загрузка процессора доходила до 50% (а с uTP — ещё больше), а потребление памяти в и без того жирном KDE стало неприятно бросаться в глаза. Было решено сменить KDE на xfce (это отдельная история), а программу для торрентов подобрать с хорошим функционалом и удобным управлением. Перепробовав transmission, deluge и rtorrent, я остановлися на последнем. О том, как настроить rtorrent+rutorrent+nginx+php-fpm, и будет под катом. Почему так? Сразу хочу ответить, почему выбраны именно означенные инструменты. Arch Linux. Об этом дистрибутиве можно говорить достаточно долго, мне нравится его организация и философия в целом, и я могу его использовать для себя с максимальной эффективностью. Кому интересно более детально прочитать о нём, смотрите сюда и сюда. nginx. Я впечатлён тем, как эта маленькая штука выполняет свою работу, экономя память, гибко настраиваясь и предоставляя весь необходимый мне функционал. php-fpm. Можно настроить количество рабочих потоков, в связке с nginx даёт Linux для всех УСТАНОВКА И НАСТРОЙКА RTORRENT+RUTORRENT+NGINX+PHP-FPM В ARCH LINUX 2 / 9 замечательную производительность. rtorrent. Малое потребление ресурсов, хорошо настраивается. rutorrent. Активно развивается, имеет приятный интерфейс. Установка необходимого программного обеспечения Будем исходить из того, что Arch Linux на компьютере уже стоит, а пользователь знаком с его пакетной системой. Чтобы установить веб-часть связки, выполняем команду: sudo pacman -S nginx php-fpm rtorrent и librtorrent я рекомендую устанавливать с AUR'а, там есть замечательный PKGBUILD под названием rtorrent-color, делающий скучный консольный интерфейс более приятным (если будете им пользоваться), и libtorrent-extended, имеющий дополнительные патчи.
    [Show full text]
  • Blockchain and The
    NOTES ACKNOWLEDGMENTS INDEX Notes Introduction 1. The manifesto dates back to 1988. See Timothy May, “The Crypto Anarchist Manifesto” (1992), https:// www . activism . net / cypherpunk / crypto - anarchy . html. 2. Ibid. 3. Ibid. 4. Ibid. 5. Ibid. 6. Timothy May, “Crypto Anarchy and Virtual Communities” (1994), http:// groups . csail . mit . edu / mac / classes / 6 . 805 / articles / crypto / cypherpunks / may - virtual - comm . html. 7. Ibid. 8. For example, as we wi ll describe in more detail in Chapter 1, the Bitcoin blockchain is currently stored on over 6,000 computers in eighty- nine jurisdictions. See “Global Bitcoin Node Distribution,” Bitnodes, 21 . co, https:// bitnodes . 21 . co / . Another large blockchain- based network, Ethereum, has over 12,000 nodes, also scattered across the globe. See Ethernodes, https:// www . ethernodes . org / network / 1. 9. See note 8. 10. Some blockchains are not publicly accessible (for more on this, see Chapter 1). These blockchains are referred to as “private blockchains” and are not the focus of this book. 11. See Chapter 1. 12. The Eu ro pean Securities and Market Authority, “Discussion Paper: The Dis- tributed Ledger Technology Applied to Securities Markets,” ESMA / 2016 / 773, June 2, 2016: at 17, https:// www . esma . europa . eu / sites / default / files / library / 2016 - 773 _ dp _ dlt . pdf. 213 214 NOTES TO PAGES 5–13 13. The phenomena of order without law also has been described in other con- texts, most notably by Robert Ellickson in his seminal work Order without Law (Cambridge, MA: Harvard University Press, 1994). 14. Joel Reidenberg has used the term “lex informatica” to describe rules imple- mented by centralized operators online.
    [Show full text]
  • Master's Thesis
    MASTER'S THESIS Analysis of UDP-based Reliable Transport using Network Emulation Andreas Vernersson 2015 Master of Science in Engineering Technology Computer Science and Engineering Luleå University of Technology Department of Computer Science, Electrical and Space Engineering Abstract The TCP protocol is the foundation of the Internet of yesterday and today. In most cases it simply works and is both robust and versatile. However, in recent years there has been a renewed interest in building new reliable transport protocols based on UDP to handle certain problems and situations better, such as head-of-line blocking and IP address changes. The first part of the thesis starts with a study of a few existing reliable UDP-based transport protocols, SCTP which can also be used natively on IP, QUIC and uTP, to see what they can offer and how they work, in terms of features and underlying mechanisms. The second part consists of performance and congestion tests of QUIC and uTP imple- mentations. The emulation framework Mininet was used to perform these tests using controllable network properties. While easy to get started with, a number of issues were found in Mininet that had to be resolved to improve the accuracy of emulation. The tests of QUIC have shown performance improvements since a similar test in 2013 by Connectify, while new tests have identified specific areas that might require further analysis such as QUIC’s fairness to TCP and performance impact of delay jitter. The tests of two different uTP implementations have shown that they are very similar, but also a few differences such as slow-start growth and back-off handling.
    [Show full text]
  • Proofs of Replication Are Also Relevant in the Private-Verifier Setting of Proofs of Data Replication
    PoReps: Proofs of Space on Useful Data Ben Fisch Stanford University, Protocol Labs Abstract A proof-of-replication (PoRep) is an interactive proof system in which a prover defends a publicly verifiable claim that it is dedicating unique resources to storing one or more retrievable replicas of a data file. In this sense a PoRep is both a proof of space (PoS) and a proof of retrievability (PoR). This paper establishes a foundation for PoReps, exploring both their capabilities and their limitations. While PoReps may unconditionally demonstrate possession of data, they fundamentally cannot guarantee that the data is stored redundantly. Furthermore, as PoReps are proofs of space, they must rely either on rational time/space tradeoffs or timing bounds on the online prover's runtime. We introduce a rational security notion for PoReps called -rational replication based on the notion of an -Nash equilibrium, which captures the property that a server does not gain any significant advantage by storing its data in any other (non-redundant) format. We apply our definitions to formally analyze two recently proposed PoRep constructions based on verifiable delay functions and depth robust graphs. Lastly, we reflect on a notable application of PoReps|its unique suitability as a Nakamoto consensus mechanism that replaces proof-of-work with PoReps on real data, simultaneously incentivizing and subsidizing the cost of file storage. 1 Introduction A proof-of-replication (PoRep) builds on the two prior concepts of proofs-of-retrievability (PoR) [30] and proofs-of-space (PoS) [24]. In the former a prover demonstrates that it can retrieve a file and in the latter the prover demonstrates that it is using some minimum amount of space to store information.
    [Show full text]
  • Deluge-2.0.3
    deluge Documentation Release 2.0.3 Deluge Team June 12, 2019 CONTENTS 1 Contents 1 1.1 Getting started with Deluge.......................................1 1.2 How-to guides..............................................2 1.3 Release notes...............................................3 1.4 Development & community.......................................6 1.5 Development guide............................................ 11 1.6 Reference................................................. 21 i ii CHAPTER ONE CONTENTS 1.1 Getting started with Deluge This is a starting point if you are new to Deluge where we will walk you through getting up and running with our BitTorrent client. 1.1.1 Installing Deluge These are the instructions for installing Deluge. Consider them a work-in-progress and feel free to make suggestions for improvement. Ubuntu PPA Until the stable PPA is updated, the development version of Deluge can be used: sudo add-apt-repository-u ppa:deluge-team/stable sudo apt install deluge PyPi To install from Python PyPi, Deluge requires the following system installed packages: sudo apt install python3-pip python3-libtorrent python3-gi python3-gi-cairo gir1.2- ,!gtk-3.0 gir1.2-appindicator3 Install with pip: pip install deluge Windows Unfortuately due to move to GTK3 and Python 3 there is no installer package currently available for Windows. Intrepid users can install Deluge from seperate packages as detailed in issue #3201. 1 deluge Documentation, Release 2.0.3 macOS There is no .app package currently for macOS, but can try Deluge with homebrew. 1. Install Homebrew 2. Open a terminal. 3. Run the following to install required packages: brew install pygobject3 gtk+3 adwaita-icon-theme brew install libtorrent-rasterbar 4. To fix translations: brew link gettext--force 5.
    [Show full text]
  • 1 Tribler 3 1.1 Obtaining the Latest Release
    Tribler Documentation Release 7.5.0 Tribler devs Jan 29, 2021 CONTENTS 1 Tribler 3 1.1 Obtaining the latest release........................................3 1.2 Obtaining support............................................3 1.3 Contributing...............................................3 1.4 Packaging Tribler.............................................4 1.5 Submodule notes.............................................4 2 How to contribute to the Tribler project?5 2.1 Checking out the Stabilization Branch..................................5 2.2 Reporting bugs..............................................5 2.3 Pull requests...............................................6 3 Branching model and development methodology7 3.1 Branching model.............................................7 3.2 Release lifecycle.............................................7 3.3 Tags....................................................8 3.4 Setting up the local repo.........................................8 3.5 Working on new features or fixes....................................8 3.6 Getting your changes merged upstream.................................9 3.7 Misc guidelines.............................................. 10 4 Setting up your development environment 11 4.1 Windows................................................. 11 4.2 MacOS.................................................. 13 4.3 Linux................................................... 15 5 Building Tribler 17 5.1 Windows................................................. 17 5.2 MacOS.................................................
    [Show full text]