DOCSLIB.ORG

Real-World Sybil Attacks in Bittorrent Mainline DHT

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Real-World Sybil Attacks in Bittorrent Mainline DHT Real-World Sybil Attacks in BitTorrent Mainline DHT Liang Wang † Jussi Kangasharju †‡ †Department of Computer Science, University of Helsinki, Finland ‡Helsinki Institute for Information Technology, University of Helsinki, Finland www.helsinki.fi/yliopisto 1 Sunday, May 19, 2013 Contents Background Measurement Platform Types of Attacks Honeypot Design Real-World Attacks Threats & Solutions Conclusion www.helsinki.fi/yliopisto 2 Sunday, May 19, 2013 BitTorrent MLDHT BitTorrent is the most influential P2P software BitTorrent adopted DHT to support trackless mode More reliable and robust to single point of failure Avoid legal issues and becoming the lawyer’s target Two incompatible versions Mainline DHT (MLDHT) Vuze DHT Both are Kademlia-based DHT www.helsinki.fi/yliopisto 3 Sunday, May 19, 2013 BitTorrent MLDHT Building block of modern P2P software More and more P2P softwares supports MLDHT, over 16,000,000 users Forms a peculiar ecosystem Different implementation has slightly different interpretation of the standard protocol Only minimum functionalities of Kademlia MLDHT is simple but weak www.helsinki.fi/yliopisto 4 Sunday, May 19, 2013 Measurement Platform Two dedicated machines monitor the system Prevent the “sample gap” due to soft- and hardware failure Two crawlers with different crawling policy Continuously take “snapshot” of MLDHT 15 mins interval, started since 2010-12-07 Over 67,000 samples are collected www.helsinki.fi/yliopisto 5 Sunday, May 19, 2013 Measurement Platform A full-fledged monitoring system Five main components Automatically collect and analyze the sample Together with several honeypots to catch specific attacks MLDHT Monitor System Visualizer Crawler Analyzer Maintainer Injector www.helsinki.fi/yliopisto 6 Sunday, May 19, 2013 Two Basic Attacks - Sybil Attack First introduced by Douceur in “The Sybil Attack” in 2002 Inject multiple fake identities into the system Use them as a starting point to perform further attacks Can also be considered as routing table attack www.helsinki.fi/yliopisto 7 Sunday, May 19, 2013 Two Basic Attacks Horizontal Attack Spread sybils widely across the system Pollute as many routing table as possible Vertical Attack Isolate an node by filling routing table with malicious nodes Target can be content (more general than Eclipse Attack) Hybrid Attack Combined both Horizontal and Vertical attacks www.helsinki.fi/yliopisto 8 Sunday, May 19, 2013 BitTorrent MLDHT - Four Control Messages PING ‒ Probe a node’s availability. FIND_NODE ‒ Given a target ID, find the K closest neighbors of the ID. GET_PEERS ‒ given an infohash, get the initial peer set. ANNOUNCE_PEER ‒ a peer announces it belongs to a swarm. www.helsinki.fi/yliopisto 9 Sunday, May 19, 2013 Normal Operation Peer 11 Peer 95 A (Peer 29) 4 Peer 33 C (Peer 82) BT Protocol 1 2 Announce Peer (29,59) Peer 78 Get Peers Peer 36 (82,59) 3 Peer 71 Peer 43 Peer 65 Peer 51 B (Peer 57) www.helsinki.fi/yliopisto 10 Sunday, May 19, 2013 Two Basic Attacks - Horizontal Attack Peer 11 Peer 95 Peer 29 Find Node Peer 33 Peer 82 (29,78) I am 78 Find Node (82,57) Peer 78 Peer 36 1 Find Node I am 57 (43,65) I am 65 2 Peer 71 Peer 43 Peer 65 Peer 51 Peer 57 www.helsinki.fi/yliopisto 11 Sunday, May 19, 2013 Two Basic Attacks - Horizontal Attack Horizontal attack spreads sybils widely across the system The aim is to pollute as many routing tables as possible The number of sybils in one routing table is not the concern A successful horizontal attack can let the attacker sniff most of the control messages and therefore hijack the system In MLDHT, this attack can be carried out with very limited physical resources www.helsinki.fi/yliopisto 12 Sunday, May 19, 2013 Two Basic Attacks - Vertical Attack Peer 11 Peer 95 Peer 29 Peer 33 Peer 82 1 Get Peers (82,59) Announce Peer (29,59) Peer 78 3 2 Peer 36 BT Protocol Sybil Sybil Peer 43 Peer 71 Sybil Sybil 4 Sybil Peer 65 Peer 51 Peer 57 www.helsinki.fi/yliopisto 13 Sunday, May 19, 2013 Two Basic Attacks - Vertical Attack Vertical attack attempts to insert as many sybils as possible in one specific routing table. Similar to eclipse attack, but broader in the sense it can target content After launching an attack, the attacker waits for an interesting target ID, either node ID or content infohash. Then, the attacker inserts sybils close to the target to ”isolate” it from the others. www.helsinki.fi/yliopisto 14 Sunday, May 19, 2013 Honeypot Design - Three Types of Honeypots Detector ‒ First round filtering, identifying suspicious nodes ‒ Work on the MLDHT protocol level MLDHT honeypot ‒ Second round filtering, identify vertical and hybrid attacks ‒ Work on the MLDHT protocol level BitTorrent honeypot ‒ Work on the BitTorrent protocol level ‒ Identify further malicious behaviors www.helsinki.fi/yliopisto 15 Sunday, May 19, 2013 Honeypot Design - Three Types of Honeypots Detector First round filtering, identifying suspicious nodes Use FIND_NODE to find “non-existent” ID in MLDHT ‒ If some node claims as the owner of the ID ---> Suspicious! Use GET_PEERS to find “non-existent” infohash in MLDHT ‒ if someone comes to us with those IDs ---> Suspicious! Try to catch horizontal attacks ‒ because in reality, horizontal attack is the starting point of a successful large-scale attack www.helsinki.fi/yliopisto 16 Sunday, May 19, 2013 Honeypot Design - MLDHT Honeypot MLDHT honeypot Detect vertical and hybrid attacks Suppose our own ID is x, use GET_PEERS to find x+1 ‒ Not such content with infohash x+1 at all in MLDHT ‒ Normal behavior is replying with k nodes with closest ID ‒ However, lots of nodes came and used “scrape” to probe us ‒ Some immediately started vertical attacks by inserting sybils ‒ Some tried to set up BT level connection to get the metainfo www.helsinki.fi/yliopisto 17 Sunday, May 19, 2013 Honeypot Design - BitTorrent Honeypot BitTorrent honeypot Work on the BitTorrent protocol level Third round filtering, check if there are further actions Most tried to get the metainfo for the infohash But nobody really tried to retrieve any data www.helsinki.fi/yliopisto 18 Sunday, May 19, 2013 Real-World Attacks Two main players (or attacker?) Mr. ISP and Mr. 50 Suspicious behavior, but not really malicious (depends on the standards) Quite amount of smaller players from various orgs www.helsinki.fi/yliopisto 19 Sunday, May 19, 2013 Real-World Attacks - Mr. 50 Two (or more) virtual nodes from Amazon EC2 platform large-scale horizontal attacks The one with IP starting with 50 was the most active one The app was optimized to perform horizontal attack Not maintain states for the nodes Only answer certain messages in order to stay in RT Collect infohashes, later other nodes will get metainfo Like a virus, even the honest node can help propagate www.helsinki.fi/yliopisto 20 Sunday, May 19, 2013 Real-World Attacks - Mr. 50 Very active since the beginning of 2011 We can see the clear “test phase” and “deploy phase” www.helsinki.fi/yliopisto 21 Sunday, May 19, 2013 Real-World Attacks - Mr. 50 Very active since the beginning of 2011 We can see the clear “test phase” and “deploy phase” 5 x 10 3 Mr.50 2.5 Mr.184 2 1.5 # of sybils 1 0.5 0 Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec www.helsinki.fi/yliopisto 21 Sunday, May 19, 2013 Real-World Attacks - Mr. ISP Several ISPs perform intensive “vertical attacks” Very resourceful Further investigation shows the main purpose is to localize BitTorrent traffic www.helsinki.fi/yliopisto 22 Sunday, May 19, 2013 Real-World Attacks - Mr. ISP Several ISPs perform intensive “vertical attacks” Very resourceful Further investigation shows the main purpose is to localize BitTorrent traffic 1 insider 0.8 outsider 0.6 0.4 0.2 Percent of native nodes 0 1 2 3 4 5 6 7 8 File Index www.helsinki.fi/yliopisto 22 Sunday, May 19, 2013 Real-World Attacks - Mr. ISP insider - connect to MLDHT with an IP in the ISP network outsider - connect to MLDHT with an IP outside ISP native node - node in the same ISP network www.helsinki.fi/yliopisto 23 Sunday, May 19, 2013 Real-World Attacks - Mr. ISP insider - connect to MLDHT with an IP in the ISP network outsider - connect to MLDHT with an IP outside ISP native node - node in the same ISP network 1 insider 0.8 outsider 0.6 0.4 0.2 Percent of native nodes 0 1 2 3 4 5 6 7 8 File Index www.helsinki.fi/yliopisto 23 Sunday, May 19, 2013 Threats & Analysis Monitor a large fraction of user activities and traffic Can disturb operation of system Pollute or even effectively censor certain content Hijack system with limited resource is possible Violate user privacy www.helsinki.fi/yliopisto 24 Sunday, May 19, 2013 Threats & Analysis The trend of sybil attack is increasing 5 x 10 Mr.184: 3% 3 Other: 14% 2.5 2 1.5 # of sybils 1 Mr.50: 56% Mr.ISP: 27% 0.5 0 Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec www.helsinki.fi/yliopisto 25 Sunday, May 19, 2013 Possible Solutions Root of the problem - Letting a node choose its own ID Weakness has been well-understood over a decade, but the problem is still there Various solutions, but no silver bullet central, trusted authority to issue ID charge money on ID introduce social network into the system www.helsinki.fi/yliopisto 26 Sunday, May 19, 2013 Conclusion Introduce two basic attacks in MLDHT Hybrid attack can hijack whole system with limited physical resources Extensive measurements to identify real-world attacks Analyze potential damage and discuss possible solutions www.helsinki.fi/yliopisto 27 Sunday, May 19, 2013 Thanks! Questions? www.helsinki.fi/yliopisto 28 Sunday, May 19, 2013.
Load more

Recommended publications
  • Digital Fountain Erasure-Recovery in Bittorrent
    UNIVERSITÀ DEGLI STUDI DI BERGAMO Facoltà di Ingegneria Corso di Laurea Specialistica in Ingegneria Informatica Classe n. 35/S – Sistemi Informatici Digital Fountain Erasure Recovery in BitTorrent: integration and security issues Relatore: Chiar.mo Prof. Stefano Paraboschi Correlatore: Chiar.mo Prof. Andrea Lorenzo Vitali Tesi di Laurea Specialistica Michele BOLOGNA Matricola n. 56108 ANNO ACCADEMICO 2007 / 2008 This thesis has been written, typeset and prepared using LATEX 2". Printed on December 5, 2008. Alla mia famiglia “Would you tell me, please, which way I ought to go from here?” “That depends a good deal on where you want to get to,” said the Cat. “I don’t much care where —” said Alice. “Then it doesn’t matter which way you go,” said the Cat. “— so long as I get somewhere,” Alice added as an explanation. “Oh, you’re sure to do that,” said the Cat, “if you only walk enough.” Lewis Carroll Alice in Wonderland Acknowledgments (in Italian) Ci sono molte persone che mi hanno aiutato durante lo svolgimento di questo lavoro. Il primo ringraziamento va ai proff. Stefano Paraboschi e Andrea Vitali per la disponibilità, la competenza, i consigli, la pazienza e l’aiuto tecnico che mi hanno saputo dare. Grazie di avermi dato la maggior parte delle idee che sono poi confluite nella mia tesi. Un sentito ringraziamento anche a Andrea Rota e Ruben Villa per l’aiuto e i chiarimenti che mi hanno gentilmente fornito. Vorrei ringraziare STMicroelectronics, ed in particolare il gruppo Advanced System Technology, per avermi offerto le infrastrutture, gli spa- zi e tutto il necessario per svolgere al meglio il mio periodo di tirocinio.
    [Show full text]
  • Connectivity Properties of Mainline Bittorrent DHT Nodes
    IEEE P2P'09 - Sept. 9-11, 2009 Connectivity Properties of Mainline BitTorrent DHT Nodes Raul Jimenez Flutra Osmani Bj¨orn Knutsson Royal Institute of Technology (KTH) ICT/TSLAB Stockholm, Sweden {rauljc, flutrao, bkn}@kth.se Abstract raises some concerns about the scalability and resilience of the technology. The birth and evolution of Peer-to-Peer (P2P) protocols Our work is part of the P2P-Next[1] project, which is have, for the most part, been about peer discovery. Napster, supported by many partners including the EBU2 who claims one of the first P2P protocols, was basically FTP/HTTP to have more than 650 million viewers weekly. In the face plus a way of finding hosts willing to send you the file. Since of such load, scalability and resilience become vital compo- then, both the transfer and peer discovery mechanisms have nents of the underlying technology. improved, but only recently have we seen a real push to In BitTorrent, content is distributed in terms of objects, completely decentralized peer discovery to increase scal- consisting of one or more files, and these objects are de- ability and resilience. scribed by a torrent-file. The clients (peers)participatingin Most such efforts are based on Distributed Hash Tables the distribution of one such object form a swarm. (DHTs), with Kademlia being a popular choice of DHT im- Aswarmiscoordinatedbyatracker,whichkeepstrack plementation. While sound in theory, and performing well of every peer in the swarm. In order to join a swarm, a peer in simulators and testbeds, the real-world performance of- must contact the tracker, which registers the new peer and ten falls short of expectations.
    [Show full text]
  • Kademlia on the Open Internet
    Kademlia on the Open Internet How to Achieve Sub-Second Lookups in a Multimillion-Node DHT Overlay RAUL JIMENEZ Licentiate Thesis Stockholm, Sweden 2011 TRITA-ICT/ECS AVH 11:10 KTH School of Information and ISSN 1653-6363 Communication Technology ISRN KTH/ICT/ECS/AVH-11/10-SE SE-164 40 Stockholm ISBN 978-91-7501-153-0 SWEDEN Akademisk avhandling som med tillstånd av Kungl Tekniska högskolan framlägges till offentlig granskning för avläggande av Communication Systems fredag den 9 december 2011 klockan 10.00 i C2, Electrum, Kungl Tekniska högskolan, Forum, Isafjordsgatan 39, Kista. © Raul Jimenez, December 2011 This work is licensed under a Creative Commons Attribution 2.5 Sweden License. http://creativecommons.org/licenses/by/2.5/se/deed.en Tryck: Universitetsservice US AB iii Abstract Distributed hash tables (DHTs) have gained much attention from the research community in the last years. Formal analysis and evaluations on simulators and small-scale deployments have shown good scalability and per- formance. In stark contrast, performance measurements in large-scale DHT overlays on the Internet have yielded disappointing results, with lookup latencies mea- sured in seconds. Others have attempted to improve lookup performance with very limited success, their lowest median lookup latency at over one second and a long tail of high-latency lookups. In this thesis, the goal is to to enable large-scale DHT-based latency- sensitive applications on the Internet. In particular, we improve lookup la- tency in Mainline DHT, the largest DHT overlay on the open Internet, to identify and address practical issues on an existing system.
    [Show full text]
  • Bittorrent Protocol the Mainline Dht
    Università degli Studi di Pisa Dipartimento di Informatica P2P Systems and Blockchains Spring 2021, instructor: Laura Ricci [email protected] Lesson 6: BITTORRENT PROTOCOL THE MAINLINE DHT 4/3/2021 Dipartimento di Informatica Laura Ricci Università degli Studi di Pisa The Bittorrent Protocol, the Mainline DHT, 1 BITTORRENT: OVERVIEW key idea: in 2002, Bran Cohen content popularity exhibits temporal locality (Flash Crowds) e.g. CNN on 9/11, new movie/game release,... goal: efficient content distribution system initially focused on distributing content efficiently, not on searching distribute the same file to all peers throughput increases with the number of downloaders an efficient use of network bandwidth single publisher, multiple downloaders later introduce also searching functionality: Kademlia has many “legal” publishers Blizzard Entertainment using it to distribute the beta of their new game Dipartimento di Informatica Laura Ricci Università degli Studi di Pisa The Bittorrent Protocol, the Mainline DHT, 2 THE CLIENT SERVER MODEL Dipartimento di Informatica Laura Ricci Università degli Studi di Pisa The Bittorrent Protocol, the Mainline DHT, 3 BITTORRENT IN A NUTSHELL more nodes can serve the content, not only one server needs a mechanism to detect which node is currently providing the content introducing the tracker taking trace of who is currently providing the content Joe connects to the tracker announcing the content the tracker now knows Joe is providing the file only for a better visualization nodes are arranged
    [Show full text]
  • Towards a Basic DHT Service: Analyzing Network Characteristics of a Widely Deployed DHT
    Towards a Basic DHT Service: Analyzing Network Characteristics of a Widely Deployed DHT Konrad Junemann,¨ Philipp Andelfinger, and Hannes Hartenstein Steinbuch Centre for Computing (SCC) Karlsruhe Institute of Technology (KIT), Germany {juenemann, hartenstein}@kit.edu, philipp.andelfi[email protected] Abstract—Distributed Hash Tables (DHTs) prove valuable for DHT-based applications without having to worry about DHT distributed architectures by providing distributed information deployment, running OpenDHT nodes on PlanetLab entailed lookup, routing, and data storage while promising good scala- two disadvantages: first, the DHT did not scale with growing bility and robustness at the same time. From this point of view, a DHT could be seen as a basic service that can be used to numbers of clients as the DHT consisted of a fixed number of build distributed applications. Whereas today no widely deployed (centrally administered) PlanetLab nodes only and clients did and publicly accessible basic DHT service exists and thus DHT- not contribute to the DHT. Second, the OpenDHT nodes had based applications have to deploy their very own DHT networks, to be maintained. DHTs consisting of millions of peers are formed by file sharing Simultaneously, the file-sharing community started lever- clients. Although the interfaces of typical DHTs used for file sharing are too narrow, a basic DHT service could probably be aging DHTs to replace centralized components within their created by bundling a suitable client implementation with file file sharing networks. Therefore, DHT clients were bundled sharing software. In this paper, we evaluate whether a basic with file sharing clients, resulting in widely deployed DHTs DHT service could suit the needs of DHT-based applications introduced by clients like Azureus [31], eDonkey or the Bit- in terms of stability, number of participating peers, the peers’ Torrent Mainline client [13].
    [Show full text]
  • A Pragmatic Analysis of Peer to Peer Networks and Protocols for Security and Confidentiality
    http://www.ijccr.com International Manuscript ID : ISSN2249054X-V2I6M7-112012 VOLUME 2 ISSUE 6 November 2012 A PRAGMATIC ANALYSIS OF PEER TO PEER NETWORKS AND PROTOCOLS FOR SECURITY AND CONFIDENTIALITY Anil Saroliya 1, Upendra Mishra 2, Ajay Rana 3 1Department of Computer Science, Amity University Rajasthan, Jaipur, India; 2Department of Mathematics, Amity University Rajasthan, Jaipur, India; 3Department of Computer Science, Amity University Utter Pradesh, Noida, India; ABSTRACT The internet as we ought to understand it is a dramatized environment that links together various information, networks and communication channels. However, the bitter truth lies in the fact that the Internet has largely grown into a drone that lacks essential centralized control. Putting into simpler terms, with the day by day growth of the Internet, it is simply beginning to lack any hierarchical control. With this growth, comes the need of large scale data distribution, content sharing and multicasting applications. In other words, the need of the hour lays in extensive use of Peer-to-Peer (P2P) networks. The P2P networks are loaded with the abilities to provide many handy features such as selection of most accurately reachable peers, powerful search mechanisms or location of data together with hierarchical name stay. The P2P networks have the special ability to organize and handle self-framed routing architecture that also helps in measuring massive scalability and hence provides a robust and efficient load balance of the world wide network or simply the Internet. Despite the numerous merits of P2P Networks over the near obsolete client- server mechanisms, there have also been some shortcomings in the same.
    [Show full text]
  • Deployment of NAT Vs. Ipv6 in Bittorrent
    Deployment of NAT vs. IPv6 in BitTorrent Simon Müller Elgg, Switzerland Student ID: 12-715-389 – Communication Systems Group, Prof. Dr. Burkhard Stiller HESIS T Supervisor: Andri Lareida, Thomas Bocek ACHELOR B Date of Submission: December 5, 2016 University of Zurich Department of Informatics (IFI) Binzmühlestrasse 14, CH-8050 Zürich, Switzerland ifi Bachelor Thesis Communication Systems Group (CSG) Department of Informatics (IFI) University of Zurich Binzmühlestrasse 14, CH-8050 Zürich, Switzerland URL: http://www.csg.uzh.ch/ Abstract Der globale IPv4 Adressraum ist fast komplett ersch¨opft. Dies stellt fur¨ Internet Service Provider (ISPs) eine grosse Herausforderung dar. Der Nachfolger, IPv6, wurde als L¨osung fur¨ dieses Problem entwickelt. Trotzdem bieten viele ISPs noch immer nur IPv4 Verbin- dungen mit Ubergangsl¨ ¨osungen wie Netzwerkadressubersetzung¨ (NAT) an, um das Pro- blem der Adressraumersch¨opfung zu umgehen. In dieser Arbeit wurde VIOLA, ein Messsy- stem fur¨ das BitTorrent-Netzwerk, mit IPv6 Unterstutzung¨ erweitert, um eine einw¨ochige Messung des BitTorrent-IPv6-Netzwerks durchzufuhren.¨ Selbst wenn das Streaming von Video- und Audiodaten mittlerweile den Hauptteil des weltweiten Internetverkehrs aus- machen, so macht der Peer-to-peer Verkehr doch noch einen deutlichen Anteil davon aus. Mit den Messdaten wurde die Frage beantwortet, ob es einen Zusammenhang zwischen dem Anteil an NAT der in einer Region gemessen wird und der Anzahl an verfugbaren¨ IPv6 Adressen gibt. Die Resultate machen deutlich, dass dem nicht so ist. Mit den ge- sammelten Daten wird zudem ein umfassender Uberblick¨ uber¨ das aktuelle Stadium und die Evolution von IPv6 im BitTorrent-Netzwerk gegeben. The global IPv4 address space is almost completely exhausted.
    [Show full text]
  • Summary of the Bittorrent Protocol
    Summary of the BitTorrent Protocol Guest lecturer: Petri Savolainen Discussion on modelling and BitTorrent BitTorrent BitTorrent is based on the notion of a torrent, which is a smallish file that contains metadata about a host, the tracker, that coordinates the file distribution and files that are shared A peer that wishes to make data available must first find a tracker for the data, create a torrent, and then distribute the torrent file. Other peers can then using information contained in the torrent file assist each other in downloading the file The download is coordinated by the tracker. In BitTorrent terminology, peers that provide a complete file with all of its pieces are called seeders BitTorrent: Downloading Files Torrent server 1. Upload torrent file Search 2. Provide first seed Seeder Tracker engine Torrent file 4. Contact tracker Torrent file points to List of peers tracker 3. Post search request and 5. Contact seeder for pieces retrieve link to torrent file Peer 6. Trade pieces with peers Peer Difference to HTTP A BitTorrent file download differs from an HTTP request in the following ways: – BitTorrent uses multiple parallel connections to improve download rates, whereas Web browsers typically use a single TCP Socket to transfer HTTP requests and responses – BitTorrent is peer-assisted whereas HTTP request is strictly client-server – BitTorrent uses the random or rarest-first mechanisms to ensure data availability, whereas HTTP is incremental Characteristics of the BitTorrent protocol I/II • Peer selection is about selecting peers who are willing to share files back to the current peer – Tit for tat in peer selection based on download-speed.
    [Show full text]
  • Bittorrent (Protocol) 1 Bittorrent (Protocol)
    BitTorrent (protocol) 1 BitTorrent (protocol) BitTorrent is a peer-to-peer file sharing protocol used for distributing large amounts of data over the Internet. BitTorrent is one of the most common protocols for transferring large files and it has been estimated that peer-to-peer networks collectively have accounted for roughly 43% to 70% of all Internet traffic (depending on geographical location) as of February 2009.[1] Programmer Bram Cohen designed the protocol in April 2001 and released a first implementation on July 2, 2001.[2] It is now maintained by Cohen's company BitTorrent, Inc. There are numerous BitTorrent clients available for a variety of computing platforms. As of January 2012 BitTorrent has 150 million active users according to BitTorrent Inc.. Based on this the total number of monthly BitTorrent users can be estimated at more than a quarter billion.[3] At any given instant of time BitTorrent has, on average, more active users than YouTube and Facebook combined. (This refers to the number of active users at any instant and not to the total number of unique users.)[4][5] Description The BitTorrent protocol can be used to reduce the server and network impact of distributing large files. Rather than downloading a file from a single source server, the BitTorrent protocol allows users to join a "swarm" of hosts to download and upload from each other simultaneously. The protocol is an alternative to the older single source, multiple mirror sources technique for distributing data, and can work over networks with lower bandwidth so many small computers, like mobile phones, are able to efficiently distribute files to many recipients.
    [Show full text]
  • Measuring Large-Scale Distributed Systems: Case of Bittorrent
    13-th IEEE International Conference on Peer-to-Peer Computing Measuring Large-Scale Distributed Systems: Case of BitTorrent Mainline DHT Liang Wang and Jussi Kangasharju Department of Computer Science University of Helsinki, Finland Abstract—Peer-to-peer networks have been quite thoroughly methods, we show what the causes of the errors are and that measured over the past years, however it is interesting to note that by fixing those issues, correct results can be obtained. the BitTorrent Mainline DHT has received very little attention Additionally, we obtain a comprehensive picture of users even though it is by far the largest of currently active overlay of Mainline DHT, which is the largest DHT network in the systems, as our results show. As Mainline DHT differs from other systems, existing measurement methodologies are not appropriate Internet. Although our focus is not on presenting the actual for studying it. In this paper we present an efficient methodology measurement data from Mainline DHT, we will briefly present for estimating the number of active users in the network. We have the main findings regarding the number of nodes and the churn identified an omission in previous methodologies used to measure patterns, since previous reports on these have been inaccurate. the size of the network and our methodology corrects this. Our The contributions of this paper are as follows: method is based on modeling crawling inaccuracies as a Bernoulli process. It guarantees a very accurate estimation and is able to 1) We identify a systematic error in previous works mea- provide the estimate in about 5 seconds.
    [Show full text]
  • Crawling Bittorrent Dhts for Fun and Profit
    Crawling BitTorrent DHTs for Fun and Profit Scott Wolchok and J. Alex Halderman The University of Michigan {swolchok, jhalderm}@eecs.umich.edu Abstract major torrent discovery sites and the major trackers [1,29] is feasible. Though a boon to copyright enforcement, this This paper presents two kinds of attacks based on crawl- capability reduces the privacy of BitTorrent downloaders ing the DHTs used for distributed BitTorrent tracking. by making it much harder to “hide in the crowd.” First, we show how pirates can use crawling to rebuild The BitTorrent community has responded to these BitTorrent search engines just a few hours after they are trends by deploying decentralizing tracking systems based shut down (crawling for fun). Second, we show how on distributed hash tables (DHTs). So far, their impact content owners can use related techniques to monitor pi- on privacy and copyright enforcement has been unclear. rates’ behavior in preparation for legal attacks and negate Distributed tracking is harder to disrupt through legal any perceived anonymity of the decentralized BitTorrent threats, but users still rely on centralized torrent discov- architecture (crawling for profit). ery sites that remain relatively easy targets. Some might We validate these attacks and measure their perfor- expect that decentralizing the tracking architecture would mance with a crawler we developed for the Vuze DHT. enhance privacy by making monitoring more difficult, but We find that we can establish a search engine with over the question has received little research attention to date. one million torrents in under two hours using a single In this work, we demonstrate how deployed distributed desktop PC.
    [Show full text]
  • Desarrollo De Una Aplicación Bittorrent (En Pharo-Smalltalk)
    Desarrollo de una aplicación BitTorrent (en Pharo-Smalltalk) Trabajo Final de Grado David Gracia Celemendi Director: Jordi Delgado Pin Departamento de Ciencias de la Computación (CS) Fecha de defensa: octubre de 2015 Titulación: Grado en Ingeniería Informática Especialidad: Computación Facultad de Informática de Barcelona (FIB) página en blanco 1 Resumen Desde principios del 2000, el uso de redes peer-to-peer ha experimentado un gran crecimiento. Gran parte del tráfico de Internet lo generan las apli- caciones BitTorrent. BitTorrent especifica un protocolo para el intercambio de ficheros usando un modelo peer-to-peer que se caracteriza por su gran escalabilidad y robustez. Este proyecto consiste en el desarrollo de una apli- cación BitTorrent desde cero con el sistema Pharo-Smalltalk. Primero se hace un repaso a la historia del intercambio de ficheros desde sus inicios hasta la actualidad. Después se comparan las redes cliente-servidor con las redes peer-to-peer, y se distingue dentro de éstas últimas entre redes estruc- turadas y redes no estructuradas. Se da una explicación del funcionamiento de BitTorrent y, por último, se profundiza en el diseño y la implementación de la aplicación. Abstract Since 2000 peer-to-peer networks use has increased very fast. Most Internet traffic is generated by BitTorrent applications. BitTorrent specify a file sharing protocol over peer-to-peer model whose strength is scalability and robustness. This project is about developing a BitTorrent application from scratch with Pharo-Smalltalk system. First of all, a file sharing history review is done from beginning up to now. Next, client-server and peer- to-peer models are compared, and peer-to-peer networks are classified in unstructured and structured.
    [Show full text]