BitTorrent’s Mainline DHT Security Assessment Juan Pablo Timpanaro, Thibault Cholez, Isabelle Chrisment, Olivier Festor To cite this version: Juan Pablo Timpanaro, Thibault Cholez, Isabelle Chrisment, Olivier Festor. BitTorrent’s Mainline DHT Security Assessment. NTMS - 4th IFIP International Conference on New Technologies, Mobility and Security - 2011, TELECOM ParisTECH, CNRS/LIMOS Laboratory, LIP6, Feb 2011, Paris, France. 10.1109/NTMS.2011.5721044. inria-00577043 HAL Id: inria-00577043 https://hal.inria.fr/inria-00577043 Submitted on 16 Mar 2011 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. BitTorrent’s Mainline DHT Security Assessment Juan Pablo Timpanaro, Thibault Cholez, Isabelle Chrisment*, Olivier Festor INRIA Nancy-Grand Est, France *LORIA - ESIAL, Henri Poincare´ University, Nancy 1, France Email: {juanpablo.timpanaro, thibault.cholez,olivier.festor}@inria.fr Email: {isabelle.chrisment}@loria.fr Abstract—BitTorrent is a widely deployed P2P file sharing • We propose a distributed architecture used to launch a protocol, extensively used to distribute digital content and soft- series of evaluation on the real network. ware updates, among others. Recent actions against torrent and • We adapt and analyse a set of protections mechanisms tracker repositories have fostered the move towards a fully distributed solution based on a distributed hash table to support proposed for the KAD DHT network [2], in order to fulfill both torrent search and tracker implementation. In this paper the security problems. we present a security study of the main decentralized tracker in • Along with the work done by Wolchok et al. [15], we BitTorrent, commonly known as the Mainline DHT. We show that complete the security view of BitTorrent’s decentralized the lack of security in Mainline DHT allows very efficient attacks trackers. that can easily impact the operation of the whole network. We also provide a peer-ID distribution analysis of the network, so as Even though these evaluations could have been done from a to adapt previous protection schemes to the Mainline DHT. The single computer, very basic rules to limit the number of peers mechanisms are assessed through large scale experiments on the per IP could easily mitigate a one-computer attack. Therefore, real DHT-based BitTorrent tracker. we chose a distributed approach. Index Terms—BitTorrent, Distributed Tracker, Mainline DHT, Security Assessment, Protection Mechanisms. The document is organized as follows. Section II presents a set of works in the area, regarding the BitTorrent protocol and a set of attacks, including monitoring. Section III details I. INTRODUCTION the distributed architecture proposed as well as the targeting BitTorrent [3] is a peer-to-peer protocol developed by Bram component of BitTorrent, its decentralized tracker. Section Cohen. A recent study [5] shows that between 43% and 70% of IV introduces how we exploit some vulnerabilities in this all Internet traffic is generated from BitTorrent clients, which alternative tracker and section V presents some mechanisms makes it the most popular peer-to-peer protocol. However, to avoid these attacks. Section VI concludes the paper. there have been several legal issues and complaints from music II. RELATED WORKS and movie companies, putting in jeopardy the continuity of its Regarding decentralized tracking, Crosby et al. [4] present success. Moreover, in some countries, there have already been a complete study about the two decentralized trackers in legal actions to successfully shut-down major trackers site, BitTorrent. They examine a variety of aspects, such as latency, such as The Pirate Bay or Mininova. Without a central server and detect problems mainly in the routing algorithms, and pro- to retrieve the peers participating in the download of a given posed a better maintenance of the routing table to avoid dead torrent, there is no possibility to join the network. However, an nodes. However they do not address any security problems. alternative tracking approach has already been implemented, Monitoring the BitTorrent network has been investigated in the decentralized tracking. Every peer in the network acts as several ways. [9] proposes a simple, but yet effective way a small tracker, allowing a fully-decentralized architecture, in of spying BitTorrent users, through exploiting the tracker’s which there is no central component to attack. Notwithstand- infrastructure. Piatek et al. [11] show how exploiting this ing, decentralized tracking in BitTorrent has major security infrastructure properly, can lead to implicate arbitrary network problems. In BitTorrent, there are two implementations of endpoints in illegal content sharing. Saganos et al. [12] analyse decentralized tracking, both based on the Kademlia DHT [10]. a set of top torrents in order to blacklist BitTorrent’s monitors. The Azureus DHT came first, and it is only used for this client. Both BitTorrent components, the tracker and the swarm In second place, the Mainline client introduced its DHT after itself, have been the core study in many research works. around a month later and it was adopted by several clients. This is not the case for the decentralized tracking. Jetter Being today the largest decentralized tracker in BitTorrent, et al. [6] propose a self-registration mechanism, as a way we restrict the focus in this study to the Mainline DHT. to avoid a Sybil attack in the BitTorrent DHT. They limit In this work, we make the following contributions as a way the number of peers per IP, so as to avoid an attacker to to protect the alternative tracking in BitTorrent, the Mainline launch several peers from a single machine. However, their decentralized tracking network: solution does not maintain backward compatibility, and using • We show the major security problems in the Mainline a distributed architecture will bypass this protection. On the DHT Network. other hand, Wolchok et al. [15] conduct a monitoring study on the Azureus DHT. They clearly show how the Azureus DHT can be crawled thanks to a Sybil attack, so as to rebuild from scratch a BitTorrent search engine as well as to monitor pirate’s behaviour. To our knowledge, we present the first security study in the Mainline DHT. This paper completes the work of Wolchok et al. by analysing Mainline DHT and its security characteristics. We extend our previous analysis in [2] to the Mainline DHT network in order to determinate if the security mechanisms can be applied. III. BITTORRENT ARCHITECTURE Fig. 1: BitTorrent DHT A. Overview of BitTorrent Architecture • Connection Obfuscation Considering BitTorrent and its architecture, the following We will focus on one extension, the Distributed Tracker. components can be described: This extension aims to replace the way a peer retrieves the • Tracker: Entity responsible for helping peers to find each list of peers sharing a file. Instead of using a central tracker, other by using a central tracker or a DHT service. a peer can use a decentralized service, where every peer is • Peers: Depending on if they have the entire file or only responsible to index a group of torrents. a part of it, can be respectively called ”Seeders” or There are two protocols to operate a distributed tracker in ”Leechers”. BitTorrent. The distributed tracker of Azureus, which is only • Swarm: The group of peers sharing the file. It is com- used by the Azureus client, now called Vuze, and the one of the posed of Seeders and Leechers. Mainline client. Both are based on the Kademlia Protocol, but • Torrent File: Contains Metadata describing the file to are incompatible between them. As we mentioned in section share. I we will focus our attention on the distributed tracker of the The torrent file contains mainly two parts. The first one Mainline client, commonly known as Mainline DHT. is normally a list of trackers, which will have indexed the In decentralized tracking, every peer is in charge of indexing torrent file. The second part, the info part, describes the file a group of torrents, mainly, those torrents that are close to to be shared and it contains a list of parts composing the file, the peer. The concept of closeness, as stated in Kademlia, is along with a piece-hash for later verification. based on the XOR distance between a peer ID and the torrent There are two steps when trying to download a file. ID. While the peer ID is chosen randomly, the torrent ID is In the first, a user wants to download a given file, which obtained by hashing the info part of the torrent file. has a torrent file associated. Once this user retrieves the torrent In Figure 1 we can observe the basic procedure to announce file, normally from a website that distributes them, it loads it a torrent and then retrieve the list of peers sharing it. into a BitTorrent client. Secondly, the BitTorrent client will Let’s assume Peer 9 is sharing the Nirvana file. It an- contact the trackers or the distributed tracker, and retrieve a nounces the torrent through an Announce message, specifying list of peers already sharing the file. Finally, the client will that it is sharing the torrent. In this case Peer 52 is responsible start contacting every peer to join the swarm. Contacting the to index this torrent and save the entry, because its ID is the tracker will make the peer to be added to the list of peers closest. Then, Peer 75 wants to download the Nirvana file, sharing the torrent.