Attacks on BitTorrent by c4KO9e

VIEWS: 23 PAGES: 42

									Attacks on BitTorrent
    Presented by Andrew Sprouse
         Attacks on BitTorrent
 What is BitTorrent?
 Why is it important?
 How does BitTorrent work?
 BitTorrent vulnerabilities
 Current solutions
 The future
         Attacks on BitTorrent
 What is BitTorrent?
 Why is it important?
 How does BitTorrent work?
 BitTorrent vulnerabilities
 Current solutions
 The future
           What is BitTorrent?
 Created by Brahm Cohen in 2001
 A peer-to-peer file transfer protocol
 Extremely popular today
         Attacks on BitTorrent
 What is BitTorrent?
 Why is it important?
 How does BitTorrent work?
 BitTorrent vulnerabilities
 Current solutions
 The future
          Why is it Important?
 It is used by millions of file sharers across the globe.




 Corporations and open source companies use it to
  save bandwidth.
    Why is it Important? (cont’d)
 In 2004 CacheLogic determined BitTorrent was
  responsible for 35% of internet Traffic.

 This has raised concerns amongst ISPs such a
  Comcast, Verizon and Time Warner.
         Attacks on BitTorrent
 What is BitTorrent?
 Why is it important?
 How does BitTorrent work?
 BitTorrent vulnerabilities
 Current solutions
 The future
             BitTorrent Basics
 Files are broken into pieces.
   Users each download different pieces from the original
    uploader (seed).
   Users exchange the pieces with their peers to obtain the
    ones they are missing.

 This process is organized by a centralized server called
  the Tracker.
            BitTorrent Protocol
 1. Seeder generates
  a torrent file

 Uploads torrent to a
  web server.

 Seeder – A client
  sharing 100% of the
  shared file.
            BitTorrent Protocol
 2. The seeder notifies
  the tracker that it is
  sharing the file
  described in the
  torrent file.
           BitTorrent Protocol
 3. A leecher
  downloads the torrent
  file from the web
  server

 Leecher – client
  downloading the
  shared file from the
  seeder.
           BitTorrent Protocol
 The leecher connects
  to the tracker
  specified in the torrent
  file.

 The tracker returns a
  list of other peers who
  are sharing the file.
          BitTorrent Protocol
 5. The leecher
  connects to its peers
  to retrieve pieces of
  the files.
      BitTorrent Client Details

 Clients verify the each downloaded piece against a
  SHA-1 hash contained in the .torrent file.

 Clients use a tit-for-tat strategy for choosing peers to
  upload/download to/from.
   Transfer-rate based
 Clients periodically disconnect from clients to connect
  to new ones.
   Called “Optimistic Unchoking”
         Attacks on BitTorrent
 What is BitTorrent?
 Why is it important?
 How does BitTorrent work?
 BitTorrent vulnerabilities
 Current solutions
 The future
      BitTorrent Vulnerabilities
 BitTorrent is vulnerable to the following attacks:
   Pollution Attack
   DDOS Attack
   Bandwidth Shaping
      BitTorrent Vulnerabilities
 BitTorrent is vulnerable to the following attacks:
   Pollution Attack
   DDOS Attack
   Bandwidth Shaping
              Pollution Attack
 1. The peers receive
  the peer list from the
  tracker.
              Pollution Attack
 2. One peer contacts
  the attacker for a
  chunk of the file.
               Pollution Attack
 The attacker sends
  back a false chunk.

 This false chunk will
  fail its hash and will
  be discarded.
             Pollution Attack
 4. Attacker requests
  all chunks from
  swarm and wastes
  their upload
  bandwidth.
        Pollution Attack (cont’d)
 Pollution attack have become increasingly popular and
  have been used by anti-piracy groups

 In 2005 HBO used pollution attacks to prevent people
  from downloading their show Rome.
      BitTorrent Vulnerabilities
 BitTorrent is vulnerable to the following attacks:
   Pollution Attack
   DDOS Attack
   Bandwidth Shaping
                DDOS Attack
 DDOS = Distributed denial of service
 Based on the fact the BitTorrent Tracker has no
  mechanism for validating peers.

 Uses modified client software
               DDOS Attack
 1. The attacker
  downloads a large
  number of torrent
  files from a web
  server.
                DDOS Attack
 2. The attacker
  parses the torrent
  files with a modified
  BitTorrent client and
  spoofs his IP
  address and port
  number with the
  victims as he
  announces he is
  joining the swarm.
                 DDOS Attack
 3. As the tracker
  receives requests for
  a list of participating
  peers from other
  clients it sends the
  victims IP and port
  number.
                DDOS Attack
 4. The peers then
  attempt to connect
  to the victim to try
  and download a
  chunk of the file.
      BitTorrent Vulnerabilities
 BitTorrent is vulnerable to the following attacks:
   Pollution Attack
   DDOS Attack
   Bandwidth Shaping
              Bandwidth Shaping
 Typically done by the BitTorrent user’s ISP




 Comcast has recently admitted to filtering BitTorrent traffic.
 Unencrypted BitTorrent packets are easily identified and
  filtered.
 Sophisticated filtering software can detect BitTorrent like
  behavior.
         Attacks on BitTorrent
 What is BitTorrent?
 Why is it important?
 How does BitTorrent work?
 BitTorrent vulnerabilities
 Current solutions
 The future
Current Solutions: Bandwidth
          Shaping
 Encryption
   Most popular BitTorrent clients come with option to
    encrypt the packets they send.
   Fools unsophisticated filters which simply look at the
    contents of the packet.
   Won’t work against filters which profile behavior over
    network boundaries.
Current Solutions: Bandwidth
       Shaping (cont’d)
 Tunneling
   Using VPN software to connect to an unfiltered network.
   Successfully bypasses filters.
   However due to the peer-to-peer nature of BitTorrent,
    your peers must also be on an unfiltered network to take
    full advantage.
 Current Solutions: Pollution
           Attacks
 Blacklisting
   Achieved using software such as Peer Guardian or
    moBlock.
   Blocks connections from blacklisted IPs which are
    downloaded from an online database.
         Attacks on BitTorrent
 What is BitTorrent?
 Why is it important?
 How does BitTorrent work?
 BitTorrent vulnerabilities
 Current solutions
 The future
                   The Future
 There has been much research in the area of peer-to-
  peer networking.

 One of the most popular suggestions in recent research
  is the integration of the notion of trustworthiness.
   Through the use of a “Trust Management System”
           Trust management
 A trustworthiness score is assigned to each peer in the
  swarm.

 These scores will allow better selection of peers.
 Currently BitTorrent's fairness system does not prevent
  free riders and malicious peers. Penalties are not in
  place for these "bad" users.

 BitTorrent uses a Rate fairness ratio only no notion of
  trust.
          An Example Trust
         Management System
 Debit-Credit
  Reputation system
 Each client calculates
  a trust score for their
  peers
 Based on valid pieces
  uploaded
 Tracker combines
  these individual scores
  to make a global score
      An Example Trust
   Management System (cont’d)
 Global trust managed by the tracker prevents clients
  from being dishonest.

 Solve the issue of pollution attacks by ignoring
  untrustworthy peers
   Trust systems are more flexible than blacklisting because
     peers can earn back their trust through good behavior.

 Prevent DDOS attacks because the victim will earn a
  low trust score and be ignored.
THE END
                     References

 This presentation is based on research paper done for
  CSU645 co-written by Timothy Biron and Andrew Sprouse
 http://www.ccs.neu.edu/home/als/termpaper.pdf
 http://www.bittorrent.org/beps/bep_0003.html
 http://radar.oreilly.com/archives/2005/10/hbo_attacking
  _bittorrent.html
 http://in.tech.yahoo.com/041103/137/2ho4i.html

								
To top