Embed

Attacks on BitTorrent

Document Sample

Shared by: HC111210131649

Tags

Stats

views:: 1
posted:: 12/10/2011
language:
pages:: 42

Public Domain

Attacks on BitTorrent

Presented by Andrew Sprouse

Attacks on BitTorrent

 What is BitTorrent?

 Why is it important?

 How does BitTorrent work?

 BitTorrent vulnerabilities

 Current solutions

 The future

Attacks on BitTorrent

 What is BitTorrent?

 Why is it important?

 How does BitTorrent work?

 BitTorrent vulnerabilities

 Current solutions

 The future

What is BitTorrent?

 Created by Brahm Cohen in 2001

 A peer-to-peer file transfer protocol

 Extremely popular today

Attacks on BitTorrent

 What is BitTorrent?

 Why is it important?

 How does BitTorrent work?

 BitTorrent vulnerabilities

 Current solutions

 The future

Why is it Important?

 It is used by millions of file sharers across the globe.

 Corporations and open source companies use it to

save bandwidth.

Why is it Important? (cont’d)

 In 2004 CacheLogic determined BitTorrent was

responsible for 35% of internet Traffic.

 This has raised concerns amongst ISPs such a

Comcast, Verizon and Time Warner.

Attacks on BitTorrent

 What is BitTorrent?

 Why is it important?

 How does BitTorrent work?

 BitTorrent vulnerabilities

 Current solutions

 The future

BitTorrent Basics

 Files are broken into pieces.

 Users each download different pieces from the original

uploader (seed).

 Users exchange the pieces with their peers to obtain the

ones they are missing.

 This process is organized by a centralized server called

the Tracker.

BitTorrent Protocol

 1. Seeder generates

a torrent file

 Uploads torrent to a

web server.

 Seeder – A client

sharing 100% of the

shared file.

BitTorrent Protocol

 2. The seeder notifies

the tracker that it is

sharing the file

described in the

torrent file.

BitTorrent Protocol

 3. A leecher

downloads the torrent

file from the web

server

 Leecher – client

downloading the

shared file from the

seeder.

BitTorrent Protocol

 The leecher connects

to the tracker

specified in the torrent

file.

 The tracker returns a

list of other peers who

are sharing the file.

BitTorrent Protocol

 5. The leecher

connects to its peers

to retrieve pieces of

the files.

BitTorrent Client Details

 Clients verify the each downloaded piece against a

SHA-1 hash contained in the .torrent file.

 Clients use a tit-for-tat strategy for choosing peers to

upload/download to/from.

 Transfer-rate based

 Clients periodically disconnect from clients to connect

to new ones.

 Called “Optimistic Unchoking”

Attacks on BitTorrent

 What is BitTorrent?

 Why is it important?

 How does BitTorrent work?

 BitTorrent vulnerabilities

 Current solutions

 The future

BitTorrent Vulnerabilities

 BitTorrent is vulnerable to the following attacks:

 Pollution Attack

 DDOS Attack

 Bandwidth Shaping

BitTorrent Vulnerabilities

 BitTorrent is vulnerable to the following attacks:

 Pollution Attack

 DDOS Attack

 Bandwidth Shaping

Pollution Attack

 1. The peers receive

the peer list from the

tracker.

Pollution Attack

 2. One peer contacts

the attacker for a

chunk of the file.

Pollution Attack

 The attacker sends

back a false chunk.

 This false chunk will

fail its hash and will

be discarded.

Pollution Attack

 4. Attacker requests

all chunks from

swarm and wastes

their upload

bandwidth.

Pollution Attack (cont’d)

 Pollution attack have become increasingly popular and

have been used by anti-piracy groups

 In 2005 HBO used pollution attacks to prevent people

from downloading their show Rome.

BitTorrent Vulnerabilities

 BitTorrent is vulnerable to the following attacks:

 Pollution Attack

 DDOS Attack

 Bandwidth Shaping

DDOS Attack

 DDOS = Distributed denial of service

 Based on the fact the BitTorrent Tracker has no

mechanism for validating peers.

 Uses modified client software

DDOS Attack

 1. The attacker

downloads a large

number of torrent

files from a web

server.

DDOS Attack

 2. The attacker

parses the torrent

files with a modified

BitTorrent client and

spoofs his IP

address and port

number with the

victims as he

announces he is

joining the swarm.

DDOS Attack

 3. As the tracker

receives requests for

a list of participating

peers from other

clients it sends the

victims IP and port

number.

DDOS Attack

 4. The peers then

attempt to connect

to the victim to try

and download a

chunk of the file.

BitTorrent Vulnerabilities

 BitTorrent is vulnerable to the following attacks:

 Pollution Attack

 DDOS Attack

 Bandwidth Shaping

Bandwidth Shaping

 Typically done by the BitTorrent user’s ISP

 Comcast has recently admitted to filtering BitTorrent traffic.

 Unencrypted BitTorrent packets are easily identified and

filtered.

 Sophisticated filtering software can detect BitTorrent like

behavior.

Attacks on BitTorrent

 What is BitTorrent?

 Why is it important?

 How does BitTorrent work?

 BitTorrent vulnerabilities

 Current solutions

 The future

Current Solutions: Bandwidth

Shaping

 Encryption

 Most popular BitTorrent clients come with option to

encrypt the packets they send.

 Fools unsophisticated filters which simply look at the

contents of the packet.

 Won’t work against filters which profile behavior over

network boundaries.

Current Solutions: Bandwidth

Shaping (cont’d)

 Tunneling

 Using VPN software to connect to an unfiltered network.

 Successfully bypasses filters.

 However due to the peer-to-peer nature of BitTorrent,

your peers must also be on an unfiltered network to take

full advantage.

Current Solutions: Pollution

Attacks

 Blacklisting

 Achieved using software such as Peer Guardian or

moBlock.

 Blocks connections from blacklisted IPs which are

downloaded from an online database.

Attacks on BitTorrent

 What is BitTorrent?

 Why is it important?

 How does BitTorrent work?

 BitTorrent vulnerabilities

 Current solutions

 The future

The Future

 There has been much research in the area of peer-to-

peer networking.

 One of the most popular suggestions in recent research

is the integration of the notion of trustworthiness.

 Through the use of a “Trust Management System”

Trust management

 A trustworthiness score is assigned to each peer in the

swarm.

 These scores will allow better selection of peers.

 Currently BitTorrent's fairness system does not prevent

free riders and malicious peers. Penalties are not in

place for these "bad" users.

 BitTorrent uses a Rate fairness ratio only no notion of

trust.

An Example Trust

Management System

 Debit-Credit

Reputation system

 Each client calculates

a trust score for their

peers

 Based on valid pieces

uploaded

 Tracker combines

these individual scores

to make a global score

An Example Trust

Management System (cont’d)

 Global trust managed by the tracker prevents clients

from being dishonest.

 Solve the issue of pollution attacks by ignoring

untrustworthy peers

 Trust systems are more flexible than blacklisting because

peers can earn back their trust through good behavior.

 Prevent DDOS attacks because the victim will earn a

low trust score and be ignored.

THE END

References

 This presentation is based on research paper done for

CSU645 co-written by Timothy Biron and Andrew Sprouse

 http://www.ccs.neu.edu/home/als/termpaper.pdf

 http://www.bittorrent.org/beps/bep_0003.html

 http://radar.oreilly.com/archives/2005/10/hbo_attacking

_bittorrent.html

 http://in.tech.yahoo.com/041103/137/2ho4i.html