Attacks on BitTorrent

1
Attacks on BitTorrent

• Presented by Andrew Sprouse

2
Attacks on BitTorrent

• What is BitTorrent?
• Why is it important?
• How does BitTorrent work?
• BitTorrent vulnerabilities
• Current solutions
• The future

3
Attacks on BitTorrent

• What is BitTorrent?
• Why is it important?
• How does BitTorrent work?
• BitTorrent vulnerabilities
• Current solutions
• The future

4
What is BitTorrent?

• Created by Brahm Cohen in 2001
• A peer-to-peer file transfer protocol
• Extremely popular today

5
Attacks on BitTorrent

• What is BitTorrent?
• Why is it important?
• How does BitTorrent work?
• BitTorrent vulnerabilities
• Current solutions
• The future

6
Why is it Important?

• It is used by millions of file sharers across the
  globe.
• Corporations and open source companies use it to
  save bandwidth.

7
Why is it Important? (contd)

• In 2004 CacheLogic determined BitTorrent was
  responsible for 35 of internet Traffic.
• This has raised concerns amongst ISPs such a
  Comcast, Verizon and Time Warner.

8
Attacks on BitTorrent

• What is BitTorrent?
• Why is it important?
• How does BitTorrent work?
• BitTorrent vulnerabilities
• Current solutions
• The future

9
BitTorrent Basics

• Files are broken into pieces.
• Users each download different pieces from the
  original uploader (seed).
• Users exchange the pieces with their peers to
  obtain the ones they are missing.
• This process is organized by a centralized server
  called the Tracker.

10
BitTorrent Protocol

• 1. Seeder generates a torrent file
• Uploads torrent to a web server.
• Seeder A client sharing 100 of the shared file.

11
BitTorrent Protocol

• 2. The seeder notifies the tracker that it is
  sharing the file described in the torrent file.

12
BitTorrent Protocol

• 3. A leecher downloads the torrent file from the
  web server
• Leecher client downloading the shared file from
  the seeder.

13
BitTorrent Protocol

• The leecher connects to the tracker specified in
  the torrent file.
• The tracker returns a list of other peers who are
  sharing the file.

14
BitTorrent Protocol

• 5. The leecher connects to its peers to retrieve
  pieces of the files.

15
BitTorrent Client Details

• Clients verify the each downloaded piece against
  a SHA-1 hash contained in the .torrent file.
• Clients use a tit-for-tat strategy for choosing
  peers to upload/download to/from.
• Transfer-rate based
• Clients periodically disconnect from clients to
  connect to new ones.
• Called Optimistic Unchoking

16
Attacks on BitTorrent

• What is BitTorrent?
• Why is it important?
• How does BitTorrent work?
• BitTorrent vulnerabilities
• Current solutions
• The future

17
BitTorrent Vulnerabilities

• BitTorrent is vulnerable to the following
  attacks
• Pollution Attack
• DDOS Attack
• Bandwidth Shaping

18
BitTorrent Vulnerabilities

• BitTorrent is vulnerable to the following
  attacks
• Pollution Attack
• DDOS Attack
• Bandwidth Shaping

19
Pollution Attack

• 1. The peers receive the peer list from the
  tracker.

20
Pollution Attack

• 2. One peer contacts the attacker for a chunk of
  the file.

21
Pollution Attack

• The attacker sends back a false chunk.
• This false chunk will fail its hash and will be
  discarded.

22
Pollution Attack

• 4. Attacker requests all chunks from swarm and
  wastes their upload bandwidth.

23
Pollution Attack (contd)

• Pollution attack have become increasingly popular
  and have been used by anti-piracy groups
• In 2005 HBO used pollution attacks to prevent
  people from downloading their show Rome.

24
BitTorrent Vulnerabilities

• BitTorrent is vulnerable to the following
  attacks
• Pollution Attack
• DDOS Attack
• Bandwidth Shaping

25
DDOS Attack

• DDOS Distributed denial of service
• Based on the fact the BitTorrent Tracker has no
  mechanism for validating peers.
• Uses modified client software

26
DDOS Attack

• 1. The attacker downloads a large number of
  torrent files from a web server.

27
DDOS Attack

• 2. The attacker parses the torrent files with a
  modified BitTorrent client and spoofs his IP
  address and port number with the victims as he
  announces he is joining the swarm.

28
DDOS Attack

• 3. As the tracker receives requests for a list of
  participating peers from other clients it sends
  the victims IP and port number.

29
DDOS Attack

• 4. The peers then attempt to connect to the
  victim to try and download a chunk of the file.

30
BitTorrent Vulnerabilities

• BitTorrent is vulnerable to the following
  attacks
• Pollution Attack
• DDOS Attack
• Bandwidth Shaping

31
Bandwidth Shaping

• Typically done by the BitTorrent users ISP
• Comcast has recently admitted to filtering
  BitTorrent traffic.
• Unencrypted BitTorrent packets are easily
  identified and filtered.
• Sophisticated filtering software can detect
  BitTorrent like behavior.

32
Attacks on BitTorrent

• What is BitTorrent?
• Why is it important?
• How does BitTorrent work?
• BitTorrent vulnerabilities
• Current solutions
• The future

33
Current Solutions Bandwidth Shaping

• Encryption
• Most popular BitTorrent clients come with option
  to encrypt the packets they send.
• Fools unsophisticated filters which simply look
  at the contents of the packet.
• Wont work against filters which profile behavior
  over network boundaries.

34
Current Solutions Bandwidth Shaping (contd)

• Tunneling
• Using VPN software to connect to an unfiltered
  network.
• Successfully bypasses filters.
• However due to the peer-to-peer nature of
  BitTorrent, your peers must also be on an
  unfiltered network to take full advantage.

35
Current Solutions Pollution Attacks

• Blacklisting
• Achieved using software such as Peer Guardian or
  moBlock.
• Blocks connections from blacklisted IPs which are
  downloaded from an online database.

36
Attacks on BitTorrent

• What is BitTorrent?
• Why is it important?
• How does BitTorrent work?
• BitTorrent vulnerabilities
• Current solutions
• The future

37
The Future

• There has been much research in the area of
  peer-to-peer networking.
• One of the most popular suggestions in recent
  research is the integration of the notion of
  trustworthiness.
• Through the use of a Trust Management System

38
Trust management

• A trustworthiness score is assigned to each peer
  in the swarm.
• These scores will allow better selection of
  peers.
• Currently BitTorrent's fairness system does not 
  prevent free riders and malicious peers.
  Penalties are not in place for these "bad" users.
  
• BitTorrent uses a Rate fairness ratio only no
  notion of trust.

39
An Example Trust Management System

• Debit-Credit Reputation system
• Each client calculates a trust score for their
  peers
• Based on valid pieces uploaded
• Tracker combines these individual scores to make
  a global score

40
An Example Trust Management System (contd)

• Global trust managed by the tracker prevents
  clients from being dishonest.
• Solve the issue of pollution attacks by ignoring
  untrustworthy peers
• Trust systems are more flexible than blacklisting
  because peers can earn back their trust through
  good behavior.
• Prevent DDOS attacks because the victim will earn
  a low trust score and be ignored.

41
THE END
42
References

• This presentation is based on research paper done
  for CSU645 co-written by Timothy Biron and Andrew
  Sprouse
• http//www.ccs.neu.edu/home/als/termpaper.pdf
• http//www.bittorrent.org/beps/bep_0003.html
• http//radar.oreilly.com/archives/2005/10/hbo_atta
  cking_bittorrent.html
• http//in.tech.yahoo.com/041103/137/2ho4i.html