Upload
api-18798471
View
214
Download
0
Embed Size (px)
Citation preview
8/14/2019 Concepcion 1
1/19
Concepcion 1
The Evolution and Security of BitTorrent
Justin Fogel-Concepcion12/15/2008
2009-11-15
8/14/2019 Concepcion 1
2/19
Concepcion 2
Table of Contents
BitTorrent ......................................................................................... Error! Bookmark not defined. Table of Contents ........................................................................................................................... 2Abstract ............................................................................................. Error! Bookmark not defined. Outline .............................................................................................. Error! Bookmark not defined. Evolution of P2P ............................................................................... Error! Bookmark not defined. BitTorrents Design ......................................................................................................................... 6Popularity and Consequences ....................................................................................................... 8 Security Risks ................................................................................................................................ 10 Conclusion .................................................................................................................................... 1 4 Acronyms and Abbreviations ......................................................................................................... 3Definitions .................................................................................................................................... 15Reference .......................................................................................... Error! Bookmark not defined.
8/14/2019 Concepcion 1
3/19
Concepcion 3
Abstract
Over the years BitTorrent has grown from a fledging new technology to one of the
largest Peer 2 Peer networks on the internet. Its increase in popularity has brought it under the
scrutiny of the public eye and under the close observation of the internets shadier crowd. This
paper aims to understand what prompted the creation of the BitTorrent protocol and why it
differs from its Peer 2 Peer predecessors. It will also take a close look at possible security
vulnerabilities in the protocol and their respective solutions.
Outline
This paper will begin with an introduction to P2P networks and BitTorrents relationship
to them. This P2P primer will entail the predecessors of BT and why they no longer hold such
prominence over the P2P field. This will lead to the fundamental design shift that will create
BitTorrent. The paper will then explain the basics of BitTorrent and how it actually works. This
section will then lead to a quick discussion about BitTorrents rising popularity and the
unfortunate consequences that popularity has. Following that will be the security implications
of BitTorrent and specific attacks that can be done via the BT protocol and their respective
solutions.
8/14/2019 Concepcion 1
4/19
8/14/2019 Concepcion 1
5/19
Concepcion 5
decentralized it by changing it slightly. Instead of contacting Kazaa you contact a supernode
which is basically an individual with higher bandwidth capabilities [20]. This now focuses all the
pressure towards the users instead of a single server. These are the two differing approaches
to the old style of P2P networking.
So what was the problem with these old styles of networking? First lets do a little
math. As of the time of writing I am on a 20mbs/5mbs fiber optic line. I download
approximately 2.2megs a second and can upload approximately 500kb a second. An average
song is about 4 megabytes. So that would take me eight seconds to upload to someone. Not a
lot of time obviously. Now lets say a DVD rip of a new movie averages about 700 megabytes,
which is 1400 seconds or approximately 23 minutes. That still is not that bad, so obviously the
question you are asking me is why are you mentioning this? My internet connection is in the
upper tier of ISPs available in the world and as such your average user will come nowhere close
to the above numbers. Now imagine someone with of my upload speeds, the same file
would take them 5600 seconds or 93 minutes. Even that is still in the higher tiers of services.
As file sizes begin to grow our potential as an uploader is directly proportional to our
internet capabilities. Fiber optics is still a fledging technology in the states and most people still
dont even have broadband. So how can P2P survive if the people can no longer upload in a
feasible time? The answer lies in the mixture of Napster and Kazaa.
8/14/2019 Concepcion 1
6/19
Concepcion 6
BitTorrents Design
In Figure 1 and Figure 2 there are two distinct themes being displayed, the centralized
and decentralized. However if you look at the two as a whole you will still see that they share
one centralized theme, one singular connection to a peer. So how can the two differing themes
be combined? The answer is that the individual will search torrent websites that will contain a
.torrent file. This file contains information about the tracker and will help point you towards
the tracker. The tracker will send you a list of peers and then you will begin to receive pieces of
the file, better known as blocks. Once you complete one block you are now sharing that one
block and so on [21]. A cascade effect emerges wherein the moment you successfully complete
downloading a block from someone, you now share that block. Of course some individuals will
choose not to share, but if no one shares then there would be no P2P network.
Figure 3 How BitTorrent works [21]
By minimalizing the amount of stress each individual takes and dividing up the tasks, the
speeds at which you can download increase. A 700 megabyte file would be broken down into
8/14/2019 Concepcion 1
7/19
Concepcion 7
approximately 2734 pieces. Each piece would be approximately 256kb, and each piece would
be broken down into sixteen blocks [4].
Figure 4 How Pieces Work [22]
This approach creates a large network of information constantly being accessed by many peers
and seeders; this network is called the swarm [11].
Unfortunately there is one major drawback to the decentralized theme of trackers and
swarms. Being that there are so many trackers such as thepiratebay and mininova you cannot
search an overall listing [1]. There have been services that attempt to do this such as
youtorrent.com, however as I can attest it doesnt always work. The user in the end will make a
tradeoff of overall listings for a more robust and quicker system.
8/14/2019 Concepcion 1
8/19
8/14/2019 Concepcion 1
9/19
Concepcion 9
Besides the legal pressure that is present in the BitTorrent field, there is also the
looming threat of security issues. The following is from a bug found in August of 2008 that has
been fixed now:
Secunia has issued two advisories, SA31441 and SA31445, regarding a highly critical vulnerability
that affects uTorrent versions 1.6, 1.7.x up to 1.8 RC6, as well as the BitTorrent mainline client
6.0 up to 6.0.3. Secunia rated this vulnerability as "Highly Critical" because it can allow an
attacker to perform Denial of Service (DoS) attacks and remotely execute malicious code on the
exploited system. The uTorrent users are urged to upgrade to the new uTorrent 1.8 Stable, but
there is still no solution for people using the BitTorrent mainline client. [9]
BitTorrent has inherent security checks because of a constant hash check that happens at the
successful downloading of a piece [7]. However when the issue stretches out towards actual
attacks towards a user it escalates to a different level. In May of 2007 Opera v9.20 was
vulnerable to an attack that caused the computer to use 100% of its system resources
effectively locking up the computer. The attack was triggered by a malformed .torrent file that
is downloaded through Operas built in torrent functionality [10].
As any product gets popular more people will take notice and try to find flaws. The
flaws that were found were inherent to two specific products related to BitTorrent. However in
the next section I will address three specific attacks that are delegated to BitTorrent as a whole.
8/14/2019 Concepcion 1
10/19
Concepcion 10
Security Risks
BitTorrent swarms are susceptible to a number of different attacks. Two of the ones
that I will discuss are called the Fake-Block attack and the Uncooperative-Peer Attack [4]. The
fundamentals of which are also described in different means in the [7]. The third and final
attack I will discuss is a DDoS vulnerability attack described by [5], and again mentioned in [7].
Fake-Block Attack
As mentioned previously in BitTorrent each file is divided into pieces, where each piece
is usually 256kb (depending on the overall size of the file). Each piece is further divided into
blocks, typically 16 blocks in a piece. When downloading a piece, a client requests different
blocks for the piece from different peers [4].
A non-malicious attack in nature the fake-block attack seeks to prolong your download
times. The attacker joins the swarm sharing the file by registering with the tracker. Then it
begins to advertise it has a number of pieces from the file. The victim receives the message and
requests the attacker to send its blocks. The attacker instead of sending an authentic block will
send a fake one. After the victim finishes downloading the block and the entire piece, a hash
check is performed across the entire piece. The hash check will of course fail because of fake
blocks and the user will then have to re-download the entire piece again. The victim just
wasted 256kb of bandwidth, which in itself is not a lot but it is the bigger picture we must look
at.
The above is referring to only one individual attacker. Lets experiment for a moment
and imagine there are 100 attackers in the swarm, which is just more practical in terms of
8/14/2019 Concepcion 1
11/19
Concepcion 11
seeders. Lets say the victims torrent has 10000 pieces. That is 2560000 kilobytes, 2560
megabytes, or 2.56 gigabytes. The victim is connecting to all the attackers and getting the fake
blocks. Instead of downloading a small percentage of fake blocks, because of the number of
seeders the victim is accumulating a much larger number of fake blocks. For practical sake let
us say that 50% of the file pieces turned out to be fake, that just wasted 1.28 gigabytes, almost
a fourth of some 40 GB monthly limits [12]. As the amount of attackers increase the amount of
time and bandwidth increase.
A possible solution to the Fake-Block attack is giving the user an option in their BT client
to ban certain seeders. If the client fails a hash check, the client searches for the IPs related to
the blocks that failed the test and eliminates them from the individuals swarm. Of course the
downside is sometimes there are legitimate reasons you may fail a hash check or get a bad
piece. Temporary internet failure or inconsistent downloading can cause a corruption of a
block and that would cause the whole piece to fail its hash check. However the removal from
seeder list is the only solution to the fake-block attack.
Uncooperative-Peer Attack
In an uncooperative-peer attack, the attacker joins the swarm and establishes TCP
connections with victim peers. After the connection is made it never provides any blocks to the
peers. A common version of this attack is called the chatty peer attack [4]. The attacker
engages in a handshake message, which is the first connection that is established between two
peers. Afterwards the attacker advertises it has a number of pieces available from the file.
When the victim queries the attacker for a block they do not receive anything. The attacker
8/14/2019 Concepcion 1
12/19
8/14/2019 Concepcion 1
13/19
Concepcion 13
It is possible altering the information you send back to the tracker it is possible to
redirect huge amounts of traffic to a victim peer. The following steps were taken by [5] to
enact the DDoS experiment:
1.We download 1191 recently uploaded torrent files from http://www.mininova.org, which is a
Website dedicated to share torrent files among users. A summary of the torrents and trackers
used are listed in Table 1.
2. The original python BT client program is modified to parse the torrent files and send
forged announcement message to the corresponding trackers indicated in each torrent file.
3. Upon the trackers receive requests for a list of participating peers from other clients, it will
send them the victims IP address and port number.
4. Other peers in the BT network will then attempt to connect to the victim machine and
request for pieces of files.
The victim machine that was used was an Apache web server configured to serve 400 clients
simultaneously. When they performed a large scale attack the victim maintained an average of
500 concurrent users over the eight hour attack period.
Figure 5 Sias Results for the large scale attack
8/14/2019 Concepcion 1
14/19
Concepcion 14
At the time of the attack the web server began to give heavy delays and timeout on the
connections.
To put the scale of the attack in perspective, there were 30,513 distinct IPs that
attempted to connect to the victim [5]. It was observed that most clients tried approximately
three times before they gave up. However two IPs in question (one from Singapore and the
other from the United States) tried to connect over 8000 times.
The solution to such an attack is a difficult one. One possible solution is a more robust
implementation of tracker protocol that forces an authentication between the user and the
source address. In [5], Sia discusses a more in depth solution that involves packet filtering and
full TCP connections. The full TCP connection is what can cripple a server. He discusses a
method to limit the connection and safeguard against flooding.
Conclusion
Throughout the course of this paper it became evident that BitTorrent is the successor
of P2P programs of the past, it still has flaws of its own. We looked at critical flaws in the
uTorrent BitTorrent client and in the BT functionality in the Opera web browser. We examined
three attacks against BT users: the fake-block attack, the uncooperative-peer attack, and a
DDoS attack. Fortunately there were actual and possible solutions present to the
vulnerabilities that we discussed, whether it be old versions of software, traffic filtering, or
robust tracker authentication. The possibilities are there to help address security flaws in the
BitTorrent protocol.
8/14/2019 Concepcion 1
15/19
Concepcion 15
Reference for Paper
Acronyms
- ISP: Internet Service Provider
- TCP/IP: Transmission Control Protocol and Internet Protocol
- P2P: Peer 2 Peer
- MB: Megabyte
- KB:Kilobyte
- BT: BitTorrent
- MPAA: Motion Picture Association of America
- WoW: World of Warcraft
- DDoS: Distributed Denial of Service
Definitions
Availability: The number of existing full copies of the file available to the client fordownloading. The higher this number is, the potentially easier and quicker it can be todownload the complete file (not accounting for other factors). If this number is less than one(for example, 0.65) then there is not a full copy of the file available to download.
Block: A block is a piece of a file. When a file is distributed via BitTorrent, it is broken intosmaller pieces, or blocks. Typically the block is 250kb in size, but it can vary with the size of thefile being distributed. Breaking the file into pieces allows it to be distributed as efficiently aspossible. Users get their files faster using less bandwidth.
Client: the BitTorrent software used to download and upload files. The BitTorrent client can bedownloaded here.
Handshake: the first connection between two peers
Leech or leecher: usually refers to a peer that is downloading while uploading very little, ornothing at all. Sometimes this is unintentional and due to firewall issues. The term leech is alsosometimes used to simply refer to a peer that is not seeding yet.
Peer: one of a group of clients downloading the same file.
8/14/2019 Concepcion 1
16/19
Concepcion 16
Re-seed: Re-seeding is the act of putting up a new complete copy of a file after no more seedsare available to download from. This is done to allow clients with only partial downloads tocomplete the download process and increases availability.
Scrape: This is when a client sends a request to the tracker for information about the statisticsof the torrent, like who to share the file with and how well those other users are sharing.
Seed: a complete copy of the file being made available for download.
Supernode: are powerful computers with fast network connections, high bandwidth and quickprocessing capabilities.
Swarm: a group of seeds and peers sharing the same torrent.
Torrent: generally, the instance of a file or group of files being distributed via BitTorrent.
Torrent file: a file which describes what file or files are being distributed, where to find parts,and other info needed for the distribution of the file.
Tracker: a server that keeps track of the peers and seeds in a swarm. A tracker does not have acopy of the file itself, but it helps manage the file transfer process.
8/14/2019 Concepcion 1
17/19
Concepcion 17
Works Cited
[1] P. Gilman and B. Reed. "Analysis of Internet File Sharing Programs Oregon State University.
07 June 2006. .
[2] C. Valli and A. Woodward. Network Security Proc. 5 th Australian Info. Security
Management, Dec. 2007, pp.92,
.
[3] M. Engle and J. Khan. Vulnerabilities of P2P Systems and a Critical Look at
their Solutions Kent State University. 01 Nov. 2006
< http://www.medianet.kent.edu/techreports/TR2006-11-01-p2pvuln-EK.pdf >
[4] P. Dhungel, D. Wu, B. Schonhorst, and K. Ross. A Measurement Study of Attacks on
BitTorrent Leechers Polytechnic University.
[5] K. Sia. DDoS Vulnerability Analysis of Bittorrent Protocol University of California, Los
Angeles. Site Down, the PDF was
saved and is attached at website
[6] K. Defraway, M. Gjoka, A. Markopoulou. BotTorrent: Misusing BitTorrent to Launch DDoS
Attacks Usenix.
< http://www.usenix.org/event/sruti07/tech/full_papers/eldefrawy/eldefrawy.pdf>
8/14/2019 Concepcion 1
18/19
Concepcion 18
[7] N. Liogkas, R. Nelson, E. Kohler and L. Zhang. Exploiting BitTorrent For Fun (But Not Profit)
University of California, Los Angeles. < http://www.iptps.org/papers-2006/Liogkas-
BitTorrent06.pdf>
[8] P. Dhungal, X. Hei, D. Wu and K. Ross The Seed Attack: Can BitTorrent be Nipped in the
Bud? Polytechnic University
[9] M. Engle and J. Khan. Highly Critical Bug in uTorrent and BitTorrent Clients Discovered
Softpedia. 13 Aug. 2008
< http://news.softpedia.com/news/Highly-Critical-Bug-in-uTorrent-and-BitTorrent-
Clients-Discovered-91818.shtml>
[10] Unknown BitTorrent Exploit Vulnerability Discovered in Latest Opera TorrentFreak
03 May. 2007
< http://torrentfreak.com/bittorrent-exploit-vulnerability-discovered-in-latest-opera/>
[11] Unknown FAQ BitTorrent Concepts BitTorrent
< http://www.bittorrent.com/btusers/help/faq/bittorrent-concepts#4n9 >
[12] S. Kelly BitTorrent battles over bandwith BBC NEWS. 13 Apr. 2006
< http://news.bbc.co.uk/2/hi/programmes/click_online/4905660.stm >
[13] B. Jones Will uTorrent Really Kill the Internet? TorrentFreak. 02 Dec. 2008
< http://torrentfreak.com/will-utorrent-really-kill-the-internet-081201/ >
[14] Ernesto. The Pirate Bay Sees Traffic and Peers Surge TorrentFreak. 15 Nov. 2008
< http://torrentfreak.com/the-pirate-bay-sees-traffic-and-peers-surge-081115/>
8/14/2019 Concepcion 1
19/19