Concepcion 1

  • June 2020
  • PDF

This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA


Overview

Download & View Concepcion 1 as PDF for free.

More details

  • Words: 3,865
  • Pages: 19
Concepcion 1

2009-11-15

The Evolution and Security of BitTorrent

Justin Fogel-Concepcion 12/15/2008

Concepcion 2

Table of Contents

BitTorrent ......................................................................................... Error! Bookmark not defined. Table of Contents ........................................................................................................................... 2 Abstract............................................................................................. Error! Bookmark not defined. Outline .............................................................................................. Error! Bookmark not defined. Evolution of P2P ............................................................................... Error! Bookmark not defined. BitTorrent’s Design ......................................................................................................................... 6 Popularity and Consequences ....................................................................................................... 8 Security Risks ................................................................................................................................ 10 Conclusion .................................................................................................................................... 14 Acronyms and Abbreviations......................................................................................................... 3 Definitions .................................................................................................................................... 15 Reference .......................................................................................... Error! Bookmark not defined.

Concepcion 3

Abstract Over the years BitTorrent has grown from a fledging new technology to one of the largest Peer 2 Peer networks on the internet. Its increase in popularity has brought it under the scrutiny of the public eye and under the close observation of the internet’s shadier crowd. This paper aims to understand what prompted the creation of the BitTorrent protocol and why it differs from its Peer 2 Peer predecessors. It will also take a close look at possible security vulnerabilities in the protocol and their respective solutions.

Outline This paper will begin with an introduction to P2P networks and BitTorrent’s relationship to them. This P2P primer will entail the predecessors of BT and why they no longer hold such prominence over the P2P field. This will lead to the fundamental design shift that will create BitTorrent. The paper will then explain the basics of BitTorrent and how it actually works. This section will then lead to a quick discussion about BitTorrent’s rising popularity and the unfortunate consequences that popularity has. Following that will be the security implications of BitTorrent and specific attacks that can be done via the BT protocol and their respective solutions.

Concepcion 4

Evolution of P2P To truly understand BitTorrent we have to start at the beginning, and establish that BT is in fact a Peer 2 Peer network. Granted it is an evolved P2P network but it is still a P2P network. Peer 2 Peer networking was brought into prominence in 1999 with the release of Napster in 1999 [1]. At its core, P2P is the connection of two users who wish to transfer data. That data tends to be music, movies, software, and games. How does the transfer of files really work?

Figure 1 – How Napster Works [20]

Figure 2 – How Kazaa Works [20]

Kazaa里面已经有supernode了. At the basis of Kazaa, WinMX, and Napster there lies a clear defined order of operations. Napster being the first of its kind to gain prominence used an archaic order of operations for getting your files. In Napster you, the client, search for an mp3 titled debaser. A request is sent to a central server that then asks the other computers if they have the file. A message is sent back to you and a connection is linked between the person who has it. The reason this is archaic is due to its centralized nature. All the information is flowing to one focal point and besides being inefficient it also brought legal ramifications for Napster. Kazaa on the other hand took what Napster did and evolved it further. The differences between the two are clear in Figures 1 and 2. However a short description is simply that Kazaa

Concepcion 5

decentralized it by changing it slightly. Instead of contacting Kazaa you contact a supernode which is basically an individual with higher bandwidth capabilities [20]. This now focuses all the pressure towards the users instead of a single server. These are the two differing approaches to the old style of P2P networking. So what was the problem with these old styles of networking? First let’s do a little math. As of the time of writing I am on a 20mbs/5mbs fiber optic line. I download approximately 2.2megs a second and can upload approximately 500kb a second. An average song is about 4 megabytes. So that would take me eight seconds to upload to someone. Not a lot of time obviously. Now let’s say a DVD rip of a new movie averages about 700 megabytes, which is 1400 seconds or approximately 23 minutes. That still is not that bad, so obviously the question you are asking me is why are you mentioning this? My internet connection is in the upper tier of ISPs available in the world and as such your average user will come nowhere close to the above numbers. Now imagine someone with ¼ of my upload speeds, the same file would take them 5600 seconds or 93 minutes. Even that is still in the higher tiers of services. As file sizes begin to grow our potential as an uploader is directly proportional to our internet capabilities. Fiber optics is still a fledging technology in the states and most people still don’t even have broadband. So how can P2P survive if the people can no longer upload in a feasible time? The answer lies in the mixture of Napster and Kazaa.

Concepcion 6

BitTorrent’s Design In Figure 1 and Figure 2 there are two distinct themes being displayed, the centralized and decentralized. However if you look at the two as a whole you will still see that they share one centralized theme, one singular connection to a peer. So how can the two differing themes be combined? The answer is that the individual will search torrent websites that will contain a .torrent file. This file contains information about the tracker and will help point you towards the tracker. The tracker will send you a list of peers and then you will begin to receive pieces of the file, better known as blocks. Once you complete one block you are now sharing that one block and so on [21]. A cascade effect emerges wherein the moment you successfully complete downloading a block from someone, you now share that block. Of course some individuals will choose not to share, but if no one shares then there would be no P2P network.

Figure 3 – How BitTorrent works [21]

By minimalizing the amount of stress each individual takes and dividing up the tasks, the speeds at which you can download increase. A 700 megabyte file would be broken down into

Concepcion 7

approximately 2734 pieces. Each piece would be approximately 256kb, and each piece would be broken down into sixteen blocks [4].

Figure 4 – How Pieces Work [22]

This approach creates a large network of information constantly being accessed by many peers and seeders; this network is called the swarm [11]. Unfortunately there is one major drawback to the decentralized theme of trackers and swarms. Being that there are so many trackers such as thepiratebay and mininova you cannot 海盗湾 search an overall listing [1]. There have been services that attempt to do this such as youtorrent.com, however as I can attest it doesn’t always work. The user in the end will make a tradeoff of overall listings for a more robust and quicker system.

Concepcion 8

Popularity and Consequences The public definitely came to use and love the BitTorrent protocol. There are differing estimates as to the percentage BT traffic encompasses in the grand scheme of things. In [12] the estimate is at around a third of internet traffic is BT related and in [6] say the percentage is higher at about sixty. So we can agree that it is likely somewhere in the middle. Adhering to that logical conclusion, BT takes up a large portion of internet traffic. What happens when anything gets popular? People tend to take notice. On the good side of things one of the worlds’ most popular trackers, The Pirate Bay, recently hit 25 million peers. To put that number in perspective, The Pirate Bay tracks more peers than the combined populations of Sweden, Norway, Finland, Iceland, and Denmark combined [12]. Of course on the bad side of things the most commonly downloaded files tend to be music, movies, video games, and software. The downloading of copyrighted materials is obviously illegal and the industry is not happy about that. In November of 2008 seven Hollywood studios including: Paramount, Sony, Twentieth Century Fox, Universal, Warner Bros, and Disney have teamed up to sue iiNet, Australia’s third largest ISP [14]. In February of 2008 a Danish court ordered the ISP Tele2 to block its customers from accessing The Pirate Bay [15]. Why can’t they sue or go after BitTorrent? It is merely a program that can share information, it does not promote downloading illegal files, and in fact they often explicitly state not to. Going after the individual who broke the law tends to be cumbersome and difficult. The MPAA has been known to upload fake torrents that will collect the user information so they can attempt to pursue legal actions [19].

Concepcion 9

Besides the legal pressure that is present in the BitTorrent field, there is also the looming threat of security issues. The following is from a bug found in August of 2008 that has been fixed now: Secunia has issued two advisories, SA31441 and SA31445, regarding a highly critical vulnerability that affects uTorrent versions 1.6, 1.7.x up to 1.8 RC6, as well as the BitTorrent mainline client 6.0 up to 6.0.3. Secunia rated this vulnerability as "Highly Critical" because it can allow an attacker to perform Denial of Service (DoS) attacks and remotely execute malicious code on the exploited system. The uTorrent users are urged to upgrade to the new uTorrent 1.8 Stable, but there is still no solution for people using the BitTorrent mainline client. [9]

BitTorrent has inherent security checks because of a constant hash check that happens at the successful downloading of a piece [7]. However when the issue stretches out towards actual attacks towards a user it escalates to a different level. In May of 2007 Opera v9.20 was vulnerable to an attack that caused the computer to use 100% of its system resources effectively locking up the computer. The attack was triggered by a malformed .torrent file that is downloaded through Opera’s built in torrent functionality [10]. As any product gets popular more people will take notice and try to find flaws. The flaws that were found were inherent to two specific products related to BitTorrent. However in the next section I will address three specific attacks that are delegated to BitTorrent as a whole.

Concepcion 10

Security Risks BitTorrent swarms are susceptible to a number of different attacks. Two of the ones that I will discuss are called the Fake-Block attack and the Uncooperative-Peer Attack [4]. The fundamentals of which are also described in different means in the [7]. The third and final attack I will discuss is a DDoS vulnerability attack described by [5], and again mentioned in [7]. Fake-Block Attack As mentioned previously in BitTorrent each file is divided into pieces, where each piece is usually 256kb (depending on the overall size of the file). Each piece is further divided into blocks, typically 16 blocks in a piece. When downloading a piece, a client requests different blocks for the piece from different peers [4]. A non-malicious attack in nature the fake-block attack seeks to prolong your download times. The attacker joins the swarm sharing the file by registering with the tracker. Then it begins to advertise it has a number of pieces from the file. The victim receives the message and requests the attacker to send its blocks. The attacker instead of sending an authentic block will send a fake one. After the victim finishes downloading the block and the entire piece, a hash check is performed across the entire piece. The hash check will of course fail because of fake blocks and the user will then have to re-download the entire piece again. The victim just wasted 256kb of bandwidth, which in itself is not a lot but it is the bigger picture we must look at. The above is referring to only one individual attacker. Let’s experiment for a moment and imagine there are 100 attackers in the swarm, which is just more practical in terms of

Concepcion 11

seeders. Let’s say the victim’s torrent has 10000 pieces. That is 2560000 kilobytes, 2560 megabytes, or 2.56 gigabytes. The victim is connecting to all the attackers and getting the fake blocks. Instead of downloading a small percentage of fake blocks, because of the number of seeders the victim is accumulating a much larger number of fake blocks. For practical sake let us say that 50% of the file pieces turned out to be fake, that just wasted 1.28 gigabytes, almost a fourth of some 40 GB monthly limits [12]. As the amount of attackers increase the amount of time and bandwidth increase. A possible solution to the Fake-Block attack is giving the user an option in their BT client to ban certain seeders. If the client fails a hash check, the client searches for the IPs related to the blocks that failed the test and eliminates them from the individual’s swarm. Of course the downside is sometimes there are legitimate reasons you may fail a hash check or get a bad piece. Temporary internet failure or inconsistent downloading can cause a corruption of a block and that would cause the whole piece to fail its hash check. However the removal from seeder list is the only solution to the fake-block attack.

Uncooperative-Peer Attack In an uncooperative-peer attack, the attacker joins the swarm and establishes TCP connections with victim peers. After the connection is made it never provides any blocks to the peers. A common version of this attack is called the chatty peer attack [4]. The attacker engages in a handshake message, which is the first connection that is established between two peers. Afterwards the attacker advertises it has a number of pieces available from the file. When the victim queries the attacker for a block they do not receive anything. The attacker

Concepcion 12

then resends its handshake message and the process repeats itself. The victim never receives any blocks and wastes time dealing with the attacker, when it could have connected to a legitimate peer. Of course as with the fake-block attack the effectiveness of this attack is increased dramatically if a large amount of attackers are present in the swarm. The solution to the uncooperative-peer attack is similar in nature to the fake-block attack. The client program sets an auto-retry limit with a respective peer. An uncooperative peer can happen by accident if there is a disturbance in the connection between the two. However if it repeats itself a predetermined number of times, the individual is taken off the victim’s peer. It is possible that if it happens even more that the client sends a message to the tracker informing them of a peer’s uncooperativeness and can manually remove them from a swarm. This can also apply to the fake-block solution. DDoS Attack The following attack was executed by Ka Cheung Sia of UCLA and all credit goes to Sia. With that out of the way, many BT users know that traffic surges are possible with popular seed is used. TV Shows a popular file found on BT sites tend to have users who upload the torrent file consistently after an episode airs. This individual is now the primary seed to anyone who wishes to download it. This effect lessens as more peers become seeders. However that immediate flood of handshake messages to the seeder can cause traffic surges similar to a DDoS attack. In certain scenarios, it has been recorded that more than 1000 clients are trying to connect to a seeder simultaneously [5]. The nature of a DDoS attack is that it will strangle the host into sending or receiving any data.

Concepcion 13

It is possible altering the information you send back to the tracker it is possible to redirect huge amounts of traffic to a victim peer. The following steps were taken by [5] to enact the DDoS experiment: 1.We download 1191 recently uploaded torrent files from http://www.mininova.org, which is a Website dedicated to share torrent files among users. A summary of the torrents and trackers used are listed in Table 1. 2. The original python BT client program is modified to parse the torrent files and send forged announcement message to the corresponding trackers indicated in each torrent file. 3. Upon the trackers receive requests for a list of participating peers from other clients, it will send them the victim’s IP address and port number. 4. Other peers in the BT network will then attempt to connect to the victim machine and request for pieces of files.

The victim machine that was used was an Apache web server configured to serve 400 clients simultaneously. When they performed a large scale attack the victim maintained an average of 500 concurrent users over the eight hour attack period.

Figure 5 – Sia’s Results for the large scale attack

Concepcion 14

At the time of the attack the web server began to give heavy delays and timeout on the connections. To put the scale of the attack in perspective, there were 30,513 distinct IPs that attempted to connect to the victim [5]. It was observed that most clients tried approximately three times before they gave up. However two IPs in question (one from Singapore and the other from the United States) tried to connect over 8000 times. The solution to such an attack is a difficult one. One possible solution is a more robust implementation of tracker protocol that forces an authentication between the user and the source address. In [5], Sia discusses a more in depth solution that involves packet filtering and full TCP connections. The full TCP connection is what can cripple a server. He discusses a method to limit the connection and safeguard against flooding.

Conclusion

Throughout the course of this paper it became evident that BitTorrent is the successor of P2P programs of the past, it still has flaws of its own. We looked at critical flaws in the uTorrent BitTorrent client and in the BT functionality in the Opera web browser. We examined three attacks against BT users: the fake-block attack, the uncooperative-peer attack, and a DDoS attack. Fortunately there were actual and possible solutions present to the vulnerabilities that we discussed, whether it be old versions of software, traffic filtering, or robust tracker authentication. The possibilities are there to help address security flaws in the BitTorrent protocol.

Concepcion 15

Reference for Paper Acronyms -

ISP: Internet Service Provider

-

TCP/IP: Transmission Control Protocol and Internet Protocol

-

P2P: Peer 2 Peer

-

MB: Megabyte

-

KB:Kilobyte

-

BT: BitTorrent

-

MPAA: Motion Picture Association of America

-

WoW: World of Warcraft

-

DDoS: Distributed Denial of Service

Definitions Availability: The number of existing full copies of the file available to the client for downloading. The higher this number is, the potentially easier and quicker it can be to download the complete file (not accounting for other factors). If this number is less than one (for example, 0.65) then there is not a full copy of the file available to download. Block: A block is a piece of a file. When a file is distributed via BitTorrent, it is broken into smaller pieces, or blocks. Typically the block is 250kb in size, but it can vary with the size of the file being distributed. Breaking the file into pieces allows it to be distributed as efficiently as possible. Users get their files faster using less bandwidth. Client: the BitTorrent software used to download and upload files. The BitTorrent client can be downloaded here. Handshake: the first connection between two peers Leech or leecher: usually refers to a peer that is downloading while uploading very little, or nothing at all. Sometimes this is unintentional and due to firewall issues. The term leech is also sometimes used to simply refer to a peer that is not seeding yet. Peer: one of a group of clients downloading the same file.

Concepcion 16

Re-seed: Re-seeding is the act of putting up a new complete copy of a file after no more seeds are available to download from. This is done to allow clients with only partial downloads to complete the download process and increases availability. Scrape: This is when a client sends a request to the tracker for information about the statistics of the torrent, like who to share the file with and how well those other users are sharing. Seed: a complete copy of the file being made available for download. Supernode: are powerful computers with fast network connections, high bandwidth and quick processing capabilities. Swarm: a group of seeds and peers sharing the same torrent. Torrent: generally, the instance of a file or group of files being distributed via BitTorrent. Torrent file: a file which describes what file or files are being distributed, where to find parts, and other info needed for the distribution of the file. Tracker: a server that keeps track of the peers and seeds in a swarm. A tracker does not have a copy of the file itself, but it helps manage the file transfer process.

Concepcion 17

Works Cited

[1] P. Gilman and B. Reed. "Analysis of Internet File Sharing Programs” Oregon State University. 07 June 2006. . [2] C. Valli and A. Woodward. “Network Security” Proc. 5th Australian Info. Security Management, Dec. 2007, pp.92, . [3] M. Engle and J. Khan. “Vulnerabilities of P2P Systems and a Critical Look at their Solutions” Kent State University. 01 Nov. 2006 < http://www.medianet.kent.edu/techreports/TR2006-11-01-p2pvuln-EK.pdf > [4] P. Dhungel, D. Wu, B. Schonhorst, and K. Ross. “A Measurement Study of Attacks on BitTorrent Leechers” Polytechnic University. [5] K. Sia. “DDoS Vulnerability Analysis of Bittorrent Protocol” University of California, Los Angeles. Site Down, the PDF was saved and is attached at website [6] K. Defraway, M. Gjoka, A. Markopoulou. “BotTorrent: Misusing BitTorrent to Launch DDoS Attacks” Usenix. < http://www.usenix.org/event/sruti07/tech/full_papers/eldefrawy/eldefrawy.pdf>

Concepcion 18

[7] N. Liogkas, R. Nelson, E. Kohler and L. Zhang. “Exploiting BitTorrent For Fun (But Not Profit)” University of California, Los Angeles. < http://www.iptps.org/papers-2006/LiogkasBitTorrent06.pdf> [8] P. Dhungal, X. Hei, D. Wu and K. Ross “The Seed Attack: Can BitTorrent be Nipped in the Bud?” Polytechnic University [9] M. Engle and J. Khan. “Highly Critical Bug in uTorrent and BitTorrent Clients Discovered” Softpedia. 13 Aug. 2008 < http://news.softpedia.com/news/Highly-Critical-Bug-in-uTorrent-and-BitTorrentClients-Discovered-91818.shtml> [10] Unknown “BitTorrent Exploit Vulnerability Discovered in Latest Opera” TorrentFreak 03 May. 2007 < http://torrentfreak.com/bittorrent-exploit-vulnerability-discovered-in-latest-opera/> [11] Unknown “FAQ – BitTorrent Concepts” BitTorrent < http://www.bittorrent.com/btusers/help/faq/bittorrent-concepts#4n9 > [12] S. Kelly “BitTorrent battles over bandwith” BBC NEWS. 13 Apr. 2006 < http://news.bbc.co.uk/2/hi/programmes/click_online/4905660.stm > [13] B. Jones “Will uTorrent Really Kill the Internet?” TorrentFreak. 02 Dec. 2008 < http://torrentfreak.com/will-utorrent-really-kill-the-internet-081201/ > [14] Ernesto. “The Pirate Bay Sees Traffic and Peers Surge” TorrentFreak. 15 Nov. 2008 < http://torrentfreak.com/the-pirate-bay-sees-traffic-and-peers-surge-081115/>

Concepcion 19

[15] Unknown. “Movie Studios Sue ISP Over BitTorrent Piracy” TorrentFreak. 20 Nov. 2008 [16] Unknown. “ISP Must Continue to Block The Pirate Bay” TorrentFreak. 26 Nov. 2008 < http://torrentfreak.com/the-pirate-bay-sees-traffic-and-peers-surge-081115/> [17] Unknown. “Port Forwarding” Galway Computer Society. < http://alumni.ox.compsoc.net/~steve/portforwarding.html> [18] Ernesto. “How to Find Fake Torrents Uploaded by the MPAA and RIAA” TorrentFreak. 28 Jan. 2007 [20] S. Watson. “How Kazaa Works.” HowStuffWorks. [21] “BitTorrent Working.” http://alexmohr.com/bittorrent/btworking.html [22] http://azureus.sourceforge.net/img/sc/2.2.0.0/torrent_-_pieces.png

Related Documents

Concepcion 1
June 2020 6
Inmaculada Concepcion
November 2019 14
Concepcion Sistemica
November 2019 23
Purisima Concepcion
October 2019 22