Attacks on BitTorrent

Presented by Andrew Sprouse

 Attacks on BitTorrent
 What is BitTorrent?
 Why is it important?
 How does BitTorrent work?
 BitTorrent vulnerabilities
 Current solutions
 The future
 Attacks on BitTorrent
 What is BitTorrent?
 Why is it important?
 How does BitTorrent work?
 BitTorrent vulnerabilities
 Current solutions
 The future
 What is BitTorrent?
 Created by Brahm Cohen in 2001
 A peer-to-peer file transfer protocol
 Extremely popular today
 Attacks on BitTorrent
 What is BitTorrent?
 Why is it important?
 How does BitTorrent work?
 BitTorrent vulnerabilities
 Current solutions
 The future
 Why is it Important?
 It is used by millions of file sharers across the globe.

 Corporations and open source companies use it to save

bandwidth.
 Why is it Important? (cont’d)
 In 2004 CacheLogic determined BitTorrent was responsible
for 35% of internet Traffic.
 This has raised concerns amongst ISPs such a Comcast,
Verizon and Time Warner.
 Attacks on BitTorrent
 What is BitTorrent?
 Why is it important?
 How does BitTorrent work?
 BitTorrent vulnerabilities
 Current solutions
 The future
 BitTorrent Basics
 Files are broken into pieces.
 Users each download different pieces from the original
uploader (seed).
 Users exchange the pieces with their peers to obtain the ones
they are missing.

 This process is organized by a centralized server called the

Tracker.
 BitTorrent Protocol
 1. Seeder generates a
torrent file
 Uploads torrent to a
web server.
 Seeder – A client
sharing 100% of the
shared file.
 BitTorrent Protocol
 2. The seeder notifies
the tracker that it is
sharing the file
described in the torrent
file.
 BitTorrent Protocol
 3. A leecher downloads
the torrent file from the
web server
 Leecher – client
downloading the shared
file from the seeder.
 BitTorrent Protocol
 The leecher connects to
the tracker specified in
the torrent file.
 The tracker returns a list
of other peers who are
sharing the file.
 BitTorrent Protocol
 5. The leecher connects
to its peers to retrieve
pieces of the files.
 BitTorrent Client Details

 Clients verify the each downloaded piece against a SHA-1

hash contained in the .torrent file.
 Clients use a tit-for-tat strategy for choosing peers to
upload/download to/from.
 Transfer-rate based
 Clients periodically disconnect from clients to connect to
new ones.
 Called “Optimistic Unchoking”
 Attacks on BitTorrent
 What is BitTorrent?
 Why is it important?
 How does BitTorrent work?
 BitTorrent vulnerabilities
 Current solutions
 The future
 BitTorrent Vulnerabilities
 BitTorrent is vulnerable to the following attacks:
 Pollution Attack
 DDOS Attack
 Bandwidth Shaping
 BitTorrent Vulnerabilities
 BitTorrent is vulnerable to the following attacks:
 Pollution Attack
 DDOS Attack
 Bandwidth Shaping
 Pollution Attack
 1. The peers receive
the peer list from the
tracker.
 Pollution Attack
 2. One peer contacts
the attacker for a chunk
of the file.
 Pollution Attack
 The attacker sends
back a false chunk.
 This false chunk will
fail its hash and will be
discarded.
 Pollution Attack
 4. Attacker requests all
chunks from swarm
and wastes their upload
bandwidth.
 Pollution Attack (cont’d)
 Pollution attack have become increasingly popular and have
been used by anti-piracy groups
 In 2005 HBO used pollution attacks to prevent people from
downloading their show Rome.
 BitTorrent Vulnerabilities
 BitTorrent is vulnerable to the following attacks:
 Pollution Attack
 DDOS Attack
 Bandwidth Shaping
 DDOS Attack
 DDOS = Distributed denial of service
 Based on the fact the BitTorrent Tracker has no mechanism
for validating peers.
 Uses modified client software
 DDOS Attack
 1. The attacker
downloads a large
number of torrent files
from a web server.
 DDOS Attack
 2. The attacker parses
the torrent files with a
modified BitTorrent
client and spoofs his
IP address and port
number with the
victims as he
announces he is
joining the swarm.
 DDOS Attack
 3. As the tracker
receives requests for a
list of participating
peers from other
clients it sends the
victims IP and port
number.
 DDOS Attack
 4. The peers then
attempt to connect to
the victim to try and
download a chunk of
the file.
 BitTorrent Vulnerabilities
 BitTorrent is vulnerable to the following attacks:
 Pollution Attack
 DDOS Attack
 Bandwidth Shaping
 Bandwidth Shaping
 Typically done by the BitTorrent user’s ISP

 Comcast has recently admitted to filtering BitTorrent traffic.

 Unencrypted BitTorrent packets are easily identified and filtered.
 Sophisticated filtering software can detect BitTorrent like
behavior.
 Attacks on BitTorrent
 What is BitTorrent?
 Why is it important?
 How does BitTorrent work?
 BitTorrent vulnerabilities
 Current solutions
 The future
 Current Solutions: Bandwidth
Shaping
 Encryption
 Most popular BitTorrent clients come with option to encrypt
the packets they send.
 Fools unsophisticated filters which simply look at the contents
of the packet.
 Won’t work against filters which profile behavior over network
boundaries.
 Current Solutions: Bandwidth
Shaping (cont’d)
 Tunneling
 Using VPN software to connect to an unfiltered network.
 Successfully bypasses filters.
 However due to the peer-to-peer nature of BitTorrent, your
peers must also be on an unfiltered network to take full
advantage.
 Current Solutions: Pollution
Attacks
 Blacklisting
 Achieved using software such as Peer Guardian or moBlock.
 Blocks connections from blacklisted IPs which are downloaded
from an online database.
 Attacks on BitTorrent
 What is BitTorrent?
 Why is it important?
 How does BitTorrent work?
 BitTorrent vulnerabilities
 Current solutions
 The future
 The Future
 There has been much research in the area of peer-to-peer
networking.
 One of the most popular suggestions in recent research is the
integration of the notion of trustworthiness.
 Through the use of a “Trust Management System”
 Trust management
 A trustworthiness score is assigned to each peer in the
swarm.
 These scores will allow better selection of peers.
 Currently BitTorrent's fairness system does not  prevent free
riders and malicious peers. Penalties are not in place for
these "bad" users.
 BitTorrent uses a Rate fairness ratio only no notion of trust.
 An Example Trust Management
System
 Debit-Credit Reputation
system
 Each client calculates a
trust score for their peers
 Based on valid pieces
uploaded
 Tracker combines these
individual scores to make
a global score
 An Example Trust Management
System (cont’d)
 Global trust managed by the tracker prevents clients from
being dishonest.
 Solve the issue of pollution attacks by ignoring
untrustworthy peers
 Trust systems are more flexible than blacklisting because peers
can earn back their trust through good behavior.

 Prevent DDOS attacks because the victim will earn a low

trust score and be ignored.
THE END
 References

 This presentation is based on research paper done for CSU645 co-

written by Timothy Biron and Andrew Sprouse
 http://www.ccs.neu.edu/home/als/termpaper.pdf
 http://www.bittorrent.org/beps/bep_0003.html
 http://radar.oreilly.com/archives/2005/10/hbo_attacking_bitt
orrent.html
 http://in.tech.yahoo.com/041103/137/2ho4i.html