Presentation is loading. Please wait.

Presentation is loading. Please wait.

I know what you are Sharing

Published byAnabel Goodwin Modified over 6 years ago

Similar presentations

Presentation on theme: "I know what you are Sharing"— Presentation transcript:

1 I know what you are Sharing
Exploiting BitTorrent Communications to Invade Users’ Privacy Pujol Guilhem & Xiao Wang

2 Plan Background of Research Exploiting Source and downloader addresses
Experimentation Results & Limitation of our research Suggestion for future work

3 Background of Research
1 Security & Privacy Issues in P2P Streaming systems

4 Security & Privacy Issues in P2P Streaming systems
P2P systems serve users worldwides App #Users P2P Skype 560M MSN Live 550M QQ 500M Google Talk 150M A lot of personal information are exposed on P2P systems. VoIP systems

5 Desirable security and privacy features for P2P systems
Category System feature System operation Reliability, Availability, Dependability Node Autonomy, Access Control Content management Authenticity, Integrity, Non-repudiation, Confidentiality, Anonymity

6 Attack targets in P2P streaming
Passive aspect Influenced by Results into Application code Code provider censorship data leaks P2P protocol Peers, superpeers, application code censor, partition, pollution, partitition, DoS, Overlay routing data privacy, QoS overlay routing delays, DoS partitioning, censorship Distributed data data integrity Partitioning Vulnerability Possible attack objectives

7 Two attack models(1/2) 1. Determine the file-sharing usage of identified users Mainly by comparing IP addresses, determine one’s identity and behaviors on P2P systems. 4 Find IP addresses Participating In 50k most Popular BT files 3 Find IP address 2 Determine VoIP ID 1

8 Two attack models(2/2) 2. Exploit sources of public information to identify and profile BitTorrent content providers big downloaders. (locations,behavor pattern, provided content

9 Exploiting Source and downloader addresses
2

10 Objective Identifying the sources of the torrents published on thepiratebay Studying the recent evolutions of the BitTorrent ecosystem and their impact on privacy

11 Retrieving the torrents
HTTP requests on thepiratebay.se/recent New torrent arrival rate ~ 1 per minute Actualisation every 5 second

12 Retrieving the torrents
Extraction of the links that points to the torrent files Retrival of the files that were not yet downloaded

13 Finding the peers Parsing of the bencoded torrent file : retrieval of every tracker available and computation of the info hash

14 Finding the peers Contact with the trackers : now mainly by UDP, often on port 80 Announce request that asks for a subset of peers Request sent to every known tracker for this torrent

15 Results and limitations
3

16 Results 494 torrent downloaded in 6 hours
At least one tracker could be reached for 389 of them The source could be identified in 151 cases (38%)

17 Results Surprisingly, the number of peers one can retrieve in a single request is high (more than 150) No or extremly high limitation on the number of announce requests one can send to a single tracker

18 Results Cumulative frequencies of the number of peers delivered in response to an announce request

19 Results Appearance of magnet links ~ partial torrent files
magnet:?xt=urn:btih:d10db7b1a8d8e2393a32ddc6e683685f8bc24c19&dn=Conspirators.2012.DVDRip.XviD-BeFRee&tr=udp%3A%2F%2Ftracker.openbittorrent.com%3A80&tr=udp%3A%2F%2Ftracker.publicbt.com%3A80&tr=udp%3A%2F%2Ftracker.istole.it%3A6969&tr=udp%3A%2F%2Ftracker.ccc.de%3A80 Trackers tend to be replaced by Distributed Hash Tables

20 Limitations In the best cases, we only retrieve an IP address and a port number They can be altered by the use of a NAT,a proxy, a VPN, TOR, … This should be applied at a larger scale to be really efficient (all torrent are not first uploaded on the piratebay, no central tracker)

21 Suggestions for further research
4

22 Suggestions for further research
DHT Magnet links Variable sites Scrape-all request Combine with research in Skype to identify user identities Observe longer to profile providers and big downloaders in a larger region By exploiting the scrape-all requests, an adversary can learn the identifiers of all the contents for which he can then collect the peers using the announce requests.High-level statistics

23 Reference Gabriela Gheorghe · Renato Lo Cigno ·Alberto Montresor, Security and privacy issues in P2P streaming systems: A survey Stevens Le Blond, Chao Zhang, Arnaud Legout, Keith Ross, Walid Dabbous, I Know Where You are and What You are Sharing: Exploiting P2P Communications to Invade Users’ Privacy Stevens Le Blond, Arnaud Legout, Fabrice Lefessant, Walid Dabbous, Mohamed Ali Kaafar, Spying the World from your Laptop - Identifying and Profiling Content Providers and Big Downloaders in BitTorrent

24 Demonstration

25

Download ppt "I know what you are Sharing"

Similar presentations

Course on Computer Communication and Networks Lecture 10 Chapter 2; peer-to-peer applications (and network overlays) EDA344/DIT 420, CTH/GU.

Course on Computer Communication and Networks Lecture 10 Chapter 2; peer-to-peer applications (and network overlays) EDA344/DIT 420, CTH/GU.
Digital Library Service – An overview Introduction System Architecture Components and their functionalities Experimental Results.

Digital Library Service – An overview Introduction System Architecture Components and their functionalities Experimental Results.
The BitTorrent Protocol

The BitTorrent Protocol
Incentives Build Robustness in BitTorrent Bram Cohen.

Incentives Build Robustness in BitTorrent Bram Cohen.
End-to-end Publishing Using Bittorrent. Bittorrent Bittorrent is a widely used peer-to- peer network used to distribute files, especially large ones It.

End-to-end Publishing Using Bittorrent. Bittorrent Bittorrent is a widely used peer-to- peer network used to distribute files, especially large ones It.
Clayton Sullivan PEER-TO-PEER NETWORKS. INTRODUCTION What is a Peer-To-Peer Network A Peer Application Overlay Network Network Architecture and System.

Clayton Sullivan PEER-TO-PEER NETWORKS. INTRODUCTION What is a Peer-To-Peer Network A Peer Application Overlay Network Network Architecture and System.
Modelling and Analysing of Security Protocol: Lecture 10 Anonymity: Systems.

Modelling and Analysing of Security Protocol: Lecture 10 Anonymity: Systems.
236349 Project in Computer Security Integrating TOR’s attacks into the I2P darknet Chen Avnery Amihay Vinter.

Project in Computer Security Integrating TOR’s attacks into the I2P darknet Chen Avnery Amihay Vinter.
Peer to Peer (P2P) Networks and File sharing. By: Ryan Farrell.

Peer to Peer (P2P) Networks and File sharing. By: Ryan Farrell.
DDoS Vulnerability Analysis of BitTorrent Protocol CS239 project Spring 2006.

DDoS Vulnerability Analysis of BitTorrent Protocol CS239 project Spring 2006.
EECS 598-2 Presentation Web Tap: Intelligent Intrusion Detection Kevin Borders.

EECS Presentation Web Tap: Intelligent Intrusion Detection Kevin Borders.
FRIENDS: File Retrieval In a dEcentralized Network Distribution System Steven Huang, Kevin Li Computer Science and Engineering University of California,

FRIENDS: File Retrieval In a dEcentralized Network Distribution System Steven Huang, Kevin Li Computer Science and Engineering University of California,
Spotlighting Decentralized P2P File Sharing Archie Kuo and Ethan Le Department of Computer Science San Jose State University.

Spotlighting Decentralized P2P File Sharing Archie Kuo and Ethan Le Department of Computer Science San Jose State University.
Measurement and Diagnosis of Address Misconfigured P2P traffic Zhichun Li, Anup Goyal, Yan Chen and Aleksandar Kuzmanovic Lab for Internet and Security.

Measurement and Diagnosis of Address Misconfigured P2P traffic Zhichun Li, Anup Goyal, Yan Chen and Aleksandar Kuzmanovic Lab for Internet and Security.
Freenet A Distributed Anonymous Information Storage and Retrieval System I Clarke O Sandberg I Clarke O Sandberg B WileyT W Hong.

Freenet A Distributed Anonymous Information Storage and Retrieval System I Clarke O Sandberg I Clarke O Sandberg B WileyT W Hong.
Can Internet Video-on-Demand Be Profitable? SIGCOMM 2007 Cheng Huang (Microsoft Research), Jin Li (Microsoft Research), Keith W. Ross (Polytechnic University)

Can Internet Video-on-Demand Be Profitable? SIGCOMM 2007 Cheng Huang (Microsoft Research), Jin Li (Microsoft Research), Keith W. Ross (Polytechnic University)
The Bittorrent Protocol

The Bittorrent Protocol
1 Measurements and Mitigation of Peer-to-Peer-based Botnets: A Case Study on Storm Worm T. Holz, M. Steiner, F. Dahl, E. Biersack, and F. Freiling - Proceedings.

1 Measurements and Mitigation of Peer-to-Peer-based Botnets: A Case Study on Storm Worm T. Holz, M. Steiner, F. Dahl, E. Biersack, and F. Freiling - Proceedings.
Bluebear: Exploring Privacy Threats in the Internet Arnaud Legout EPI, Planète

Bluebear: Exploring Privacy Threats in the Internet Arnaud Legout EPI, Planète
Privacy in P2P based Data Sharing Muhammad Nazmus Sakib CSCE 824 April 17, 2013.

Privacy in P2P based Data Sharing Muhammad Nazmus Sakib CSCE 824 April 17, 2013.

Similar presentations

Ads by Google