1. Exploiting BitTorrent For Fun (But Not Profit) Nikitas Liogkas, Robert Nelson, Eddie Kohler, Lixia Zhang University of California, Los Angeles

2. Motivation  Robustness: system always provides useful service to all connected peers depends on peers’ willingness to contribute but uploading not in peers’ direct self interest  Fairness: those who do not contribute should not be able to receive good service  Can fairness violations reduce robustness?

3. Selfish peers  BitTorrent fairness model rules for data exchange between peers “tit-for-tat” for upload decisions  Selfishness: peers violate fairness while evading detection abuse existing protocol mechanisms is it effective (fairness violation)? impact on honest peers (robustness reduction)?

4. Contributions  Designed and evaluated three selfish exploits tools for measuring robustness  Despite selfishness, BitTorrent quite robust at most 29% higher rates for the selfish peer but no considerable degradation of service  How is this robustness achieved? identify responsible protocol mechanisms propose five guiding design principles

5. Presentation outline  BitTorrent operation  Implementation and methodology  Design and evaluation of exploits  Discussion  Conclusions  Future work

6. new leecher BitTorrent – joining a torrent Peers divided into:  seeds: have the entire file  leechers: still downloading data request peer list metadata file join 1 23 4 seed/leecherwebsitetracker 1. obtain the metadata file 2. contact the tracker 3. obtain a peer list (contains seeds & leechers) 4. contact peers from that list for data

7. ! BitTorrent – exchanging data I have leecher A ● Verify pieces using hashes ● Download sub-pieces in parallel ● Advertise received pieces to the entire peer list ● Look for the rarest pieces seed leecher Bleecher C

8. BitTorrent - unchoking leecher Aseed leecher Bleecher Cleecher D ● Periodically calculate data-receiving rates ● Upload to (unchoke) the fastest downloaders ● Optimistic unchoking ▪ periodically select a peer at random and upload to it ▪ continuously look for the fastest partners

9. Presentation outline  BitTorrent operation  Implementation and methodology  Design and evaluation of exploits  Discussion  Conclusions  Future work

10. Implementation  implemented all three exploits in the Ctorrent client  ensured that our changes did not interfere with regular protocol operation  exploits do not exhaust all possible selfish behavior…  but prove to be valuable tools for evaluating robustness

11. Experimental methodology  Private torrents eight leechers & one seed on Planetlab most torrents are small [Guo et al., IMC’05] impose download and upload limits leechers join according to Poisson purpose: measure benefit to selfish (fairness), impact on honest (robustness)  Public torrents two clients join the same torrent together purpose: reveal impact in real settings

12. new list request peer list Exploit 1 – Downloading only from seeds leecher Aseed leecher Bleecher C tracker ● Repeatedly query the tracker for peer lists ● Distinguish the seeds, and receive data from them ● Download only from seeds; no need to upload ● Violates fairness model; also harmful to honest peers

13. Evaluation – Exploit 1 in private torrents  Limit bandwidth of leechers 1 to 6. No limit on seed.  Modest fairness violation (22% better rate) when selfish is fast  Robustness does not suffer: most honest slower by <15% min median max 25%ile 75%ile 22% Download rates for all peers

14. Evaluation – Exploit 1 with modified seed  Seed only unchokes one leecher at a time  Considerable fairness violation: selfish peer faster by 155%  Reduces robustness: honest peers slower by at least 32% Download rates for all peers 155%

15. Evaluation – Exploit 1 in public torrents  Tested with small ( 150 peers) torrents  Selfish leecher gets consistently higher download rates (7-20%)  Does particularly well in torrents with many seeds  Greater incentive to cheat in popular torrents

16. Exploit 2 – Downloading only from the fastest peers leecher A leecher Bleecher Cleecher D ● Do not perform optimistic unchokes ● Observe frequency of piece advertisements to infer bandwidth of peers ● Download only from fast peers, never waste time on slow ones ● Especially harmful at the start of a peer’s lifetime !I have

17. Evaluation – Exploit 2 in private torrents  Selfish peer interacts only with the two fastest leechers in its list  Modest fairness violation: selfish peer faster by 29%  Robustness does not suffer: impact on honest peers small Download rates for all peers 29%

18. Evaluation – Exploit 2 in public torrents  Exploit fails in public torrents consistently lower download rates (1-30%)  Reasons optimistic unchoking aids in discovering the best partners short-term calculations beat our advertisement-based estimations  Mechanism for continuous adaptation is valuable

19. Exploit 3 – Advertising false pieces ● Gradually advertise the rarest pieces ● Send garbage when you do not have a piece ● Lie about the pieces you have ▪ pollution is not primary objective leecher A leecher Bleecher C 4 !I have 3 21 12 12 3 garbage

20. Evaluation – Exploit 3 in private torrents  Modest fairness violation: selfish peer faster by 22%  Robustness does not suffer; some of the honest peers even improve their rates! Download rates for all peers 22%

21. Evaluation – Exploit 3 in public torrents  Exploit fails in public torrents modern implementations keep state about the origin of pieces lying leechers easily detected  Remembering past interactions enables defending against false piece advertisements

22. Presentation outline  BitTorrent operation  Implementation and methodology  Design and evaluation of exploits  Discussion  Conclusions  Future work

23. Design principles  Parallel downloading  Memory of past interactions  Problem partitioning  Export minimal information  Keep the network connected

24. Principles #1 and #2  Maintain parallel interactions with multiple peers example: limited impact of the download- only-from-seeds exploit  Maintain memory of past interactions example: failure of the false-advertisements exploit in public torrents trade-off between robustness and performance

25. Principle #3  Enforce problem partitioning [Shneidman et al., PODC’04] “No peer should be able to influence another peer’s decision-making by declaring false information” Not enforced by BitTorrent Should decouple data needs (pieces) from the provided service (unchoking) Could harm performance

26. Principles #4 and #5  Export minimal information necessary example: hide that you are a seed super-seeding policy does just that  Keep the network connected optimistic unchoking: random choice that aids robustness value evident in the failure of the download- from-the fastest exploit in public torrents

27. Related work  Describes the basic BitTorrent mechanisms [Cohen, P2PECON’03]  Feasibility of selfish behavior in BitTorrent [Shneidman et al., PINS’04]  Theoretical analysis [Qiu et al., SIGCOMM’04]  Simulations [Bharambe et al., MSR-TR-2005]  Measurement studies [Izal et al., PAM’04, Pouwelse et al., Delft TR 2004 and IPTPS’05, Guo et al., IMC’05]

28. Conclusions  Presented three selfish exploits  BitTorrent quite robust, despite fairness violations  Identified protocol characteristics that enable robustness  Proposed five guiding design principles

29. Future work  Investigate combinations of exploits  Our exploits do not exhaust the complete space of selfish behavior how to methodically design other (possibly more successful) exploits?  Selfish behavior in multi-torrent systems

30. Exploiting BitTorrent For Fun (But Not Profit) Nikitas Liogkas, Robert Nelson, Eddie Kohler, Lixia Zhang Questions?

31. Bonus slide – Exploit 1 all-selfish scenario  Appears as if everyone benefits when everyone is being selfish  Artifact of the imposed bandwidth limits: seed serving similar clients  Degenerates into a client-server model Download rates for all peers