Presentation is loading. Please wait.

Presentation is loading. Please wait.

Securing Data Authentication with Cryptographic Signatures in BitTorrent Du Wei cc.hut.fi / Supervisor : Professor Jukka Manner Instructor.

Published byBenedict Brooks Modified over 9 years ago

Similar presentations

Presentation on theme: "Securing Data Authentication with Cryptographic Signatures in BitTorrent Du Wei cc.hut.fi / Supervisor : Professor Jukka Manner Instructor."— Presentation transcript:

1 Securing Data Authentication with Cryptographic Signatures in BitTorrent Du Wei wedu @ cc.hut.fi / wei.du@hiit.fi Supervisor : Professor Jukka Manner Instructor : Professor Sasu Tarkoma Msc. Petri Savolainen 25-08-2009 Helsinki University of Technology, Finland Department of Communications and Networking

2 Overview Overview 1.Introduction 2.Background 3.Implemetation 4.Expermental Results and Analysis 5.Conclusion

3 Peer-to-Peer File Sharing systems Fast Growing Uses : Audio and Video files A major part of traffic on the Internet Different from Client/Server File Sharing systems 1. INTRODUCTION

4 BitTorrent BitTorrent A Peer-to-Peer File Sharing system The most popular P2P protocol worldwide Millions of users Critical Elements A Web Server : provides the ‘ metainfo ’ file by HTTP The.torrent File : contains ‘ metainfo ’ information (File name, size, checksum, URL of the Tracker, Pieces, Piece length ) A BitTorrent Tracker: manage the list of peers Peers : seeds : have the entire file leechers : still downloading, also called d ownloaders. Free-riders: only download from others but do not upload

5 How BitTorrent Works? Leecher A Seed Leecher B Tracker Web Server 1. Obtain.torrent file 2. Contact the Tracker (URL) Get-announce 3. Obtain a peer list (contains seeds & leechers) 4. Shake-hand 5. Get pieces 5.Get Pieces

6 BitTorrent Messages Peer - Peer Messages: TCP Sockets Peer - Tracker Messages: HTTP Request/Response File Organization A Piece Chunk size=256KB A Block (subpiece) 16KB File 42 1 3 Incomplete Piece Piece Hash Value (SHA1) Size=20Bytes

7 How to validate data Generate piece hashes by SHA1 hashing algorithm Save piece hashes in.torrent file Seed will check if hashes are matched before upload the file Leecher will verify data with hashes in.torrent file when each chunk is downloaded in parallel Problems to Address Piece hashes in.torrent file are not secure enough. The size of.torrent file grows, when the file size increases. Especially, when the chunk size (piece size) is small. In P2P live streaming, the chunk size is smaller, the speed is faster. However, the chunk sizes are always large.

8 2. BACKGROUND Related Work Hash tree : simple but infeasible for a latency sensitive communication Hash chain : lightweight but more complex schemes Cryptographic Signatures Algorithms RSA (Rivest-Shamir-Adleman) DSA (Digital Signature Algorithm) ECDSA (Elliptic Curve Digital Signature Algorithm)

9 3. IMPELEMENTATION 3.1 Design DSA ECDSA RSA Key Pair Step 1- Generate Key Pair by using Cryptographic Algorithms

10 Step 2- Create signatures for.sig file with Private key Save Public key in.torrent file

11 Step 3- Verify Signatures with Public key

12 Public keys are saved in the.torrent file with different Cryptographic Algorithm (Using Openssl library) RSA : n, e DSA : p, q, g ECDSA : ecp Adding SIGNATURE message in BitTorrent Protocol Policy: Once downloading a piece completely, the peer can authenticate it efficiently right away. This policy lets complete pieces could be authenticated quickly, even for smaller piece sizes (large piece numbers) In order to keep the.torrent file smaller, we save the signatures in a.sig file separately and send corresponding signature separately before a piece is sent.

13 SIGNATURE: Payload Information: len : (32 bits integer) id : (32 bits integer) piece_index : (32 bits integer) signature : (X bytes) 3.2 SIGNATURE Message

14

15 4. EXPERIMENTAL RESULTS AND ANALYSIS Hardware: 2 Desktop PCs 1 Switch Software: Ubuntu 9.04 Ktorrent 3.2.1 Openssl 0.9.8g Wondershaper 1.0 4.1 Lab Environments PC1PC2 CPU Intel(R) Core(TM)2 Duo CPU E6750 @ 2.66GHz Intel(R) Core(TM)2 Quad CPU Q9300 @ 2.50GHz Memory4GB8GB NIC Intel Corporation 82566DM-2 Gigabit Ethernet Broadcom Corporation NetXtreme BCM5754 Gigabit Ethernet i686 GNU/Linux x86_64 GNU/Linux

16 Signature Size (Chunk size=32KB) 4.2 Experimental Results Key Size 512(bit) 1024(bit) 2048 (bit) 3072(bit) RSA Signature (Bytes) 64128256384 DSA Signature(Bytes) 48484848 Size (Bytes) ECSDA Secp-160r1 ECDSA Secp-224r1 ECC Signature 4256 ECC 160bit = RSA 1024bit (algorithms strengths) ECC 224bit = RSA 2048bit (algorithms strengths)

17 Signing and Verifying Time of Openssl PC1 Sign(ms)Verify(ms)Sign/sVerify/s rsa512bits0.4460.0332243.130283.3 rsa1024bits1.9980.086500.611679.6 rsa2048bits10.7560.26993.03723.2 rsa4096bits64.1960.87315.581145.8 dsa512bits0.3450.4102894.82440.3 dsa1024bits0.8641.0131157.8987.2 dsa2048bits2.6903.224371.7310.2 ecdsa(secp160r1)160bits 0.31.43518.4719.4 ecdsa(secp224r1)224bits 1.51.7677.9576.37 PC2 Sign(ms)Verify(ms)Sign/sVerify/s rsa512bits0.2290.0164359,363609 rsa1024bits0.8970.0431115,223120,2 rsa2048bits5.0610.136197,67338,4 rsa4096bits32.3230.46730,92140,9 dsa512bits0.1580.1746320,25731,8 dsa1024bits0.4180.4922394,52034,5 dsa2048bits1.3251.578754,8633,8 ecdsa(secp160r1)160bits0.2000.7006285,51424,3 ecdsa(secp224r1)224bits0.7001.1001428,571937,8

18 PC2, File Size =150MB Average Download Speed (MB/s) : PC2, File Size =150MB Max Download Speed = 10MB/s, Max Upload Speed =10MB/s, Chunk size=32KB Max Download Speed = 10MB/s, Max Upload Speed =10MB/s, Chunk size=32KB Average Download Speed (MB/s) Algorithms/Key Size (bit)512102420483072 RSA9,058,898,778,60 DSA8,858,538,388,15 ECDSA(spec160r1/spec224r1) 9,008,80 No Signature9,23 Max Download Speed =128KB/s, Max Upload Speed =128KB/s, Chunk size=32KB Average Download Speed (KB/s) Algorithms/Key Size (bit)512102420483072 RSA120,85120,41119,33118,65 DSA120,75120,84120,72120,68 ECDSA(spec160r1/spec224r1)120,89120,75 No Signature121,43

19 4.3 Data Analysis Max Download Speed =10MB, 150MB File Size, Chunk size=32KB Max Download Speed =128KB, 150MB File Size, Chunk size=32KB

20 RSA is faster than DSA when Max download speed is 10MB But RSA is slower than DSA when Max donwload speed is 128KB Signature size is smaller, average download speed is faster, when bandwidth is small. Verify time is faster, average download speed is faster, when bandwidth is large. ECC is faster due to its small signature size, although it’s slower to verify

21 5. Conclusion P2P Networks Millions of Users Secure, Efficient, Energy saving… VoIP BitTorrent TCP http Services

22 Thank You!

Download ppt "Securing Data Authentication with Cryptographic Signatures in BitTorrent Du Wei cc.hut.fi / Supervisor : Professor Jukka Manner Instructor."

Similar presentations

Public Key Infrastructure and Applications

Public Key Infrastructure and Applications
Security and Privacy over the Internet Chan Hing Wing, Anthony Mphil Yr. 1, CSE, CUHK Oct 19, 1998.

Security and Privacy over the Internet Chan Hing Wing, Anthony Mphil Yr. 1, CSE, CUHK Oct 19, 1998.
Web security: SSL and TLS

Web security: SSL and TLS
Digital Library Service – An overview Introduction System Architecture Components and their functionalities Experimental Results.

Digital Library Service – An overview Introduction System Architecture Components and their functionalities Experimental Results.
Network Security: Lab#2 J. H. Wang Apr. 28, 2011.

Network Security: Lab#2 J. H. Wang Apr. 28, 2011.
Rarest First and Choke Algorithms are Enough Arnaud LEGOUT INRIA, Sophia Antipolis France G. Urvoy-Keller and P. Michiardi Institut Eurecom France.

Rarest First and Choke Algorithms are Enough Arnaud LEGOUT INRIA, Sophia Antipolis France G. Urvoy-Keller and P. Michiardi Institut Eurecom France.
The BitTorrent Protocol

The BitTorrent Protocol
The BitTorrent Protocol. What is BitTorrent?  Efficient content distribution system using file swarming. Does not perform all the functions of a typical.

The BitTorrent Protocol. What is BitTorrent?  Efficient content distribution system using file swarming. Does not perform all the functions of a typical.
The BitTorrent protocol A peer-to-peer file sharing protocol.

The BitTorrent protocol A peer-to-peer file sharing protocol.
Incentives Build Robustness in BitTorrent Bram Cohen.

Incentives Build Robustness in BitTorrent Bram Cohen.
Bit Torrent (Nick Feamster) February 25, 2008. 2 BitTorrent Steps for publishing – Peer creates.torrent file and uploads to a web server: contains metadata.

Bit Torrent (Nick Feamster) February 25, BitTorrent Steps for publishing – Peer creates.torrent file and uploads to a web server: contains metadata.
End-to-end Publishing Using Bittorrent. Bittorrent Bittorrent is a widely used peer-to- peer network used to distribute files, especially large ones It.

End-to-end Publishing Using Bittorrent. Bittorrent Bittorrent is a widely used peer-to- peer network used to distribute files, especially large ones It.
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
Customized Network Security Protocols Cristina Nita-Rotaru and Jeffrey Seibert SPONSORED BY DOUBLE-TAKE SOFTWARE (Jan. 2009 - July 2009) Department of.

Customized Network Security Protocols Cristina Nita-Rotaru and Jeffrey Seibert SPONSORED BY DOUBLE-TAKE SOFTWARE (Jan July 2009) Department of.
Software based Acceleration Methods for XML Signature (Or: is there such a method) Youjin Song DongGuk University, Korea Yuliang Zheng University of North.

Software based Acceleration Methods for XML Signature (Or: is there such a method) Youjin Song DongGuk University, Korea Yuliang Zheng University of North.
CompSci 356: Computer Network Architectures Lecture 21: Content Distribution Chapter 9.4 Xiaowei Yang

CompSci 356: Computer Network Architectures Lecture 21: Content Distribution Chapter 9.4 Xiaowei Yang
Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.

Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.
Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas

Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Similar presentations

Ads by Google