Title: Exploiting BitTorrent For Fun (But Not Profit)
1Exploiting BitTorrent For Fun(But Not Profit)
- Nikitas Liogkas, Robert Nelson, Eddie Kohler,
Lixia Zhang - University of California, Los Angeles
2Motivation
- Robustness system always provides useful
service to all connected peers - depends on peers willingness to contribute
- but uploading not in peers direct self interest
- Fairness those who do not contribute should not
be able to receive good service - Can fairness violations reduce robustness?
3Selfish peers
- BitTorrent fairness model
- rules for data exchange between peers
- tit-for-tat for upload decisions
- Selfishness peers violate fairness while
evading detection - abuse existing protocol mechanisms
- is it effective (fairness violation)?
- impact on honest peers (robustness reduction)?
4Contributions
- Designed and evaluated three selfish exploits
- tools for measuring robustness
- Despite selfishness, BitTorrent quite robust
- at most 29 higher rates for the selfish peer
- but no considerable degradation of service
- How is this robustness achieved?
- identify responsible protocol mechanisms
- propose five guiding design principles
5Presentation outline
- BitTorrent operation
- Implementation and methodology
- Design and evaluation of exploits
- Discussion
- Conclusions
- Future work
6BitTorrent joining a torrent
metadata file
peer list
join
datarequest
- Peers divided into
- seeds have the entire file
- leechers still downloading
1. obtain the metadata file
2. contact the tracker
3. obtain a peer list (contains seeds leechers)
4. contact peers from that list for data
7BitTorrent exchanging data
!
I have
? Verify pieces using hashes
? Download sub-pieces in parallel
? Advertise received pieces to the entire peer
list
? Look for the rarest pieces
8BitTorrent - unchoking
? Periodically calculate data-receiving rates
? Upload to (unchoke) the fastest downloaders
? Optimistic unchoking ? periodically select
a peer at random and upload to it ?
continuously look for the fastest partners
9Presentation outline
- BitTorrent operation
- Implementation and methodology
- Design and evaluation of exploits
- Discussion
- Conclusions
- Future work
10Implementation
- implemented all three exploits in the Ctorrent
client - ensured that our changes did not interfere with
regular protocol operation - exploits do not exhaust all possibleselfish
behavior - but prove to be valuable tools for evaluating
robustness
11Experimental methodology
- Private torrents
- eight leechers one seed on Planetlab
- most torrents are small Guo et al., IMC05
- impose download and upload limits
- leechers join according to Poisson
- purpose measure benefit to selfish (fairness),
impact on honest (robustness) - Public torrents
- two clients join the same torrent together
- purpose reveal impact in real settings
12Exploit 1 Downloading only from seeds
new listrequest
peer list
? Download only from seeds no need to upload
? Repeatedly query the tracker for peer lists
? Distinguish the seeds, and receive data from
them
? Violates fairness model also harmful to honest
peers
13Evaluation Exploit 1in private torrents
Download rates for all peers
- Limit bandwidth of leechers 1 to 6. No limit on
seed. - Modest fairness violation (22 better rate)
when selfish is fast - Robustness does not suffer most honest slower by
lt15
14Evaluation Exploit 1with modified seed
Download rates for all peers
155
- Seed only unchokes one leecher at a time
- Considerable fairness violation selfish peer
faster by 155 - Reduces robustness honest peers slower by at
least 32
15Evaluation Exploit 1in public torrents
- Tested with small (lt 20 peers) and large (gt 150
peers) torrents - Selfish leecher gets consistently higher
download rates (7-20) - Does particularly well in torrents with many
seeds - Greater incentive to cheat in popular torrents
16Exploit 2 Downloading only from the fastest
peers
!
I have
? Download only from fast peers, never waste
time on slow ones
? Do not perform optimistic unchokes
? Observe frequency of piece advertisements
to infer bandwidth of peers
? Especially harmful at the start of a peers
lifetime
17Evaluation Exploit 2in private torrents
Download rates for all peers
- Selfish peer interacts only with the two fastest
leechers in its list - Modest fairness violation selfish peer faster by
29 - Robustness does not suffer impact on honest
peers small
18Evaluation Exploit 2in public torrents
- Exploit fails in public torrents
- consistently lower download rates (1-30)
- Reasons
- optimistic unchoking aids in discovering the
best partners - short-term calculations beat our
advertisement-based estimations - Mechanism for continuous adaptation is valuable
19Exploit 3 Advertisingfalse pieces
2
1
1
2
4
!
I have
3
garbage
1
2
3
? Lie about the pieces you have
? Gradually advertise the rarest pieces
? Send garbage when you do not have a piece
? pollution is not primary objective
20Evaluation Exploit 3in private torrents
Download rates for all peers
- Modest fairness violation selfish peer faster by
22 - Robustness does not suffer some of the honest
peers even improve their rates!
21Evaluation Exploit 3in public torrents
- Exploit fails in public torrents
- modern implementations keep state about the
origin of pieces - lying leechers easily detected
- Remembering past interactions enables defending
against false piece advertisements
22Presentation outline
- BitTorrent operation
- Implementation and methodology
- Design and evaluation of exploits
- Discussion
- Conclusions
- Future work
23Design principles
- Parallel downloading
- Memory of past interactions
- Problem partitioning
- Export minimal information
- Keep the network connected
24Principles 1 and 2
- Maintain parallel interactionswith multiple
peers - example limited impact of the download-only-from-
seeds exploit - Maintain memory of past interactions
- example failure of the false-advertisements
exploit in public torrents - trade-off between robustness and performance
25Principle 3
- Enforce problem partitioning Shneidman et al.,
PODC04 - No peer should be able to influence another
peers decision-making by declaring false
information - Not enforced by BitTorrent
- Should decouple data needs (pieces) from the
provided service (unchoking) - Could harm performance
26Principles 4 and 5
- Export minimal information necessary
- example hide that you are a seed
- super-seeding policy does just that
- Keep the network connected
- optimistic unchoking random choice that aids
robustness - value evident in the failure of the
download-from-the fastest exploit in public
torrents
27Related work
- Describes the basic BitTorrent mechanisms
Cohen, P2PECON03 - Feasibility of selfish behavior in BitTorrent
Shneidman et al., PINS04 - Theoretical analysis Qiu et al., SIGCOMM04
- Simulations Bharambe et al., MSR-TR-2005
- Measurement studies Izal et al., PAM04,
Pouwelse et al., Delft TR 2004 and IPTPS05, Guo
et al., IMC05
28Conclusions
- Presented three selfish exploits
- BitTorrent quite robust, despite fairness
violations - Identified protocol characteristics that enable
robustness - Proposed five guiding design principles
29Future work
- Investigate combinations of exploits
- Our exploits do not exhaust the complete space
of selfish behavior - how to methodically design other (possibly more
successful) exploits? - Selfish behavior in multi-torrent systems
30Exploiting BitTorrent For Fun(But Not Profit)
- Nikitas Liogkas, Robert Nelson, Eddie Kohler,
Lixia Zhang - Questions?
31Bonus slide Exploit 1all-selfish scenario
Download rates for all peers
- Appears as if everyone benefits when everyone is
being selfish - Artifact of the imposed bandwidth limits seed
serving similar clients - Degenerates into a client-server model