Attacking P2P Networks - PowerPoint PPT Presentation

1 / 9
About This Presentation
Title:

Attacking P2P Networks

Description:

'BitTorrent Acceleration Patch', Torrent Search, eMule , 'eMule Speed Booster' ... Torrent file contains chunk hashes. Single point of reference. Defection ... – PowerPoint PPT presentation

Number of Views:113
Avg rating:3.0/5.0
Slides: 10
Provided by: andre99
Category:

less

Transcript and Presenter's Notes

Title: Attacking P2P Networks


1
Attacking P2P Networks
  • Andre L. Nash
  • ECS 235
  • Thursday, December 8th, 2005

2
Types Of Attacks
  • Poisoning, Spoofing, Spam and Virus Attacks
  • Defection Attacks
  • Malware Attacks
  • Identity Attacks
  • Denial Of Service Attacks

3
P2P Networks Examined
  • eMule / eDonkey
  • Hybrid P2P network
  • Decentralized eMule servers
  • BitTorrent
  • Mixed P2P, decentralized networks.
  • Multiple ad-hoc networks (swarms) that distribute
    a single file (or set of files), aggregated via a
    Tracker
  • Anonymous P2P Networks (I2P, Tor, etc)
  • Network nodes are pseudonymous.
  • Obfuscates information flow, because data can be
    requested either for yourself or on behalf of
    another client
  • Anonymous P2P add-ins exist for BitTorrent, mixed
    eMule network over Anonymous P2P

4
File Identification
  • eMule
  • Files are split into fixed 9.28 MB chunks
  • Each chunk is hashed using the MD4 algorithm
  • Overall file hash generated by MD4 (string
    concatenation of each chunk)
  • Clients identify files to download using file
    hash, peers pass around chunk hashes
  • BitTorrent
  • Variable sized file chunks (32 KB, 64 KB, , 2.0
    MB)
  • Each chunk is hashed using SHA1
  • Torrent file contains each chunk hash (ie single
    reference point for a given torrent).

5
Malware Attacks
  • Some official clients are funded via adware or
    spyware
  • eXeem based on BitTorrent, contains
    decentralized servers (like eMule). Supports
    anonymous P2P.
  • Many modified clients and helper applications
    contain malware, adware in exchange for
    extended functionality (such as anti-leech,
    anti-nick-theft protection, identity protection
    and peer banning)
  • BitTorrent Acceleration Patch, Torrent Search,
    eMule, eMule Speed Booster and P2P Identity
    Secure have appeared on several Spyware lists

6
Poisoning, Spoofing, Spam, and Virus Attacks
  • eMule
  • Supports broken secure user identification
    handshaking algorithm
  • Susceptible to spoofing attacks clients can
    spoof send, receive, cancel, search and preview
    packets
  • Client-specific multiple connection per IP
    setting (further enables spoofing attacks)
  • Peer-managed chunk and part hashes malicious
    client can send arbitrary hashes to clients.
    Helps enable virus attacks.
  • BitTorrent
  • No support for secure user identification
  • Susceptible to spoofing attacks clients can
    spoof send, receive, and choke packets
  • Client-specific multiple connection per IP
    setting enabled by default on several clients
    (further enables spoofing attacks)
  • Torrent file contains chunk hashes. Single point
    of reference.

7
Defection Attacks
  • eMule
  • Peer-managed credit system, where peers are
    placed in a priority queue based on the number of
    credits I owe to you
  • Identity stealing (spoofing) mods enable queue
    cutting
  • Poisoning attacks can be used to gain credit
  • Credit shaping attempting to gain credits by
    selective file sharing
  • BitTorrent
  • Trackers exist that track peer upload/download
    ratio and allow a client to participate in their
    swarm
  • Designed so that every downloading user MUST
    upload (Tit-for-tat file sharing)
  • In practice, optimistic unchoke allows a user to
    download a file very slowly
  • Defection enabled by impersonating other peers
    and sending choke packet.

8
Conclusions
  • BitTorrent protocol provides a base for a secure
    extension
  • Simple protocol, choking algorithm - easily
    developed
  • Official client should not be used for a release
    version
  • Roughly 55 files, 6000 lines of python code
  • No comments or documentation in the official
    client
  • Requires 14 shared libraries (for a Windows
    build), including GTK 2.4, pygtk 2.4, pycrypto
    2.0 and py2exe
  • Security can be gained at the cost of performance
    (multiple connections per IP)
  • Nearly all attacks can be solved by a secure
    handshaking protocol among peers

9
Future Work
  • Examine Trackerless security
  • Modify official BitTorrent tracker and client
  • Support incremental hashing (tracker or
    trackerless)
  • Support secure peer identification (handshaking
    algorithm).
Write a Comment
User Comments (0)
About PowerShow.com