bittorrent needs psychiatric guarantees: quantifying how vulnerable bittorrent swarms are to sybil...
DESCRIPTION
Apresentação realizada por Felipe Pontes no LADC'09. Pesquisa desenvolvida no Laboratório de Sistemas Distribuídos (LSD) - Universidade Federal de Campina Grande (UFCG)TRANSCRIPT
BitTorrent Needs Psychiatric Guarantees: Quantifying How Vulnerable BitTorrent Swarms
Are to Sybil AttacksFelipe Pontes
Francisco BrasileiroNazareno Andrade
09/02/2009
Introduction BitTorrent Protocol Sybil Attacks Sybil Attacks in BitTorrent Systems Simulations Conclusions
2
Agenda
BitTorrent is one of the most popular content distribution protocols nowadays
In BitTorrent she who donates more earns more
Is it possible for someone to have a better download time than that of a collaborator?
3
Introduction
BitTorrent has a completely autonomous identification generation scheme
Peers use a random mechanism to discover other peers
Multiple identities to fool BitTorrent system sybil attack
4
Introduction
To evaluate the impact of sybil attacks in BitTorrent systems when an attacker is interested in increasing her utility
5
Goal
BitTorrent Protocol
Distribution cost shared between peers
Peers downloading a file (leechers) and peers that have already downloaded it (seeders) form a swarm
Trackers help peers to discover other peers
6
Based on a tit-for-tat strategy Peers who have higher upload rates
probably will have higher download rates Connections used to make upload are called
unchoked connections Periodically a peer chooses to whom she
donates
7
BitTorrent Incentive Mechanism
A peer has not a whole system overview
The peer might be choked by potential good partners for not having uploaded to them recently
BitTorrent implements a periodic optimistic unchoking◦A leecher periodically unchokes
randomly-choosen connections
8
BitTorrent Incentive Mechanism
An attacker associates multiple identities to herself in an attempt to fool the other entities
Proper scenarios◦Spam◦Sensor networks◦Router overlays◦Online voting◦Peer-to-peer grids◦Resource sharing
9
Sybil Attacks
Tracker flooded with sybil identities◦ Attacker increases her number of connections◦ Optimistic unchoking connections
How many identities are needed? Mathematical model to help us to
estimate:◦Number of identities◦How rapidly an attacker downloads a file
when compared to a collaborator
10
Sybil Attacks in BitTorrent Systems
General Peer-to-Peer Simulator (GPS)◦ BitTorrent swarms simulations
Changes in GPS to support sybil attacks simulations
Each peer is online for a contiguous period Torrents from traces of BitTorrent usage
derived from a community that shares files for free distribution
11
Simulations
12
Simulations Unfeasible simulations execution using all
torrents◦ GPS memory constraints
A representative sample of torrents to be analyzed in depth
Main parameters◦ Seeders leaving rate ( )◦ Leechers leaving rate ( )◦ File size◦ Download and upload peers bandwidth
Agglomerative Hierarchical Clustering process
Similar torrents are merged in clusters Similarity measured as the average
Euclidian distance of all torrents Clusters’ heterogeneity increases A rule of thumb to stop the merge:
◦ To follow the average level of cluster heterogeneity on every step
◦ To stop the process just before the merges start increasing heterogeneity too rapidly
13
Torrents Clustering
14
Torrents Clustering
Torrents Clustering 14 clusters
◦ 7 non-representative clusters (only 1 or 2 torrents each)
◦ 1 made up of a torrent too similar to other clusters◦ 1 made up of a torrent on which peers stay online for
very little time 5 clusters selected Cluster Torrents
1 169
2 32
3 64
4 34
5 6
15
Representative Torrents
ClusterFile Size
(MB)Upload (KB/s)
Download (KB/s)
1 700.68 10.32 16.18
2 143.32 5.43 7.86
3 380.89 252.49 304.31
4 1024 278.61 1261.4
5 0.49 0.14 0.099
For each cluster we selected one representative torrent◦ The torrent closest to the Euclidian center of
cluster
16
51.10
41.10
44.5.10
51.2.10
67.5.10
42.1.10
52.3.10
53.24.10
55.9.10
51.67.10
Characteristics of torrents
3 distinct attack times◦Start of the torrent (t0) An attacker wants the file as soon as it is
published◦Maximum number of leechers (tc) High resource contention
◦Number of seeders overlaps the number of leechers (ts) Low resource contention
17
Scenarios of Simulations
3 versions of each torrent◦ All leechers act correctly◦ One leecher replaced by the sybil attacker◦ One leecher replaced by a free rider
Sybil attack is effective if the attacker download average rate is equal to or higher than leecher rate◦ The attacker is not incurring in the cost of uploading
to the system
18
Scenarios of Simulations
Results considering 95% of confidence level and 5% of error
Average download rates increase with the attack starting time
Being a correct leecher was better than being a free rider
Performing a sybil attack was better than being a free rider
19
Simulations’ Results
Only a small number of identities is needed for an attack to be effective◦ In 4 out of the 5 representative torrents simulated the
attacker needed only 8 identities◦ In all torrents simulated the attacker could succeed with
at most 130 identities
Mathematical model is considerably accurate◦ Only for 4 scenarios the attack was not effective◦ Large populations of peers at the time of the
attack
20
Simulations’ Results
Simulations’ Results
Time Identities Sybil (KB/s) Leecher (KB/s) Free rider (KB/s)
t0 10 262.44 238.58 171.16
tc 7 433.45 536.57 392.66
ts 13 774.94 813.81 733.14
21
Download average rates to torrent of cluster 4
Simulations’ Results
Time Identities Sybil (KB/s) Leecher (KB/s) Free rider (KB/s)
tc 70 554.04 536.57 392.66
ts 130 951.94 813.81 733.14
22
Download average rates for tenfold increase of identities of torrent of cluster 4
It is possible to perform a sybil attack in BitTorrent
When there is high resource contention the attack was not successful in some scenarios
To increase the number of identities can change the attack result
Greedy attackers might cause the death of torrents
Mechanisms to address sybil attacks in BitTorrent
23
Conclusions
To improve the mathematical model To investigate probabilistic optimistic
unchoking as a strategy to mitigate a sybil attack
To validate results presented in this work experimentally using real torrents
To consider the evolutionary dynamics of sybil attack strategies
24
Future Works
Thank You!Felipe Pontes
This work was developed in collaboration with HP Brasil P&D