The Current Landscape of P2P File Sharing: Challenges and Future Directions Kevin Bauer Ph.D....
-
Upload
alison-greene -
Category
Documents
-
view
213 -
download
0
Transcript of The Current Landscape of P2P File Sharing: Challenges and Future Directions Kevin Bauer Ph.D....
The Current Landscape of P2P File Sharing: Challenges and Future Directions
Kevin BauerPh.D. candidate
University of Colorado
2
Talk Outline
• P2P background• Past P2P investigations• Evading investigations with anonymity tools• Alternate techniques to identify file sharers• An emerging threat: “One-click” hosting services• Proposal for a future study
3
Context: The Rise of Peer-to-Peer
2000: Peer-to-peer (P2P) protocols like Gnutella, FastTrack, Napster, &BitTorrent becoming popular for file sharing
1993-2000: Early Internetsaw mostly web traffic
2006-Present:P2P traffic growing
Source: CacheLogic Research January 2006
Web
FTP
Peer-to-Peer
4
Current P2P Landscape
Source: Ipoque Internet Study 2008/2009
P2P still most common protocol class in 2008/2009
BitTorrent dominates P2Paround the world
5
BitTorrent Background
1. Download torrent metadata for the file one wants to obtain2. Contact tracker server to get peer list3. Interact with other peers to share parts of the file
File sharer
Torrent metadata
Peer list
Implicitlyregisterwith tracker
7
Past Copyright Investigations
• Experience has shown that BitTorrent is often used to distribute copyright-protected media files
• Copyright holders hire investigators to identify and even prosecute suspected file sharers
Investigators can query tracker for peer list
Distribute DMCAtake-down letters (US)to each IP address
Ping each peer’s IP address
Copyright investigators
Source: Piatek et al., HotSec 2008
8
Past Copyright Investigations
• Tracker lists can be corrupted with arbitrary IP addresses– Example: Register any IP addresses to the tracker lists
• Tracker lists cannot be trusted to prove file sharing
Source: Piatek et al., HotSec 2008
Copyright investigators
10
Virtual Private Network Anonymizers
• Anonymous VPN services (BTGuard, IPREDator) are now available
Encrypted tunnel mitigates traffic shaping
Hides identity
Limitations of centralized VPN approach:1. Technically feasible to know and disclose both client and destination2. Susceptible to legal pressure
Single-hopVPN service
11
Defeating Peer Identification with Strong Anonymity: Tor
Client (file sharer)
Destination
Entry Guard
Middle Router
Exit Router
Directory ServerCircuit
Router List
Tor provides anonymity for TCP by tunneling traffic through a virtual circuit of three Tor routers using layered encryption
Tracker
First hop knows the client
Last hop knowsthe destination
Tor Network
Copyrightinvestigators
12
Can BitTorrent Users Hide with Tor?
• We characterized how Tor is used in practice and observed significant BitTorrent traffic over a four day observation period
Only 3.33%, but over 400,000 connections
Source: McCoy et al., Privacy Enhancing Technologies Symposium 2008
13
Can BitTorrent Users Hide with Tor?
• BitTorrent is using a disproportionate amount of Tor’s available bandwidth
Over 40% ofall Tor traffic
Source: McCoy et al., Privacy Enhancing Technologies Symposium 2008
14
Alternatives for Peer Identification
Tracker list queries are efficient, but not accurate
Instead, we could download the entire file from every peer
Accuracy
EfficiencyAccurate, but inefficient
We want a technique that is accurate, but still efficient
Worst
WorstBest
Best
15
Identification Through Active Probing• Our method accurately and
efficiently collects concrete forensic evidence of a peer’s participation in file sharing
Obtain list of suspected peers from tracker
Attempt a TCP connection
Attempt handshake exchange
Attempt bitfield exchange
Request a 16 KB data block
Increasingly strong levels of evidence
Peer is alive and listening on correct TCP port
Peer speaks BitTorrent, provides SHA1 hash describing content being shared
Provides list of all piecesthat the peer possesses
Concrete file data can be verified as the expected data
16
Experimental Setup
• We evaluate our approach with 10 real, large BitTorrent file shares– Popular TV shows and movies
Source: Bauer et al., 1st IEEE International Workshop on Information Forensics and Security 2009
17
Fraction of Peers that Respond to Probes
• Repeating the probing increases the fraction that respond• Over ten repetitions:
– TCP connections: 26 – 44%– Handshakes and Bitfields: 18 – 36%– Block requests: 0.6 – 2.4%
Average fraction of peers identified by each probe type
Low because of BitTorrent’sreciprocity mechanisms
18
Tides are Changing from P2P Back to HTTP
Source: CacheLogic Research 2006
P2P
2006: P2P made up 70% of traffic2008/2009: P2P made up 43-70% of trafficSource: Ipoque Internet Study 2008/2009
2009/2010: P2P makes up < 14% of traffic HTTP makes up 57% of trafficSource: Maier et al., ACM Internet
Measurement Conference 2009
19
Beyond P2P: “One-Click” Hosting Services
Example “one-click” hosting services:
Source: Maier et al., ACM Internet Measurement Conference 2009
Distribution of HTTP Content Types Most Popular HTTP Destination Types
20
Beyond P2P: “One-Click” Hosting Services
Step 1. Transfer file to RapidShare
Step 2. Give uploader a URL for file
Step 3. Post URL to indexing site
Upload user
Download user
Indexing site
“One-click” hosting service
Step 4. Search
Step 5. Download
21
RapidShare vs. BitTorrent Throughput
One-Click Hosting vs. BitTorrentContent Availability for RapidShare vs. BitTorrent
Fraction of Content Copyrighted (n=100)
Source: Antoniades et al., ACM Internet Measurement Conference 2009
22
A Proposal for a Future Study
• File sharing trends change quickly
• We want to conduct a study aimed at identifying emerging file sharing trends
• One avenue of future study:
P2P traffic declined from > 43% in 2008 to < 14% in 2009/2010
The Road (2009) Up in the Air (2009)
23
Summary and Conclusion
• P2P is being replaced by file hosting services• New investigative tools need to be developed to
curb this new type of illegal file sharing– Monitor hosting sites for copyright-protected content– Partner with ISPs to identify file uploaders
• Up-to-date information on emerging file sharing trends is essential to proactively implement effective countermeasures
24
Questions?
Kevin Bauer ([email protected])Department of Computer Science, University of Colorado
http://systems.cs.colorado.edu/~bauerk
25
ReferencesDemetris Antoniades, Evangelos P. Markatos, Constantine Dovrolis. One-click hosting services: a file-sharing
hideout. Proceedings of the 9th ACM SIGCOMM conference on Internet measurement 2009. Kevin Bauer, Dirk Grunwald, Douglas Sicker. The Challenges of Stopping Illegal Peer-to-Peer File Sharing.
National Cable & Telecommunications Association Technical Papers 2009.Kevin Bauer, Dirk Grunwald, Douglas Sicker. The Arms Race in P2P. 37th Research Conference on
Communication, Information, and Internet Policy (TPRC) 2009.Kevin Bauer, Damon McCoy, Dirk Grunwald, Douglas Sicker. BitStalker: Accurately and Efficiently Monitoring
BitTorrent Traffic. 1st IEEE International Workshop on Information Forensics and Security 2009.Gregor Maier, Anja Reldmann, Vern Paxson, Mark Allman. On dominant characteristics of residential
broadband Internet traffic. Proceedings of the 9th ACM SIGCOMM conference on Internet measurement 2009.
Damon McCoy, Kevin Bauer, Dirk Grunwald, Tadayoshi Kohno, Douglas Sicker. Shining Light in Dark Places: Understanding the Tor Network. 8th Privacy Enhancing Technologies Symposium 2008.
Michael Piatek, Tadayoshi Kohno, Arvind Krishnamurthy. Challenges and Directions for Monitoring P2P File Sharing Networks –or– Why My Printer Received a DMCA Takedown Notice. 3rd USENIX Workshop on Hot Topics in Security 2008. http://dmca.cs.washington.edu.
Ipoque Internet Study 2008/2009.http://www.ipoque.com/resources/internet-studies/internet-study-2008_2009
P2P File Sharing-The Evolving Distribution Chain. CacheLogic Research 2006. http://www.dcia.info/activities/p2pmswdc2006/ferguson.pdf