Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
The Current Landscape of P2P File Sharing: Challenges and Future Directions Kevin Bauer Ph.D. candidate University of Colorado Talk Outline • • • • • • P2P background Past P2P investigations Evading investigations with anonymity tools Alternate techniques to identify file sharers An emerging threat: “One-click” hosting services Proposal for a future study 1 Context: The Rise of Peer-to-Peer 2006-Present: P2P traffic growing 1993-2000: Early Internet saw mostly web traffic Web Peer-to-Peer FTP Email Source: CacheLogic Research January 2006 2000: Peer-to-peer (P2P) protocols like Gnutella, FastTrack, Napster, & BitTorrent becoming popular for file sharing 2 Current P2P Landscape P2P still most common protocol class in 2008/2009 BitTorrent dominates P2P around the world Source: Ipoque Internet Study 2008/2009 3 BitTorrent Background Torrent metadata File sharer 1. 2. 3. Implicitly register with tracker Peer list Download torrent metadata for the file one wants to obtain Contact tracker server to get peer list Interact with other peers to share parts of the file 4 What Kind of Content is Shared? Source: Ipoque Internet Study 2008/2009 Past Copyright Investigations Copyright investigators Source: Piatek et al., HotSec 2008 Investigators can query tracker for peer list Distribute DMCA take-down letters (US) to each IP address Ping each peer’s IP address • Experience has shown that BitTorrent is often used to distribute copyright-protected media files • Copyright holders hire investigators to identify and even prosecute suspected file sharers 6 Past Copyright Investigations Copyright investigators Source: Piatek et al., HotSec 2008 • Tracker lists can be corrupted with arbitrary IP addresses – Example: Register any IP addresses to the tracker lists • Tracker lists cannot be trusted to prove file sharing 7 Consumer Advocate Reactions 8 Virtual Private Network Anonymizers • Anonymous VPN services (BTGuard, IPREDator) are now available Single-hop VPN service Encrypted tunnel Hides identity mitigates traffic shaping Limitations of centralized VPN approach: 1. Technically feasible to know and disclose both client and destination 9 2. Susceptible to legal pressure Defeating Peer Identification with hop knows Strong Anonymity: Tor Last the destination First hop knows the client Client (file sharer) Tor Network Entry Guard Exit Router Destination Middle Router Tracker Circuit Router List Directory Server Copyright investigators Tor provides anonymity for TCP by tunneling traffic through a virtual circuit of three Tor routers using layered encryption 10 Can BitTorrent Users Hide with Tor? • We characterized how Tor is used in practice and observed significant BitTorrent traffic over a four day observation period Only 3.33%, but over 400,000 connections Source: McCoy et al., Privacy Enhancing Technologies Symposium 2008 11 Can BitTorrent Users Hide with Tor? • BitTorrent is using a disproportionate amount of Tor’s available bandwidth Over 40% of all Tor traffic Source: McCoy et al., Privacy Enhancing Technologies Symposium 2008 12 Alternatives for Peer Identification Accuracy Worst Best Instead, we could download the entire file from every peer Tracker list queries are efficient, but not accurate We want a technique that is accurate, but still efficient Accurate, but inefficient Efficiency Best Worst 13 Identification Through Active Probing • Our method accurately and efficiently collects concrete forensic evidence of a peer’s participation in file sharing Obtain list of suspected peers from tracker Peer is alive and listening on correct TCP port Attempt a TCP connection Peer speaks BitTorrent, provides SHA1 hash describing content being shared Attempt handshake exchange Provides list of all pieces that the peer possesses Concrete file data can be verified as the expected data Increasingly strong levels of evidence Attempt bitfield exchange Request a 16 KB data block 14 Experimental Setup Source: Bauer et al., 1st IEEE International Workshop on Information Forensics and Security 2009 • We evaluate our approach with 10 real, large BitTorrent file shares – Popular TV shows and movies 15 Fraction of Peers that Respond to Probes Average fraction of peers identified by each probe type • Repeating the probing increases the fraction that respond • Over ten repetitions: – TCP connections: 26 – 44% – Handshakes and Bitfields: 18 – 36% – Block requests: 0.6 – 2.4% Low because of BitTorrent’s reciprocity mechanisms 16 Tides are Changing from P2P Back to HTTP P2P 2006: P2P made up 70% of traffic Source: CacheLogic Research 2006 2008/2009: P2P made up 43-70% of traffic Source: Ipoque Internet Study 2008/2009 2009/2010: P2P makes up < 14% of traffic HTTP makes up 57% of traffic Source: Maier et al., ACM Internet Measurement Conference 2009 17 Beyond P2P: “One-Click” Hosting Services Distribution of HTTP Content Types Most Popular HTTP Destination Types Source: Maier et al., ACM Internet Measurement Conference 2009 Example “one-click” hosting services: 18 Beyond P2P: “One-Click” Hosting Services Step 4. Search Download user Indexing site Step 5. Download Step 3. Post URL to indexing site Step 2. Give uploader a URL for file Upload user Step 1. Transfer file to RapidShare “One-click” hosting service 19 One-Click Hosting vs. BitTorrent Content Availability for RapidShare vs. BitTorrent Fraction of Content Copyrighted (n=100) RapidShare vs. BitTorrent Throughput Source: Antoniades et al., ACM Internet Measurement Conference 2009 20 A Proposal for a Future Study • File sharing trends change quickly P2P traffic declined from > 43% in 2008 to < 14% in 2009/2010 • We want to conduct a study aimed at identifying emerging file sharing trends • One avenue of future study: 21 Summary and Conclusion • P2P is being replaced by file hosting services • New investigative tools need to be developed to curb this new type of illegal file sharing – Monitor hosting sites for copyright-protected content – Partner with ISPs to identify file uploaders • Up-to-date information on emerging file sharing trends is essential to proactively implement effective countermeasures 22 Questions? Kevin Bauer ([email protected]) Department of Computer Science, University of Colorado http://systems.cs.colorado.edu/~bauerk 23 References Demetris Antoniades, Evangelos P. Markatos, Constantine Dovrolis. One-click hosting services: a file-sharing hideout. Proceedings of the 9th ACM SIGCOMM conference on Internet measurement 2009. Kevin Bauer, Dirk Grunwald, Douglas Sicker. The Challenges of Stopping Illegal Peer-to-Peer File Sharing. National Cable & Telecommunications Association Technical Papers 2009. Kevin Bauer, Dirk Grunwald, Douglas Sicker. The Arms Race in P2P. 37th Research Conference on Communication, Information, and Internet Policy (TPRC) 2009. Kevin Bauer, Damon McCoy, Dirk Grunwald, Douglas Sicker. BitStalker: Accurately and Efficiently Monitoring BitTorrent Traffic. 1st IEEE International Workshop on Information Forensics and Security 2009. Gregor Maier, Anja Reldmann, Vern Paxson, Mark Allman. On dominant characteristics of residential broadband Internet traffic. Proceedings of the 9th ACM SIGCOMM conference on Internet measurement 2009. Damon McCoy, Kevin Bauer, Dirk Grunwald, Tadayoshi Kohno, Douglas Sicker. Shining Light in Dark Places: Understanding the Tor Network. 8th Privacy Enhancing Technologies Symposium 2008. Michael Piatek, Tadayoshi Kohno, Arvind Krishnamurthy. Challenges and Directions for Monitoring P2P File Sharing Networks –or– Why My Printer Received a DMCA Takedown Notice. 3rd USENIX Workshop on Hot Topics in Security 2008. http://dmca.cs.washington.edu. Ipoque Internet Study 2008/2009.http://www.ipoque.com/resources/internetstudies/internet-study-2008_2009 P2P File Sharing-The Evolving Distribution Chain. CacheLogic Research 2006. http://www.dcia.info/activities/p2pmswdc2006/ferguson.pdf 24