BitTorrent Needs Psychiatric Guarantees: Quantifying How Vulnerable BitTorrent Swarms

Are to Sybil AttacksFelipe Pontes

Francisco BrasileiroNazareno Andrade

09/02/2009

Introduction BitTorrent Protocol Sybil Attacks Sybil Attacks in BitTorrent Systems Simulations Conclusions

2

Agenda

BitTorrent is one of the most popular content distribution protocols nowadays

In BitTorrent she who donates more earns more

Is it possible for someone to have a better download time than that of a collaborator?

3

Introduction

BitTorrent has a completely autonomous identification generation scheme

Peers use a random mechanism to discover other peers

Multiple identities to fool BitTorrent system sybil attack

4

Introduction

To evaluate the impact of sybil attacks in BitTorrent systems when an attacker is interested in increasing her utility

5

Goal

BitTorrent Protocol

Distribution cost shared between peers

Peers downloading a file (leechers) and peers that have already downloaded it (seeders) form a swarm

Trackers help peers to discover other peers

6

Based on a tit-for-tat strategy Peers who have higher upload rates

probably will have higher download rates Connections used to make upload are called

unchoked connections Periodically a peer chooses to whom she

donates

7

BitTorrent Incentive Mechanism

A peer has not a whole system overview

The peer might be choked by potential good partners for not having uploaded to them recently

BitTorrent implements a periodic optimistic unchoking◦A leecher periodically unchokes

randomly-choosen connections

8

BitTorrent Incentive Mechanism

An attacker associates multiple identities to herself in an attempt to fool the other entities

Proper scenarios◦Spam◦Sensor networks◦Router overlays◦Online voting◦Peer-to-peer grids◦Resource sharing

9

Sybil Attacks

Tracker flooded with sybil identities◦ Attacker increases her number of connections◦ Optimistic unchoking connections

How many identities are needed? Mathematical model to help us to

estimate:◦Number of identities◦How rapidly an attacker downloads a file

when compared to a collaborator

10

Sybil Attacks in BitTorrent Systems

General Peer-to-Peer Simulator (GPS)◦ BitTorrent swarms simulations

Changes in GPS to support sybil attacks simulations

Each peer is online for a contiguous period Torrents from traces of BitTorrent usage

derived from a community that shares files for free distribution

11

Simulations

12

Simulations Unfeasible simulations execution using all

torrents◦ GPS memory constraints

A representative sample of torrents to be analyzed in depth

Main parameters◦ Seeders leaving rate ( )◦ Leechers leaving rate ( )◦ File size◦ Download and upload peers bandwidth

Agglomerative Hierarchical Clustering process

Similar torrents are merged in clusters Similarity measured as the average

Euclidian distance of all torrents Clusters’ heterogeneity increases A rule of thumb to stop the merge:

◦ To follow the average level of cluster heterogeneity on every step

◦ To stop the process just before the merges start increasing heterogeneity too rapidly

13

Torrents Clustering

14

Torrents Clustering

Torrents Clustering 14 clusters

◦ 7 non-representative clusters (only 1 or 2 torrents each)

◦ 1 made up of a torrent too similar to other clusters◦ 1 made up of a torrent on which peers stay online for

very little time 5 clusters selected Cluster Torrents

1 169

2 32

3 64

4 34

5 6

15

Representative Torrents

ClusterFile Size

(MB)Upload (KB/s)

Download (KB/s)

1 700.68 10.32 16.18

2 143.32 5.43 7.86

3 380.89 252.49 304.31

4 1024 278.61 1261.4

5 0.49 0.14 0.099

For each cluster we selected one representative torrent◦ The torrent closest to the Euclidian center of

cluster

16

51.10

41.10

44.5.10

51.2.10

67.5.10

42.1.10

52.3.10

53.24.10

55.9.10

51.67.10

Characteristics of torrents

3 distinct attack times◦Start of the torrent (t0) An attacker wants the file as soon as it is

published◦Maximum number of leechers (tc) High resource contention

◦Number of seeders overlaps the number of leechers (ts) Low resource contention

17

Scenarios of Simulations

3 versions of each torrent◦ All leechers act correctly◦ One leecher replaced by the sybil attacker◦ One leecher replaced by a free rider

Sybil attack is effective if the attacker download average rate is equal to or higher than leecher rate◦ The attacker is not incurring in the cost of uploading

to the system

18

Scenarios of Simulations

Results considering 95% of confidence level and 5% of error

Average download rates increase with the attack starting time

Being a correct leecher was better than being a free rider

Performing a sybil attack was better than being a free rider

19

Simulations’ Results

Only a small number of identities is needed for an attack to be effective◦ In 4 out of the 5 representative torrents simulated the

attacker needed only 8 identities◦ In all torrents simulated the attacker could succeed with

at most 130 identities

Mathematical model is considerably accurate◦ Only for 4 scenarios the attack was not effective◦ Large populations of peers at the time of the

attack

20

Simulations’ Results

Simulations’ Results

Time Identities Sybil (KB/s) Leecher (KB/s) Free rider (KB/s)

t0 10 262.44 238.58 171.16

tc 7 433.45 536.57 392.66

ts 13 774.94 813.81 733.14

21

Download average rates to torrent of cluster 4

Simulations’ Results

Time Identities Sybil (KB/s) Leecher (KB/s) Free rider (KB/s)

tc 70 554.04 536.57 392.66

ts 130 951.94 813.81 733.14

22

Download average rates for tenfold increase of identities of torrent of cluster 4

It is possible to perform a sybil attack in BitTorrent

When there is high resource contention the attack was not successful in some scenarios

To increase the number of identities can change the attack result

Greedy attackers might cause the death of torrents

Mechanisms to address sybil attacks in BitTorrent

23

Conclusions

To improve the mathematical model To investigate probabilistic optimistic

unchoking as a strategy to mitigate a sybil attack

To validate results presented in this work experimentally using real torrents

To consider the evolutionary dynamics of sybil attack strategies

24

Future Works

Thank You!Felipe Pontes

felipep@lsd.ufcg.edu.br

This work was developed in collaboration with HP Brasil P&D