personal cloud using bittorrent sync

Upload: flavio-vit

Post on 21-Feb-2018

216 views

Category:

Documents


0 download

TRANSCRIPT

  • 7/24/2019 Personal Cloud using Bittorrent Sync

    1/8

    Personal Cloud using Bittorrent Sync

    Flavio Martins Marcos Vit

    Faculdade de Engenharia Eltrica e de Computao Universidade Estadual de

    Campinas (UNICAMP)

    Av. James Maxwell 30, Cidade Universitria Zeferino Vaz, Distrito Baro Geraldo

    CEP 13083-852 - Campinas-SP Brasil

    [email protected]

    Abstract.The BitTorrent peer-to-peer protocol has proved to be very efficient

    for sharing files in a network without the coordination of central servers.There are currently several cloud storage solutions such as Dropbox but

    recent events involving USA government, private data leakage and spying

    motivated the development ofBittorrent Syncfor offering a personal cloud for

    data storage.

    1

    Introduction

    Bittorrent Sync[1] by Bittorrent, Inc[2] is a proprietary solution for sharing files among

    other computers or mobile devices based on the Bittorrent peer-to-peer protocol, whichwas adapted for this purpose. It is currently in Beta phase and it is available for

    Windows, Mac, Linux, BSD, iOS and Android.

    The files are shared only with the devices specified by the user. It requires no cloud and

    it is fully independent of any servers.

    Figure 1. BitTorrent Sync Data sharing only among users devices

  • 7/24/2019 Personal Cloud using Bittorrent Sync

    2/8

    There is no data size limitation or subscription fees that come with traditional cloud

    based solutions such as Dropbox[3].

    This work will depict this new application checking its performance, security, usability

    and possible new applications.

    2

    Background

    Bram Cohen developed the Bittorrent protocol and released the first version in 2001. It

    proved along the last years to be a successful solution for sharing large volumes of files

    using peer-to-peer networks.

    There are available in the market many solutions for storing data remotely but all of

    them relies on central sever for storing the data.

    There was a gap for an application able to automatically sync files without the

    dependency of a central coordination and not storing the files outside the user domain.

    Bittorrent Sync was conceived to fulfilling this gap ensuring the user could have total

    control of what is being shared.

    2.1 P2P Protocol

    BitTorrent Sync synchronizes your files using a peer-to-peer (P2P) protocol. This

    protocol is very effective for transferring large files across multiple devices, and is very

    similar to the powerful protocol used by applications like Torrent and BitTorrent.

    The data is transferred in pieces from each of the syncing devices, and BitTorrent Sync

    chooses the optimal algorithm to make sure you have a maximum download and upload

    speed during the process.

    The devices chosen to be synched are connected directly using UDP, NAT traversal and

    UPnP port mapping. It is also provided additional methods of ensuring connectivity as

    relay and tracker servers. If the devices are on the same local network, BitTorrent Syncwill use the client LAN for faster synchronization.

    2.2 Security

    BitTorrent Sync was designed with focus on privacy and security. The system uses SRP[4] for mutual authentication and for generating session keys that ensure Perfect

    Forward Secrecy. All traffic between devices is encrypted with AES-128 in counter

    mode, using a unique session key. Modification requests are all verified using Ed25519

    [5] signatures and only systems with full access keys can generate valid modificationrequests.

  • 7/24/2019 Personal Cloud using Bittorrent Sync

    3/8

    2.3 Secret

    The secret is a randomly generated 20-byte key. It is Base32-encoded in order to bereadable by humans. BitTorrent Sync uses /dev/random (Mac, Linux) and the Crypto

    API (Windows) in order to produce a completely random string. This authentication

    approach is significantly stronger than a login/password combination used by other

    services. That's why using a secret generated by BitTorrent Sync is very safe and

    secure.

    The secret can be shared using copy and paste or using QR code and a camera from the

    mobile device.

    Figure 2. Using a QR code for connecting a mobile device to a sync folder

    2.4 Peer Discovery

    In order to find proper peers that have the same secret, Sync uses:

    Local peer discovery. Sending broadcast packets discovers all peers inside local

    network. If there are peers with the same secret they respond to the broadcast

    message and connect.

    Peer exchange (PEX). When two peers are connected, they exchange

    information about other peers they know.

    Known hosts (folder settings). If there is a known host with a static ip:port, it

    is possible to specify this in Sync client, so that it connects to the peer using this

    information.

  • 7/24/2019 Personal Cloud using Bittorrent Sync

    4/8

    DHT. Sync uses DHT to distribute information about itself and obtain theinformation about other peers with this secret. Sync sends

    SHA1(Secret):ip:portto DHT to announce itself and will get a list of peers by

    asking DHT for the following key SHA1(Secret)

    BitTorrent tracker. BitTorrent Sync can use a specific tracker server tofacilitate peer discovery. The tracker server sees the combination of

    SHA1(secret):ip:port and helps peers connect directly. The BitTorrent Sync

    tracker also acts like a STUN server [6] and can help do a NAT traversal for

    peers so that they can establish a direct connection even behind a NAT.

    2.5 Traffic Relay

    There are rare cases when peers cant talk directly. This usually happens when devices

    are in an office behind strong firewalls. In such a case BitTorrent provides a relay server

    to route traffic between peers. All traffic is AES encrypted with your secret, so there is

    no chance for us to see any of your data.

    3

    Developer API

    It is available an API for developing new applications based on BitTorrent Sync. It

    offers to developers a wide range of possibilities. It is possible to integrate Sync intonew apps, build, improve, and change the way Sync works on the devices, or use the

    API to automate workflows.

    This API is based on JSON and gives almost full flexibility to customize Sync

    behaviors, as examples below:

    Get folders and the secrets if available

    Add folders to sync

    Remove folder from sync process

    Get files from a synced folder

    Set synced files preferences, allowing to selectively allow or not a file to be

    synced

    Get the folders peers which are currently connected to the P2P network

    Set folder hosts instead using the tracker and relay server form BitTorrent Inc

    Get download and upload speed

    Shutdown gracefully

  • 7/24/2019 Personal Cloud using Bittorrent Sync

    5/8

    4

    BitTorrent Sync Setup and Tests

    The following test environment was setup for verifying and measuring Bittorrent Syncusability and performance:

    OSX MacBook Pro

    Android Sony Xperia L mobile phone

    Windows 7 notebook

    802.11g WIFI D-LINK DIR-655 router connected to the Internet via DSL

    (10Mbps connection)

    The first 2 devices above were connected to same local network connected the WIFI

    router. The Windows notebook was located in other network reachable through theInternet.

    Bittorrent Sync was installed on each device. The user interfaces were slightly different

    among each other but in general it was straightforward to install and setup.

    The usage of Bittorrent Sync is also very similar in each distribution.

    It will be described in the following sections the test scenarios, results and network

    packets analysis using Wireshark 1.10.3.

    4.1 Configuring the Bittorrent Sync

    Basically the synching setup is very similar on all operating system. It is needed to

    specify a synching folder and generate a shared secret key, or it is possible to get the

    secret key from someone else who want to share data content.

    It is also possible to define if the sync will allow full access or read only permissions to

    the folders.

    For more details about Bittorrent Sync configuration and setup please refer to its online

    documentation [1].

    4.2 Synching Devices Connected to LAN

    The following test scenario was executed with devices connected to a LAN with no

    Internet connection:

    1) An empty sync folder was defined in the MAC Book Pro (IP address

    192.168.0.106)

    2) A newly shared secret was generated for this folder.

    3) Wireshark was used for capturing network traffic for further analysis.

  • 7/24/2019 Personal Cloud using Bittorrent Sync

    6/8

    4) A new sync folder was setup on the Xperia L mobile phone (IP address192.168.0.101) and configured the sharing secret from step 2) using the QR code

    and the mobile phone camera.

    5)

    A test file was created in the Mac Book Pro executing the command below inthe sync folder defined in the step 1)

    dd if=/dev/zero of=test_file_512kB bs=500k count=1

    6) After some seconds (folder scan interval set to 60 seconds by default) the test

    file was synched with the mobile phone.

    7) The observed transfer rate was closer to the limit of the WIFI connection used in

    the test (average speed around 6~8Mbps).

    4.3 Synching Devices Connected through Internet

    This test scenario was similar to the previous one despite the fact that the Windows

    notebook was located on the Internet instead the local area network.

    5 Results

    The tests results indicated that Bittorrent Sync performed very well enabling the sharing

    of files among several devices (PCs and mobile phone). The installation and

    configuration is straightforward. The synchronization process was tested on a local

    network and also with a PC in the Internet. On both scenarios the synchronization wassuccessful and it was noticed data transfer rates closer to the limit of the router and

    Internet connection used in the tests.

    The captured data from Wireshark was analyzed and the following results were

    obtained:

    1. The first interesting package sent from the MacBook was a multicast UDP with

    the message ping4:peer. BitTorrent Sync was trying to locate peers in thelocal network that have folders configured with the same secret.

    2. During the folder sync setup it was noticed communication with IP address

    54.225.92.50, which it is under Amazon domain. This indicated that BitTorrent

    Sync is using services in Amazon for hosting its tracker or relay servers for

    enabling the peer discovery over the Internet. The protocol used was DIS[7] and

    it was possible to check that message get_peers4:peer was used. A response

    was received back with message peers which seems to be the information

    about the available peers for the configured folder.

  • 7/24/2019 Personal Cloud using Bittorrent Sync

    7/8

    3. The data transfer synchronization was done among the peers using UDP.

    6

    Conclusions

    BitTorrent Sync demonstrated to offer a very innovative solution for sharing content

    using an efficient P2P protocol and highly secure data transmission, allowing the user to

    create a personal cloud for data storage, free of subscription fees, disk space limitation

    and able to run even when not connected to the Internet.

    This solution also offers a very flexible developer API that enables the development of

    other applications on top of BitTorrent Sync.

    However, it was noticed the following negative points:

    1) It could be unsafe to share the folder secret key with full access permission with

    someone else. There is a risk of compromising the user data if the secret is

    forwarded to unreliable parties.

    2) The user must be very careful when defining full access directories since an

    accidental content change or deletion will be synched among all devices,

    affecting the data permanently.

    3) As noticed on Wireshark capture logs during the tests, there is some

    communication being performed from BitTorrent Sync to some external IPs.When a sync folder is created, it is enabled by default the relay and tracker

    server offered by BitTorrent Inc. Those servers are used by the P2P protocol forenabling peers discover and communication through the Internet. Case those

    servers are down the sync process will not work over Internet. In other hands, it

    is possible to disable the tracker and relay servers, so the user can define any

    other server than those offered by BitTorrent Inc. for acting as tracker and relay

    servers.

    4) It was checked in the BitTorrent forum a comment from a developer who worksfor BitTorrent Inc. explaining that the sync process sends some data to

    BitTorrent servers but it is just for statistics purposes and no user content data is

    exposed. Looking in the Wireshark capture data it was not possible to check

    what information is being transferred since the data was encrypted.

    7

    References

    1. BitTorrent Sync

    http://www.bittorrent.com/sync/

    2. BitTorrent

    http://www.bittorrent.com/

    3. DropBox

  • 7/24/2019 Personal Cloud using Bittorrent Sync

    8/8

    https://www.dropbox.com/

    4. Secure Remote Password Protocol

    http://www.ietf.org/rfc/rfc2945.txt5. Ed25519: high-speed high-security signatures

    Daniel J. Bernstein, Niels Duif, Tanja Lange, Peter Schwabe, Bo-Yin Yang.

    High-speed high-security signatures. Journal of Cryptographic Engineering 2

    (2012), 7789. Document ID: a1a62a2f76d23f65d622484ddd09caf8.

    http://cr.yp.to/papers.html#ed25519

    6. Session Traversal Utilities for NAT

    RFC 5389, J. Rosenberg, R. Mahy, P. Matthews, D. Wing

    7. IEEE Standard for Distributed Interactive Simulation--Application Protocols

    IEEE Std 1278.1-1995