BitTorrent Needs Psychiatric Guarantees: Quantifying How Vulnerable BitTorrent Swarms Are to Sybil Attacks

BitTorrent Needs Psychiatric Guarantees: Quantifying How Vulnerable BitTorrent Swarms Are to Sybil Attacks
Felipe Pontes
Francisco Brasileiro
Nazareno Andrade
09/02/2009

Introduction
BitTorrent Protocol
Sybil Attacks
Sybil Attacks in BitTorrent Systems
Simulations
Conclusions
2
Agenda

BitTorrent is one of the most popular content distribution protocols nowadays
In BitTorrent she who donates more earns more
Is it possible for someone to have a better download time than that of a collaborator?
3
Introduction

BitTorrent has a completely autonomous identification generation scheme
Peers use a random mechanism to discover other peers
Multiple identities to fool BitTorrent system sybil attack
4
Introduction

To evaluate the impact of sybil attacks in BitTorrent systems when an attacker is interested in increasing her utility
5
Goal

BitTorrentProtocol
Distribution cost shared between peers
Peers downloading a file (leechers) and peers that have already downloaded it (seeders) form a swarm
Trackers help peers to discover other peers
6

Based on a tit-for-tat strategy
Peers who have higher upload rates probably will have higher download rates
Connections used to make upload are called unchoked connections
Periodically a peer chooses to whom she donates
7
BitTorrent Incentive Mechanism

A peer has not a whole system overview
The peer might be choked by potential good partners for not having uploaded to them recently
BitTorrent implements a periodic optimistic unchoking
A leecher periodically unchokes randomly-choosen connections
8
BitTorrent Incentive Mechanism

An attacker associates multiple identities to herself in an attempt to fool the other entities
Proper scenarios
Spam
Sensor networks
Router overlays
Online voting
Peer-to-peer grids
Resource sharing
9
SybilAttacks

Tracker flooded with sybil identities
Attacker increases her number of connections
Optimistic unchoking connections
How many identities are needed?
Mathematical model to help us to estimate:
Number of identities
How rapidly an attacker downloads a file when compared to a collaborator
10
SybilAttacks in BitTorrent Systems

General Peer-to-Peer Simulator (GPS)
BitTorrent swarms simulations
Changes in GPS to support sybil attacks simulations
Each peer is online for a contiguous period
Torrents from traces of BitTorrent usage derived from a community that shares files for free distribution
11
Simulations

12
Simulations
Unfeasible simulations execution using all torrents
GPS memory constraints
A representative sample of torrents to be analyzed in depth
Main parameters
Seeders leaving rate ( )
Leechers leaving rate ( )
File size
Download and upload peers bandwidth

Agglomerative Hierarchical Clustering process
Similar torrents are merged in clusters
Similarity measured as the average Euclidian distance of all torrents
Clusters’ heterogeneity increases
A rule of thumb to stop the merge:
To follow the average level of cluster heterogeneity on every step
To stop the process just before the merges start increasing heterogeneity too rapidly
13
TorrentsClustering

14
TorrentsClustering

TorrentsClustering
14 clusters
7 non-representative clusters (only 1 or 2 torrents each)
1 made up of a torrent too similar to other clusters
1 made up of a torrent on which peers stay online for very little time
5 clusters selected
15

RepresentativeTorrents
For each cluster we selected one representative torrent
The torrent closest to the Euclidian center of cluster
16
Characteristics of torrents

3 distinct attack times
Start of the torrent (t0)
An attacker wants the file as soon as it is published
Maximum number of leechers (tc)
High resource contention
Number of seeders overlaps the number of leechers (ts)
Low resource contention
17
ScenariosofSimulations

3 versions of each torrent
All leechers act correctly
One leecher replaced by the sybil attacker
One leecher replaced by a free rider
Sybil attack is effective if the attacker download average rate is equal to or higher than leecher rate
The attacker is not incurring in the cost of uploading to the system
18
ScenariosofSimulations

Results considering 95% of confidence level and 5% of error
Average download rates increase with the attack starting time
Being a correct leecher was better than being a free rider
Performing a sybil attack was better than being a free rider
19
Simulations’ Results

Only a small number of identities is needed for an attack to be effective
In 4 out of the 5 representative torrents simulated the attacker needed only 8 identities
In all torrents simulated the attacker could succeed with at most 130 identities
Mathematical model is considerably accurate
Only for 4 scenarios the attack was not effective
Large populations of peers at the time of the attack
20

21
Download average rates to torrent of cluster 4

22
Download average rates for tenfold increase of identities of torrent of cluster 4

It is possible to perform a sybil attack in BitTorrent
When there is high resource contention the attack was not successful in some scenarios
To increase the number of identities can change the attack result
Greedy attackers might cause the death of torrents
Mechanisms to address sybil attacks in BitTorrent
23
Conclusions

To improve the mathematical model
To investigate probabilistic optimistic unchoking as a strategy to mitigate a sybil attack
To validate results presented in this work experimentally using real torrents
To consider the evolutionary dynamics of sybil attack strategies
24
Future Works

Thank You!
Felipe Pontes
felipep@lsd.ufcg.edu.br
This work was developed in collaboration with HP Brasil P&D