Transcript The Current Landscape of P2P File Sharing: Challenges and Future

The Current Landscape of P2P File Sharing:
Challenges and Future Directions
Kevin Bauer
Ph.D. candidate
University of Colorado
Talk Outline
•
•
•
•
•
•
P2P background
Past P2P investigations
Evading investigations with anonymity tools
Alternate techniques to identify file sharers
An emerging threat: “One-click” hosting services
Proposal for a future study
1
Context: The Rise of Peer-to-Peer
2006-Present:
P2P traffic
growing
1993-2000:
Early Internet
saw mostly web
traffic
Web
Peer-to-Peer
FTP
Email
Source: CacheLogic Research
January 2006
2000: Peer-to-peer (P2P) protocols
like Gnutella, FastTrack, Napster, &
BitTorrent becoming popular for
file sharing
2
Current P2P Landscape
P2P still most common
protocol class in 2008/2009
BitTorrent
dominates P2P
around the
world
Source: Ipoque Internet Study 2008/2009
3
BitTorrent Background
Torrent
metadata
File sharer
1.
2.
3.
Implicitly
register
with tracker
Peer
list
Download torrent metadata for the file one wants to obtain
Contact tracker server to get peer list
Interact with other peers to share parts of the file
4
What Kind of Content is Shared?
Source: Ipoque Internet Study 2008/2009
Past Copyright Investigations
Copyright investigators
Source: Piatek et al.,
HotSec 2008
Investigators can query
tracker for peer list
Distribute DMCA
take-down letters (US)
to each IP address
Ping each peer’s
IP address
• Experience has shown that BitTorrent is often used to distribute
copyright-protected media files
• Copyright holders hire investigators to identify and even prosecute
suspected file sharers
6
Past Copyright Investigations
Copyright investigators
Source: Piatek et al.,
HotSec 2008
• Tracker lists can be corrupted with arbitrary IP addresses
– Example: Register any IP addresses to the tracker lists
• Tracker lists cannot be trusted to prove file sharing
7
Consumer Advocate Reactions
8
Virtual Private Network Anonymizers
• Anonymous VPN services (BTGuard, IPREDator)
are now available
Single-hop
VPN service
Encrypted tunnel
Hides identity
mitigates traffic shaping
Limitations of centralized VPN approach:
1. Technically feasible to know and disclose both client and destination
9
2. Susceptible to legal pressure
Defeating Peer Identification with
hop knows
Strong Anonymity: Tor Last
the destination
First hop knows
the client
Client
(file sharer)
Tor Network
Entry Guard
Exit Router
Destination
Middle
Router
Tracker
Circuit
Router List
Directory Server
Copyright
investigators
Tor provides anonymity for TCP by tunneling traffic through a
virtual circuit of three Tor routers using layered encryption
10
Can BitTorrent Users Hide with
Tor?
• We characterized how Tor is used in practice and
observed significant BitTorrent traffic over a four day
observation period
Only 3.33%, but over
400,000 connections
Source: McCoy et al., Privacy Enhancing Technologies Symposium 2008
11
Can BitTorrent Users Hide with
Tor?
• BitTorrent is using a disproportionate amount of Tor’s
available bandwidth
Over 40% of
all Tor traffic
Source: McCoy et al., Privacy Enhancing Technologies Symposium 2008
12
Alternatives for Peer Identification
Accuracy
Worst
Best
Instead, we could
download the
entire file from
every peer
Tracker list queries are efficient,
but not accurate
We want a technique that is
accurate, but still efficient
Accurate, but inefficient
Efficiency
Best
Worst
13
Identification Through Active Probing
• Our method accurately and
efficiently collects concrete
forensic evidence of a peer’s
participation in file sharing
Obtain list of suspected
peers from tracker
Peer is alive and listening
on correct TCP port
Attempt a TCP connection
Peer speaks BitTorrent,
provides SHA1 hash
describing content
being shared
Attempt handshake exchange
Provides list of all pieces
that the peer possesses
Concrete file data can be
verified as the expected data
Increasingly
strong levels
of evidence
Attempt bitfield exchange
Request a 16 KB data block
14
Experimental Setup
Source: Bauer et al., 1st IEEE
International Workshop on
Information Forensics and
Security 2009
• We evaluate our approach with 10 real, large BitTorrent
file shares
– Popular TV shows and movies
15
Fraction of Peers that Respond to Probes
Average fraction of peers identified by each probe type
• Repeating the probing increases the fraction that respond
• Over ten repetitions:
– TCP connections: 26 – 44%
– Handshakes and Bitfields: 18 – 36%
– Block requests: 0.6 – 2.4%
Low because of
BitTorrent’s
reciprocity mechanisms
16
Tides are Changing from P2P Back to HTTP
P2P
2006: P2P made up 70% of traffic
Source: CacheLogic Research 2006
2008/2009: P2P made up 43-70% of traffic
Source: Ipoque Internet Study 2008/2009
2009/2010: P2P makes up < 14% of traffic
HTTP makes up 57% of traffic
Source: Maier et al., ACM Internet
Measurement Conference 2009
17
Beyond P2P: “One-Click” Hosting Services
Distribution of HTTP Content Types
Most Popular HTTP Destination Types
Source: Maier et al., ACM Internet Measurement Conference 2009
Example “one-click” hosting services:
18
Beyond P2P: “One-Click” Hosting Services
Step 4. Search
Download user
Indexing site
Step 5. Download
Step 3. Post URL to
indexing site
Step 2. Give uploader
a URL for file
Upload user
Step 1. Transfer file
to RapidShare
“One-click” hosting service
19
One-Click Hosting vs. BitTorrent
Content Availability for RapidShare vs. BitTorrent
Fraction of Content Copyrighted (n=100) RapidShare vs. BitTorrent Throughput
Source: Antoniades et al., ACM Internet
Measurement Conference 2009
20
A Proposal for a Future Study
• File sharing trends change quickly
P2P traffic declined from > 43% in 2008 to < 14% in 2009/2010
• We want to conduct a study aimed at
identifying emerging file sharing trends
• One avenue of future study:
21
Summary and Conclusion
• P2P is being replaced by file hosting services
• New investigative tools need to be developed to
curb this new type of illegal file sharing
– Monitor hosting sites for copyright-protected content
– Partner with ISPs to identify file uploaders
• Up-to-date information on emerging file sharing
trends is essential to proactively implement
effective countermeasures
22
Questions?
Kevin Bauer ([email protected])
Department of Computer Science, University of Colorado
http://systems.cs.colorado.edu/~bauerk
23
References
Demetris Antoniades, Evangelos P. Markatos, Constantine Dovrolis. One-click hosting services: a file-sharing
hideout. Proceedings of the 9th ACM SIGCOMM conference on Internet measurement 2009.
Kevin Bauer, Dirk Grunwald, Douglas Sicker. The Challenges of Stopping Illegal Peer-to-Peer File Sharing.
National Cable & Telecommunications Association Technical Papers 2009.
Kevin Bauer, Dirk Grunwald, Douglas Sicker. The Arms Race in P2P. 37th Research Conference on
Communication, Information, and Internet Policy (TPRC) 2009.
Kevin Bauer, Damon McCoy, Dirk Grunwald, Douglas Sicker. BitStalker: Accurately and Efficiently Monitoring
BitTorrent Traffic. 1st IEEE International Workshop on Information Forensics and Security 2009.
Gregor Maier, Anja Reldmann, Vern Paxson, Mark Allman. On dominant characteristics of residential
broadband Internet traffic. Proceedings of the 9th ACM SIGCOMM conference on Internet measurement
2009.
Damon McCoy, Kevin Bauer, Dirk Grunwald, Tadayoshi Kohno, Douglas Sicker. Shining Light in Dark Places:
Understanding the Tor Network. 8th Privacy Enhancing Technologies Symposium 2008.
Michael Piatek, Tadayoshi Kohno, Arvind Krishnamurthy. Challenges and Directions for Monitoring P2P File
Sharing Networks –or– Why My Printer Received a DMCA Takedown Notice. 3rd USENIX Workshop on
Hot Topics in Security 2008. http://dmca.cs.washington.edu.
Ipoque Internet Study 2008/2009.http://www.ipoque.com/resources/internetstudies/internet-study-2008_2009
P2P File Sharing-The Evolving Distribution Chain. CacheLogic Research 2006.
http://www.dcia.info/activities/p2pmswdc2006/ferguson.pdf
24