Forgot your password?
Security The Internet

Researchers Outline Targeted Content Poisoning For P2P Data 201

Posted by timothy
from the subscribe-to-your-shackles dept.
Diomidis Spinellis writes "Two USC researchers published a paper in the prestigious IEEE Transactions on Computers that describes a technique for p2p content poisoning targeted exclusively at detected copyright violators. Using identity-based signatures and time-stamped tokens they report a 99.9 percent prevention rate in Gnutella, KaZaA, and Freenet and a 85-98 percent prevention rate on eMule, eDonkey, and Morpheus. Poison-resilient networks based on the BitTorrent protocol are not affected. Also the system can't protect small files, like a single-song MP3. Although the authors don't say so explicitly, my understanding is that the scheme is only useful on commercial p2p distribution systems that adopt the proposed protocol."
This discussion has been archived. No new comments can be posted.

Researchers Outline Targeted Content Poisoning For P2P Data

Comments Filter:
  • by Bigjeff5 (1143585) on Friday July 24, 2009 @12:13AM (#28803525)

    Have you ever actually used a bittorent client before?

    There is no such thing as an overseeded torrent. There are underseeded torrents, and those are frustrating, but there is no such thing as an overseeded torrent. The general idea with upload ratio requirements is that it encourages you to never stop seeding a torrent. If 100 people are seeding and only 3 are downloading, those three get the file extremely fast, and your bandwidth isn't taxed. If you download enough content that you are on a private tracker, then you should have a number of torrents to share. If you aren't downloading all that much, then it will be easy to keep a 100%+ share ratio. If you ARE downloading a lot, you should still be in the 50% range, and eventually you will hit critical mass and the ammount you download won't be able to keep up with the amount you upload.

    It's good for everybody. Plus, if a private tracker has a very high seed rate, chances are the required share ratio will be lowered. It creates a win-win situation.

    Remember, no such thing as an overseeded torrent. If you download a lot, you WILL share a lot. If you keep sharing after you download, you will soon be sharing more than you download. People move on, quit sharing, lose their computers, etc.

    Your share ratio math ignores a lot of things that reduce the amount of data on the network which occur all the time. It's actually pretty easy to exceed 100% share ratios for everybody on the network. If you can't see how it's because you've locked yourself in a tiny box and completely ignored outside factors which remove data and introduce data without affecting increasing the amount of data a person can download. Whenever someone adds a new download to the tracker, the potential share ratio for everyone in the network increases. Whenever a new member joins, the potential share ratio for everyone on the network increases. Eventually it balances out to 100%, but the network is ever changing so it never actually gets there.

  • Paper summary (Score:5, Informative)

    by creidieki (110659) on Friday July 24, 2009 @01:33AM (#28803827) Journal

    As a comp sci grad student, here's what I got from a quick reading of this paper:

    Imagine that you're a content provider, with paying users. You've decided to distribute content to your users by running a Gnutella-style network. How do we make sure that only paying users can get our content? After all, it's an open network.

    We start by sending some sort of magic timestamp-thing to all of the paying users. I didn't read this part in much detail. Anyway, the paying users can all identify each other somehow. They mention that it maintains privacy.

    Some of your paying users (the "Clients") are good, virtuous folk, and they're running the Happy Authorized Gnutella software you gave them. Others (the "Colluders") are running Evil Hacked software. No matter what you do, the Colluders are going to send chunks of your precious data to the "Pirates" (anyone who hasn't paid you).

    Normally, we'd expect our Clients to ignore requests from our Pirates. This paper instead suggests: let's obligate the Clients to send poison data to the Pirates! The Pirates won't know which chunks are bad; they'll only find out that the file is corrupt once it's finished downloading. The Pirates won't be able to get a good copy, and they'll give up and go away.

    And there's one other great thing: we can set up *fake* Pirates, and check which users aren't giving out the poison they're supposed to! So we've served data to all of the Clients; we've identified all of the Colluders; and we've defeated all of the Pirates.

    (Bittorrent has data integrity checks for every chunk, instead of every file; that's why it's not vulnerable to this attack...I mean business model).

    In summary: This paper describes a way that a company can charge for distributing their own content on a peer-to-peer network. It only works if they control a centralized "transaction server" thThat's why no one has ever at organizes the entire network, and if they control the software of all the "honest" people. They can't destroy our existing networks with it, and it doesn't prevent anyone from turning around and posting the file to BitTorrent once it's downloaded.

    The tone of the paper is definitely not as neutral as I feel it should be. What they're trying to say is "there's no obvious way to charge people for running a Gnutella server, because pirates will eat your lunch. But we think we have a way." But it definitely feels like they're putting moral force behind what's really a network algorithms result.

  • by TechForensics (944258) on Friday July 24, 2009 @02:35AM (#28804137) Homepage Journal

    What's to prevent poisoning legal p2p? There are plenty of examples of copyrights being inappropriately asserted. The technology itself doesn't discriminate.

    The article says the method works only on P2P networks that have adopted the authors' proprietary PAP protocol. That's not likely to be many of them.

  • by Anonymous Coward on Friday July 24, 2009 @03:58AM (#28804499)

    Note: This attack does not work on open networks as described. The abstract is in error.

    They're actually describing the design of a large number of authorised, trusted (paid?) clients, and collusive content providers, indexed for some reason in an open network, but trying to poisoning that open network if it asks for the same.

    Riddle me this - why the fuck would such a model not just form a closed network and "solve" the problem that way? (Of course, true Judas nodes are undetectable, leaking a highly-colluded file or master file immediately afterwards, rather than concurrently.)

    GossipTrust has various flaws I'm not going to talk about here; let us simply say, gossip is unreliable, and susceptible to as many attacks as it is in real life. :)

    Further, it's possible for the rest of the network to collude in the exact same way to detect the fake nodes and drop them off the face of the network, using the same thing. Which they do, because a few nodes tried this attack about five years ago. So, the colluders will be partitioned out into a separate network anyway.

    Receive a single poisoned chunk, which is in fact detectable with a single TTH leaf (they have completely forgotten that Gnutella as it was originally defined no longer operates, and in fact TTH is widely pervasive and, due to the smaller block size, many times quicker at spotting corrupted chunks than torrent's often 512KB/1MB SHA-1 list is, although torrent also has a TTH extension now), and all modern P2P network designs will "shitlist" you, which will spread as fast as your chunks do.

    How'd this piece of shit research ever get published in the IEEE journal? It's worthless, its conclusions are questionable, you'd be laughed off the stage talking about this at any security conference. Turn it around and talk about detection, but don't pretend this is practical at all.

  • by Alsee (515537) on Friday July 24, 2009 @04:06AM (#28804541) Homepage

    I'm part way through the research paper, the article summary is just plain wrong.

    There is no vulnerability here. They CANNOT poison Gnutella, KaZaA, and Freenet, eMule, eDonkey, Morpheus, or any other existing network with this technique. To quote the paper: Presently none of these P2P networks has built with satisfactory support for copyright protection.

    The "problem" they want to "solve" is that existing networks to not possess adequate support for poisoning attacks. This paper proposes creating a NEW additional P2P network. They propose deliberately building in special support to ENABLE poisoning attacks.

    While I'm sure the RIAA will eagerly read it over while dreaming of world conquest by releasing their own deliberately crippled "legal P2P network" where they get paid for each authorized client-to-client transfer. As far as most readers here are concerned, this is a completely non-newsworthy story, the contents of this paper are completely irrelevant and harmless. There is absolutely nothing new or surprising about the fact that you can deliberately make your software insecure and you can deliberately leave it vulnerable to poisoning. Yes, a P2P new network could be built Defective By Design.


  • by Alsee (515537) on Friday July 24, 2009 @04:56AM (#28804751) Homepage

    I think he has used torrent before. His complaint about "overseeded" torrents was that *you* get squeezed out from offering any upload on a torrent that has a large ratio of seeders-to-downloaders. If you download some old massively-seeded-and-few-downloaders file, it becomes almost impossible to meet private tracker upload ratios. You could seed for a month and end up with a 0.1 upload ratio.


Every young man should have a hobby: learning how to handle money is the best one. -- Jack Hurley