Feeds

P2P eavesdrop 'guilt by association attack' developed

Free BitTorrent countermeasure released

The Essential Guide to IT Transformation

US engineering researchers say they have identified a new privacy threat to users of peer-to-peer (P2P) networks such as BitTorrent and (perhaps) Skype. Obligingly, however, they have freely released a protective plugin designed to work with a popular torrent client.

According to Fabián Bustamante, computer science prof at Northwestern Uni, BitTorrent users - without realising it - form identifiable "communities" over time, in which their computers connect much more often to certain other users' machines.

"This was particularly surprising because BitTorrent is designed to establish connections at random, so there is no a priori reason for such strong communities to exist," Bustamante says.

However, he and his colleagues found that identifying the spontaneous torrent communities would be a "powerful threat to user privacy", described by the researchers as a "guilt-by-association attack". It would allow an organisation monitoring P2P traffic to reliably identify groups of users showing similar behaviour - for instance with relation to particular copyrighted works - much more swiftly and economically than would normally be the case.

According to the Northwestern researchers, clued-up eavesdroppers would be able to pick out groups of clients of interest to them 85 per cent of the time by analysing just 0.01 per cent of the total users on the network. Normally, P2P users tend not to worry too much about monitoring - there are so many users that the chance of being identified and targeted is slim.

Not so much now, according to Bustamante. A relatively minor surveillance effort will allow the RIAA or whoever to pick just the people they're after, ignoring the countless thousands of ordinary users. Quite apart from pigopolists tracking down media sharers of particular interest to them, the Northwestern researchers hint that this could also be a very handy technique for feds, spooks or whoever listening in on P2P VoIP services such as Skype. Listeners wouldn't need to crack any crypto or tap anyone's home line: they could simply establish a few thousand active Skype clients themselves - a trivial matter for an agency such as the NSA - and identify "communities" of interest with ease.

That said, the Northwestern group's research so far has been confined to the BitTorrent network; their mention of P2P VoIP is speculative.

But fear not, says Bustamente - or at least, fear not if you use Vuze/Azureus. He and his colleagues have developed a client plugin they call SwarmScreen, downloadable here, which will prevent a user being picked out in a "guilt by association" torrent trawl.

"With P2P networks increasingly under surveillance from private and government organizations," say the researchers. "SwarmScreen provides a practical and effective solution to disrupt [guilt-by-association] attacks".

SwarmScreen works by downloading random stuff from across the wider P2P network, as well as the things a user has told his or her client to collect. This means that a traffic monitor won't identify that client as part of any given "community".

The downside, of course, is that this wastes bandwidth. However Bustamente and Co have included an "intuitive tuning knob to control the privacy/performance tradeoff - higher privacy may result in some performance loss as some of your bandwidth is allocated to hide your real traffic". Or you can turn down the privacy and accept a greater risk of being fingered in exhange for faster downloads.

Problem solved, at least in the case of BitTorrent. However, the truly paranoid will be unconvinced, noting the source of funding for Bustamente's group in this project. Yes, you guessed it - none other than the US federal government itself. ®

Build a business case: developing custom apps

More from The Register

next story
14 antivirus apps found to have security problems
Vendors just don't care, says researcher, after finding basic boo-boos in security software
'Things' on the Internet-of-things have 25 vulnerabilities apiece
Leaking sprinklers, overheated thermostats and picked locks all online
iWallet: No BONKING PLEASE, we're Apple
BLE-ding iPhones, not NFC bonkers, will drive trend - marketeers
Multipath TCP speeds up the internet so much that security breaks
Black Hat research says proposed protocol will bork network probes, flummox firewalls
Only '3% of web servers in top corps' fully fixed after Heartbleed snafu
Just slapping a patched OpenSSL on a machine ain't going to cut it, we're told
Microsoft's Euro cloud darkens: US FEDS can dig into foreign servers
They're not emails, they're business records, says court
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Israel's Iron Dome missile tech stolen by Chinese hackers
Corporate raiders Comment Crew fingered for attacks
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Maximize storage efficiency across the enterprise
The HP StoreOnce backup solution offers highly flexible, centrally managed, and highly efficient data protection for any enterprise.