Feeds

P2P eavesdrop 'guilt by association attack' developed

Free BitTorrent countermeasure released

The essential guide to IT transformation

US engineering researchers say they have identified a new privacy threat to users of peer-to-peer (P2P) networks such as BitTorrent and (perhaps) Skype. Obligingly, however, they have freely released a protective plugin designed to work with a popular torrent client.

According to Fabián Bustamante, computer science prof at Northwestern Uni, BitTorrent users - without realising it - form identifiable "communities" over time, in which their computers connect much more often to certain other users' machines.

"This was particularly surprising because BitTorrent is designed to establish connections at random, so there is no a priori reason for such strong communities to exist," Bustamante says.

However, he and his colleagues found that identifying the spontaneous torrent communities would be a "powerful threat to user privacy", described by the researchers as a "guilt-by-association attack". It would allow an organisation monitoring P2P traffic to reliably identify groups of users showing similar behaviour - for instance with relation to particular copyrighted works - much more swiftly and economically than would normally be the case.

According to the Northwestern researchers, clued-up eavesdroppers would be able to pick out groups of clients of interest to them 85 per cent of the time by analysing just 0.01 per cent of the total users on the network. Normally, P2P users tend not to worry too much about monitoring - there are so many users that the chance of being identified and targeted is slim.

Not so much now, according to Bustamante. A relatively minor surveillance effort will allow the RIAA or whoever to pick just the people they're after, ignoring the countless thousands of ordinary users. Quite apart from pigopolists tracking down media sharers of particular interest to them, the Northwestern researchers hint that this could also be a very handy technique for feds, spooks or whoever listening in on P2P VoIP services such as Skype. Listeners wouldn't need to crack any crypto or tap anyone's home line: they could simply establish a few thousand active Skype clients themselves - a trivial matter for an agency such as the NSA - and identify "communities" of interest with ease.

That said, the Northwestern group's research so far has been confined to the BitTorrent network; their mention of P2P VoIP is speculative.

But fear not, says Bustamente - or at least, fear not if you use Vuze/Azureus. He and his colleagues have developed a client plugin they call SwarmScreen, downloadable here, which will prevent a user being picked out in a "guilt by association" torrent trawl.

"With P2P networks increasingly under surveillance from private and government organizations," say the researchers. "SwarmScreen provides a practical and effective solution to disrupt [guilt-by-association] attacks".

SwarmScreen works by downloading random stuff from across the wider P2P network, as well as the things a user has told his or her client to collect. This means that a traffic monitor won't identify that client as part of any given "community".

The downside, of course, is that this wastes bandwidth. However Bustamente and Co have included an "intuitive tuning knob to control the privacy/performance tradeoff - higher privacy may result in some performance loss as some of your bandwidth is allocated to hide your real traffic". Or you can turn down the privacy and accept a greater risk of being fingered in exhange for faster downloads.

Problem solved, at least in the case of BitTorrent. However, the truly paranoid will be unconvinced, noting the source of funding for Bustamente's group in this project. Yes, you guessed it - none other than the US federal government itself. ®

Next gen security for virtualised datacentres

More from The Register

next story
Ice cream headache as black hat hacks sack Dairy Queen
I scream, you scream, we all scream 'DATA BREACH'!
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
New Snowden leak: How NSA shared 850-billion-plus metadata records
'Federated search' spaffed info all over Five Eyes chums
Three quarters of South Korea popped in online gaming raids
Records used to plunder game items, sold off to low lifes
Oz fed police in PDF redaction SNAFU
Give us your metadata, we'll publish your data
prev story

Whitepapers

5 things you didn’t know about cloud backup
IT departments are embracing cloud backup, but there’s a lot you need to know before choosing a service provider. Learn all the critical things you need to know.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Backing up Big Data
Solving backup challenges and “protect everything from everywhere,” as we move into the era of big data management and the adoption of BYOD.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?