P2P

BitTorrent Tracker

Saad Ahmd — Fri, 28 Mar 2008 07:37:42 +0000

A BitTorrent tracker is a server which assists in the communication between peers using the BitTorrent protocol . It is also, in the absence of extensions to the original protocol, the only major critical point, as clients are required to communicate with the tracker to initiate downloads. (Clients that have already begun downloading also communicate with the tracker periodically to negotiate with newer peers and provide statistics; however, after the initial reception of peer data, peer communication can continue without a tracker.)A tracker should be differentiated from a BitTorrent index by the fact that it does not necessarily list files that are being tracked. A BitTorrent index is a list of .torrent files (usually including descriptions and other information). Trackers merely coordinate communication between peers attempting to download the payload of the torrents.Many BitTorrent websites act as both tracker and index. Sites such as these publicize the tracker’s URL and allow users to upload torrents to the index with the tracker’s URL embedded in them, providing all the features necessary to initiate a download.A private tracker is a tracker which restricts who can use it, often by requiring registration of a user account. A common method for controlling registration among private trackers is an invite system, which is a system where trusted users are given the ability to grant a new user permission to register at the site. Typically invites, or the codes that are given to prospective users, are granted to users who have uploaded a pre-determined amount, meet specific ratio requirements, and have been registered. Private trackers usually register how much the users upload and download and may enforce a minimum upload-to-download ratio. As a result of the restricted access, their torrents usually offer better availability and speed compared to public trackers where leeching is more common.

Simple file verification

Saad Ahmd — Fri, 28 Mar 2008 07:35:30 +0000

Simple file verification (SFV) is a file format for storing CRC32 checksums of files in order to verify the integrity of files. SFV can be used to detect random corruptions in a file, but cannot be used for checking authenticity in any meaningful way. Typically, the .sfv extention is used on SFV files.Files can become corrupted for a variety of reasons including: faulty storage media, errors in transmission, write errors during copying or moving, software bugs and so on. SFV verification ensures that a file has not been corrupted by comparing the file’s CRC hash value to a previously calculated value. Due to the nature of hash functions, hash collisions may result in false negatives, but the likelihood of collisions is usually negligible with random corruption.SFV cannot be used to verify the authenticity of files, as CRC32 is not a collision resistant hash function; even if the hash sum file is not tampered with, it is computationally trivial for an attacker to cause deliberate hash collisions, meaning that a malicious change in the file is not detected by a hash comparison. In cryptography, this attack is called a collision attack. For this reason, the md5sum and sha1sum utilities are often preferred in Unix operating systems, which use the MD5 and SHA-1 cryptographic hash functions respectively.

Even a single-bit error causes both SFV’s CRC and md5sum’s cryptographic hash to fail, typically requiring the entire file to be re-fetched from scratch. For this reason, the Parchive and rsync utilities are often preferred for verifying that a file has not been accidentally corrupted in transmission, since they can correct common small errors with a much shorter download.Despite above-mentioned weaknesses possessed by the SFV format, it is still a popular data verification technique. This is due to the relatively small amount of time taken by SFV utilities to calculate the CRC32 checksums, especially when compared to the time taken to calculate equivalent cryptographic hashes such as MD5 or SHA-1.One of the first programs to use the SFV format was WinSFV.SFV uses a plain text file containing one line for each file and its checksum in the format FILENAMECHECKSUM. Any line starting with a semicolon ‘;’ is considered to be a comment and is ignored for the purposes of file verification. The delimiter between the filename and checksum is always one or several spaces; tabs are never used.

BitTyrant

Saad Ahmd — Fri, 28 Mar 2008 07:33:45 +0000

BitTyrant is a BitTorrent client modified from the Java-based Azureus 2.5 code base. BitTyrant is designed to give preference to clients uploading to it fastest and limiting slower uploaders. It is free software and cross-platform, currently available for Windows, OS X and Linux.BitTyrant is a result of research projects at University of Washington and University of Massachusetts Amherst, developed and supported by Professors Tom Anderson, Arvind Krishnamurthy, Arun Venkataramani and students Michael Piatek, Jarret Falkner, and Tomas Isdal. The paper describing how it works, Do Incentives Build Robustness in BitTorrent?, sought to challenge the common belief that BitTorrent’s “must upload to download” transfer protocol prevents strategic clients from gaming the system. It won a Best Student Paper award at the 2007 Networked Systems Design and Implementation conference.As a strategic client, it has demonstrated an average increase in download speed by 70% over a standard BitTorrent client. Non-BitTyrant leechers in the swarm generally receive a decrease in download speed. Even so, if all clients are BitTyrant, high capacity peers are more effectively utilized, allowing for an overall increase in download speed. However, there is a caveat. If high capacity peers are involved in many swarms, low capacity peers lose some performance.

Azureus

Saad Ahmd — Fri, 28 Mar 2008 07:30:56 +0000

Azureus Vuze (formerly Azureus) is a BitTorrent client. Like other BitTorrent clients, it is used to transfer files over the BitTorrent Peer-to-peer File sharing network. In other words, it is used to download files that other people have made available.Azureus is written in the programming language Java. Java programs often use more resources than programs written in other languages. However, Java also allows programs written in it to be run on many different operating systems.In 2003, the core developers of Azureus formed a company called Vuze, Inc. (formerly Azureus, Inc.) Vuze, Inc. offers legal downloads of content over the BitTorrent network.The program’s logo is the Blue Poison Dart Frog (Dendrobates azureus). The Azureus name was given to the project by co-creator Tyler Pitchford, who uses the Latin names of poison dart frogs as codenames for his development projects.Azureus was first released in June 2003 at SourceForge.net, mostly to experiment with the Standard Widget Toolkit from Eclipse. It is now one of the most popular BitTorrent clients.Released under the GNU General Public License, Azureus is free software.

?Torrent

Saad Ahmd — Fri, 28 Mar 2008 07:29:09 +0000

µTorrent (also microTorrent or uTorrent) is a freeware, closed source, BitTorrent client for Microsoft Windows written in C++[1] and localized for many different languages. It is designed to use minimal computer resources while offering functionality comparable to larger BitTorrent clients such as Azureus or BitComet.The program has received consistently good reviews for its feature set, performance, stability, and support for older hardware and versions of Windows. It has been in active development since its first release in 2005. Its name is commonly abbreviated “µT” or “uT”.On December 7, 2006, µTorrent developer Ludvig Strigeus and BitTorrent, Inc. CEO Bram Cohen announced that BitTorrent, Inc. had acquired µTorrent.BitTorrent, Inc. has employed the code as the basis of version 6.0 of the BitTorrent client which today, in fact, makes it a re-branded version of µTorrent.

Opennet and darknet (Friend to Friend) network types

Saad Ahmd — Tue, 18 Mar 2008 03:43:01 +0000

Like conventional P2P networks, anonymous P2P networks can implement either opennet or darknet (often named Friend to Friend) network type. This describes how a node on the network selects peer nodes:

* In opennet network, peer nodes are discovered automatically. There is no configuration required but little control available over which nodes become peers.
* In a darknet network, users manually establish connections with nodes run by people they know. Darknet typically needs more effort to set up but a node only has trusted nodes as peers.

Some networks like Freenet support both network types simultaneously (a node can have 5 manually added darknet peer nodes and 5 automatically selected opennet peers) .

In a friend-to-friend (or F2F) network, users only make direct connections with people they know. Many F2F networks support indirect anonymous or pseudonymous communication between users who do not know or trust one another. For example, a node in a friend-to-friend overlay can automatically forward a file (or a request for a file) anonymously between two friends, without telling either of them the other’s name or IP address. These friends can in turn forward the same file (or request) to their own friends, and so on. Users in a friend-to-friend network cannot find out who else is participating beyond their own circle of friends, so F2F networks can grow in size without compromising their users’ anonymity.

Some friend-to-friend networks allow the user to control what kind of files can be exchanged with friends within the node, in order to stop them from exchanging files that user disapproves of.

Advantages and disadvantages of opennet compared to darknet are disputed, see Friend to Friend article for summary.

Spam and DoS attacks in anonymous networks

Saad Ahmd — Tue, 18 Mar 2008 03:37:20 +0000

Originally, anonymous networks were operated by small and friendly communities of developers. As interest in anonymous P2P increased and the user base grew, malicious users inevitably appeared and tried different attacks. This is similar to the Internet, where widespread use has been followed by waves of spam and distributed denial-of-service attacks. Such attacks may require different solutions in anonymous networks. For example, blacklisting of originator network addresses does not work because anonymous networks conceal this information.

Uses of anonymous P2P

Saad Ahmd — Tue, 18 Mar 2008 03:36:01 +0000

There are many reasons to use anonymous P2P technology; most of them are generic to all forms of online anonymity.

P2P users who desire anonymity usually do so as they do not wish to be identified as a publisher (sender), or reader (receiver), of information. Common reasons include:

* The material or its distribution is illegal or incriminating
* Material is legal but socially deplored, embarrassing or problematic in the individual’s social world (for example, anonymity is seen as a key requirement for organizations like Alcoholics Anonymous)
* Fear of retribution (whistleblowers, unofficial leaks, and activists who do not believe in restrictions on information or knowledge)
* Censorship at the local, organizational, or national level
* Personal privacy preferences such as preventing tracking or datamining activities

A particularly open view on legal and illegal content is given in The Philosophy Behind Freenet.

Governments are also interested in anonymous P2P technology. The United States Navy funded the original onion routing research that led to the development of the Tor network, which is now funded by the Electronic Frontier Foundation.

Anonymous P2P

Saad Ahmd — Tue, 18 Mar 2008 03:35:17 +0000

An anonymous P2P computer network is a particular type of peer-to-peer network in which the users are anonymous or pseudonymous by default. The primary difference between regular and anonymous networks is in the routing method of their respective network architectures. These networks allow the unfettered free flow of information, legal or otherwise.Interest in anonymous P2P has increased in recent years for many reasons, including distrust of governments (especially in undemocratic regimes), mass surveillance and data retention, and lawsuits against bloggers.Such networks may also appeal to those wishing to share copyrighted files illegally - organizations such as the Recording Industry Association of America and the British Phonographic Industry have successfully tracked and sued users on non-anonymous P2P networks

Attacks on peer-to-peer networks

Saad Ahmd — Fri, 07 Mar 2008 12:56:32 +0000

Many peer-to-peer networks are under constant attack by people with a variety of motives.

Examples include:

* poisoning attacks (e.g. providing files whose contents are different from the description)
* polluting attacks (e.g. inserting “bad” chunks/packets into an otherwise valid file on the network)
* freeloaders (Sometimes known as ‘Leechers’) (users or software that make use of the network without contributing resources to it)
* insertion of viruses to carried data (e.g. downloaded or carried files may be infected with viruses or other malware)
* malware in the peer-to-peer network software itself (e.g. distributed software may contain spyware)
* denial of service attacks (attacks that may make the network run very slowly or break completely)
* filtering (network operators may attempt to prevent peer-to-peer network data from being carried)
* identity attacks (e.g. tracking down the users of the network and harassing or legally attacking them)
* spamming (e.g. sending unsolicited information across the network- not necessarily as a denial of service attack)

Most attacks can be defeated or controlled by careful design of the peer-to-peer network and through the use of encryption. P2P network defense is in fact closely related to the “Byzantine Generals Problem”. However, almost any network will fail when the majority of the peers are trying to damage it, and many protocols may be rendered impotent by far fewer numbers.