Bluebear: Exploring Privacy Threats in BitTorrent

BitTorrent is arguably the most efficient peer-to-peer protocol for content replication. However, BitTorrent has not been designed with privacy in mind and its popularity could threaten the privacy of millions of users. Surprisingly, privacy threats due to BitTorrent have been overlooked because BitTorrent popularity gives its users the illusion that finding them is like looking for a needle in a haystack. The goal of this project is to explore the severity of the privacy threats faced by BitTorrent users.

We argue that it is possible to continuously monitor from a single machine most BitTorrent users and to identify the content providers (also called initial seeds) [LLL_LEET10, LLL_TR10]. This is a major privacy threat as it is possible for anybody in the Internet to reconstruct all the download and upload history of most BitTorrent users.

To circumvent this kind of monitoring, BitTorrent users are increasingly using anonymizing networks such as Tor to hide their IP address from the tracker and, possibly, from other peers. However, we showed that it is possible to retrieve the IP address for more than 70% of BitTorrent users on top of Tor [LMC_POST10]. Moreover, once the IP address of a peer is retrieved, it is possible to link to the IP address other applications used by this peer on top of Tor.

Papers

[LLL_LEET10]
Stevens Le Blond, Arnaud Legout, Fabrice Lefessant, Walid Dabbous, Mohamed Ali Kaafar. Spying the World from your Laptop – Identifying and Profiling Content Providers and Big Downloaders in BitTorrent. In Proc. of LEET’10, April 27, 2010, San Jose, CA, USA. [.ps, .pdf, .tex]. An extended version of this work is available in [LLL_TR10].
[MCL_TOR10]
Pere Manils, Abdelberi Chaabane, Stevens Le Blond, Mohamed Ali Kaafar, Claude Castellucia, Arnaud Legout, Walid Dabbous. Compromising Tor Anonymity Exploiting P2P Information Leakage . Technical Report (inria-00471556, version 1 – 08 Apr 2010), INRIA, Sophia Antipolis, April 2010. [.ps, .pdf, .tex]. This work was presented as an NSDI’10 poster [LMC_POSTER10].
[LMC_POSTER10]
Stevens Le Blond, Pere Manils, Abdelberi Chaabane, Mohamed Ali Kaafar, Arnaud Legout, Claude Castellucia, Walid Dabbous. De-anonymizing BitTorrent Users on Tor. Poster accepted at the 7th USENIX Symposium on Network Design and Implementation (NSDI ’10), April 28-30, 2010, San Jose, CA, USA. [.ps, .pdf, .tex].
[LLL_TR10]
Stevens Le Blond, Arnaud Legout, Fabrice Lefessant, Walid Dabbous. Angling for Big Fish in BitTorrent. Technical Report (inria-00451282, version 1 – 28 Jan 2010), INRIA, Sophia Antipolis, January 2010. [.ps, .pdf, .tex].

<!–Talks

–>Members

  • Arnaud Legout (INRIA, F)
  • Stevens Le Blond (INRIA, F)
  • Fabrice Le Fessant (INRIA, F)
  • Walid Dabbous (INRIA, F)
  • Mohamed Ali Kaafar (INRIA, F)
  • Pere Manils (INRIA, F)
  • Abdelberi Chaabane (INRIA, F)
  • Claude Castellucia (INRIA, F)

If you have any comments or questions you can send me an email at: arnaud.legout@inria.fr

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: