Flávio Roberto Santos

Inter-swarm resource allocation in BitTorrent communities

A considerable body of research shows that Bit-Torrent provides very efficient resource allocation inside single swarms. Many BitTorrent clients also allow users to participate in multiple swarms simultaneously, and implement inter-swarm resource-allocation mechanisms that are used by millions of people. However, resource allocation across multiple swarms in BitTorrent has received much less attention. In this paper, we investigate whether currently prevalent inter-swarm resource allocation mechanisms perform acceptably or call for improvements. We use data from two BitTorrent communities and present results from trace-based simulations. Two use-cases for allocation mechanisms drive our evaluation: (1) file-sharing communities, whose objective is maximizing throughput, and (2) video-streaming communities, whose objective is maximizing the number of users receiving sufficient resources for uninterrupted streaming. To put the results from the analyzed mechanisms into perspective, we devise theoretical efficiency bounds for inter-swarm resource allocation, for which we map the resource allocation problem to a graph-theoretical flow network problem. In this formalism, the goal of the file-sharing use-case, throughput maximization, is equivalent to maximizing the flow in the network. The goal of the video-streaming use-case translates into finding a max-min fair allocation for BitTorrent downloading sessions, a problem for which we devise a new algorithm.

Identity management based on adaptive puzzles to protect P2P systems from Sybil attacks

The Sybil attack consists on the indiscriminate creation of counterfeit identities, by a malicious user (attacker), in large-scale, dynamic distributed systems (for example, Peer-to-Peer). An effective approach to tackle this attack consists in establishing computational puzzles to be solved prior to granting new identities. Solutions based on this approach have the potential to slow down the assignment of identities to malicious users, but unfortunately may affect normal users as well. To address this problem, we propose the use of adaptive computational puzzles as an approach to limit the spread of Sybils. The key idea is to estimate a trust score of the source from which identity requests depart, calculated as a proportion of the number of identities already granted to (the) user(s) associated to that source, in regard to the average of identities granted to users associated to other sources. The higher the frequency (the) user(s) associated to a source obtain(s) identities, the lower the trust score of that source and, consequently, the higher the complexity of the puzzle to be solved. An in-depth analysis of both (i) the performance of our mechanism under various parameter and environment settings, and (ii) the results achieved with an experimental evaluation, considering real-life traces from a Peer-to-Peer file sharing community, has shown the effectiveness of the proposed mechanism in limiting the spread of Sybil identities. While comparatively more complex puzzles were assigned to potential attackers, legitimate users were minimally penalized with easier-to-solve puzzles.

Improving distributed service management using Service Modeling Language (SML)

Automatic service and application deployment and management is becoming possible through the use of service and infrastructure discovery and policy systems. But using the infrastructure optimally requires intimate knowledge of the hardware and the interaction of its components in order to make optimal allocation of shared resources. This paper proposes an architecture where the hardware infrastructure not only makes operational parameters available (disk size, network bandwidth) but also presents to the service management components, relationships and constraints between the hardware components. We present an implementation which uses the Service Modeling Language, SML, to communicate this information and show how this architecture saves service management from knowing intimate knowledge of the hardware. This enhances optimal service deployment and management in a heterogeneous hardware environment and is a step toward autonomic computing.

Data Transfer Using a Camera and a Three-Dimensional Code

Oneand two-dimensional barcodes have become very popular in the last years and decades and are widely used to identify products and services. Recently, two-dimensional barcodes like QR code are also used to transfer a hyperlink from a magazine or poster to a smartphone. To overcome the low storage capacity of two-dimensional barcodes, the time can be introduced as a third dimension. Instead of one, a sequence of barcodes can be used to transfer an amount of data therefore. This would create a new application area. One could transfer for example files from a personal computer to a smartphone in cases where a wired or wireless connection is not available. The goal of this thesis is to design and implement the whole workflow on the receiver side. This contains capturing the 3D barcode, recognizing and reading the sequence of 2D matrices, and retrieving the original content. An important criterion though is the maximization of the transfer rate respecting the reliability. Furthermore, adversarial conditions have to be identified, tested and documented. The implemented prototype achieves a theoretical throughput of 12’288 bytes per 30 seconds, which means about 430 bytes/s. Interfering factors like distortion, rotation and light reflectance have been evaluated and considered in the implementation. Future extensions of the prototype could for example compensate the occurrent fish-eye effect and aim for larger barcodes, which could help increasing the throughput. Auspicious in this regard are the announced API changes and improvements in Android 4.0, e.g. taking pictures faster due to a shorter burst delay.

On swarm-level resource allocation in BitTorrent communities

BitTorrent is a peer-to-peer computer network protocol for sharing content in an efficient and scalable way. Modeling and analysis of the popular private BitTorrent communities has become an active area of research. In these communities users are strongly incentivized to contribute their resources, i.e., to share their files. In BitTorrent terminology, users who have finished downloading files and stay online to share these files with others in the network are called seeders. The combination of seeders and downloaders of a file is called a swarm. In this paper we examine and evaluate the efficiency of the resource allocation of seeders in multiple swarms. This is formulated as an integer linear fractional programming problem. The evaluation is done on traces representing two existing BitTorrent communities. We find that in communities, particularly with low users-to-files ratio (which is typically the case), there is room for improvement.

Towards a Robust Pollution Control Mechanism for P2P File Sharing Systems

BitTorrent seems to be the most popular peer-to-peer (P2P) protocol in file sharing communities. Such communities are exposed to content pollution attacks (i.e., dissemination of corrupted files, viruses or other malware), which require a moderation effort from their administrators. The complexity of such a cumbersome task increases as the publishing rate of the disseminated content grows. A recent work showed that anti-P2P companies have aggressively attempted to perform a variety of these attacks against file sharing communities [2]. We investigate a novel strategy to fight pollution and how to apply it to BitTorrent.

Denial-of-service attacks and countermeasures on BitTorrent

BitTorrent has been widely used for the efficient distribution of files, such as digital content and media files, to very large numbers of users. However, previous work has exposed vulnerabilities in the protocol and demonstrated that they can be exploited to perform severe Denial-of-Service (DoS) attacks against BitTorrent networks. Earlier, we proposed two novel algorithms as countermeasures to particularly effective attacks, mitigating the problem, and evaluated through simulation. The present paper reviews the attacks previously identified and the countermeasure algorithms, experimentally evaluating their operation through both simulation and experiments on live BitTorrent swarms. Both simulation and experimental results observed with the implementation of attacks and countermeasures indicate that the algorithms are effective in holding DoS attacks and efficient when attacks are not present.

Making puzzles green and useful for adaptive identity management in large-scale distributed systems

Various online systems offer a lightweight process for creating accounts (e.g., confirming an e-mail address), so that users can easily join them. With minimum effort, however, an attacker can subvert this process, obtain a multitude of fake accounts, and use them for malicious purposes. Puzzle-based solutions have been proposed to limit the spread of fake accounts, by establishing a price (in terms of computing resources) per identity requested. Although effective, they do not distinguish between requests coming from presumably legitimate users and potential attackers, and also lead to a significant waste of energy and computing power. In this paper, we build on adaptive puzzles and complement them with waiting time to introduce a green design for lightweight, long-term identity management; it balances the complexity of assigned puzzles based on the reputation of the origin (source) of identity requests, and reduces energy consumption caused by puzzle-solving. We also take advantage of lessons learned from massive distributed computing to come up with a design that makes puzzle-processing useful. Based on a set of experiments, we show that our solution provides significant energy savings and makes puzzle-solving a useful task, while not compromising effectiveness in limiting the spread of fake accounts.

Playback policies for live and on-demand p2p video streaming

Peer-to-peer (P2P) has become a popular mechanism for video distribution over the Internet, by allowing users to collaborate on locating and exchanging video blocks. The approach LiveShift supports further collaboration by enabling storage and a later redistribution of received blocks, thus, enabling time shifting and video-on-demand in an integrated manner. Video blocks, however, are not always downloaded quickly enough to be played back without interruptions. In such situations, the playback policy defines whether peers (a) stall the playback, waiting for blocks to be found and downloaded, or (b) skip them, losing information. Thus, for the fist time this paper investigates in a reproducible manner playback policies for P2P video streaming systems. A survey on currently-used playback policies shows that existing playback policies, required by any streaming system, have been defined almost arbitrarily, with a minimal scientific methodology applied. Based on this survey and on major characteristics of video streaming, a set of five distinct playback policies is formalized and implemented in LiveShift. Comparative evaluations outline the behavior of those policies under both under- and over-provisioned networks with respect to the playback lag experienced by users, the share of skipped blocks, and the share of sessions that fail. Finally, playback policies with most suitable characteristics for either live or on-demand scenarios are derived.

Slowing down to speed up: Protecting users against massive attacks in content distribution systems

The Internet has become a large platform where users can interact and share contents. In this context, content distribution systems (CDS) have been designed to satisfy users needs. Peer-to-Peer (P2P) systems have emerged as a prominent solution to speed up CDS. In this kind of distributed system, a particular interesting challenge refers to mechanisms employed to match users interests and published contents. The efficacy of CDS depends on the expertise of publishers to properly describe contents, which comprises an important task to guarantee good quality of experience (QoE) to users. Massive attacks may harm CDS if countermeasure mechanisms are not considered to fight content pollution. The main objective of the thesis is to devise a mechanism to provide users a good QoE and reduce the effect of malicious interference. To achieve that, three main steps guided the research work presented in the thesis and summarized in this paper: (i) we proposed a novel strategy that operates conservatively to avoid wide pollution dissemination, (ii) we extended our previous solution to cope with the subjectivity regarding content descriptions, and last, (iii) we proposed a generic model to investigate massive attacks (including content pollution) and conservative approaches.