Florian Adamsky

Security Analysis of the Micro Transport Protocol with a Misbehaving Receiver

BitTorrent is the most widely used Peer-to-Peer (P2P) protocol and it comprises the largest share of traffic in Europe. To make BitTorrent more Internet Service Provider (ISP) friendly, BitTorrent Inc. invented the Micro Transport Protocol (uTP). It is based on UDP with a novel congestion control called Low Extra Delay Background Transport (LEDBAT). This protocol assumes that the receiver always gives correct feedback, since otherwise this deteriorates throughput or yields to corrupted data. We show through experimental investigation that a misbehaving uTP receiver, which is not interested in data integrity, can increase the bandwidth of the sender by up to five times. This can cause a congestion collapse and steal large share of a victims bandwidth. We present three attacks, which increase the bandwidth usage significantly. We have tested these attacks in a real world environment and show its severity both in terms of number of packets and total traffic generated. We also present a countermeasure for protecting against the attacks and evaluate the performance of that defence strategy.

Who Is Going to Be the Next BitTorrent Peer Idol

Active measurement studies show that the Peer-to-Peer (P2P) file sharing protocol Bit Torrent is highly under attack. Moreover, malicious peers can easily exploit the original seeding algorithm and therefore reduce the efficiency of this protocol. In this paper, we propose a novel seeding algorithm that requests peers to vote for their best sharing peers. Our results show that this incentive mechanism makes Bit Torrent harder to exploit without losing performance. In some situations our algorithm even outperform other seeding algorithms. The peer exchange - that comes as a side effect - reduces the dependency on a centralized tracker and increases the robustness and the efficiency. We studied the effectiveness of our approach in a real testbed comprising 32 peers.

Stealing Bandwidth from BitTorrent Seeders

BitTorrent continues to comprise the largest fraction of Internet traffic. While significant progress has been made in understanding the BitTorrent choking mechanism, its security vulnerabilities have not been investigated thoroughly. This paper presents an experimental analysis of bandwidth attacks against different choking algorithms in the BitTorrent seed state. We reveal a simple exploit that allows malicious peers to receive a considerably higher download rate than contributing leechers, therefore introducing significant efficiency degradations for benign peers. We show the damage caused by the proposed attack in two different environments: a lab testbed comprising 32 peers and a PlanetLab testbed with 300 peers. Our results show that 3 malicious peers can degrade the download rate up to 414.99% for all peers. Combined with a Sybil attack that consists of as many attackers as leechers, it is possible to degrade the download rate by more than 1000%. We propose a novel choking algorithm which is immune against bandwidth attacks and a countermeasure against the revealed attack.

Poster: Destabilizing BitTorrent's clusters to attack high bandwidth leechers

BitTorrent protocol incentivizes sharing through its choking algorithm. BitTorrent choking algorithm creates clusters of leechers with similar upload capacity to achieve higher overall transfer rates. We show that a malicious peer can exploit BitTorrents choking algorithm to reduce the upload utilization of high bandwidth leechers. We use a testbed comprising of 24 nodes to provide experimental evidence of a distributed attack in which the malicious peers increase the download time for high bandwidth leechers by up to 16% and increases average download time of the swarm by up to 15% by using distributed and loosely-coupled malicious peers which comprise only 4.7% of the swarm. The countermeasures of this attack are a part of our ongoing research work.

WLAN Device Fingerprinting using Channel State Information (CSI)

As of IEEE 802.11n, a wireless Network Interface Card (NIC) uses Channel State Information (CSI) to optimize the transmission over multiple antennas. CSI contain radio-metrics such as amplitude and phase. Due to scattering during hardware production these metrics exhibit unique properties. Since these information are transmitted unencrypted, they can be captured by a passive observer. We show that these information can be used to create a unique fingerprint of a wireless device, based on as little as 100 CSI packets per device collected with an off-the-shelf Wi-Fi card. For our proof of concept we captured data from seven smartphones including two identical models. We were able to identify more than 90% when using out-of-the-box Random Forrest (RF).

Integrated Protection of Industrial Control Systems from Cyber-attacks: the ATENA Approach

Abstract Industrial and Automation Control systems traditionally achieved security thanks to the use of proprietary protocols and isolation from the telecommunication networks. Nowadays, the advent of the Industrial Internet of Things poses new security challenges. In this paper, we first highlight the main security challenges that advocate for new risk assessment and security strategies. To this end, we propose a security framework and advanced tools to properly manage vulnerabilities, and to timely react to the threats. The proposed architecture fills the gap between computer science and control theoretic approaches. The physical layers connected to Industrial Control Systems are prone to disrupt when facing cyber-attacks. Considering the modules of the proposed architecture, we focus on the development of a practical framework to compare information about physical faults and cyber-attacks. This strategy is implemented in the ATENA architecture that has been designed as an innovative solution for the protection of critical assets.