Mobile/PDA About Us Advertise here


		User name	Password

		Not registered yet? Register here. Lost your password? Click here.

Browse by topic

News

Researchers warn of P2P 'guilt by association' attack

10 April 2009 9:29 by James "Dela" Delahunty | 4 comments

Researchers have warned that regular users of BitTorrent and maybe Skype are risking their privacy due to what they describe as a 'guilt by association' vulnerability. Fabi�n Bustamante, professor of computer science at Northwestern University, revealed that they have discovered how BitTorrent users form identifiable "communities" over time. The same problem could apply to other technology based on P2P.

"This was particularly surprising because BitTorrent is designed to establish connections at random, so there is no a priori reason for such strong communities to exist," Bustamante says. In a nutshell, it means that users computers tend to connect more often to certain other users machines on P2P networks that was previously thought.

Bustamante says that the research shows that identifying the spontaneous torrent communities would be a "powerful threat to user privacy". For example, users who regularly download and share copyright infringing material could be at risk if investigators started to identify these communities. Most Internet pirates are aware of lawsuits and other deterrents to their activity, but continue to pirate anyway because the odds of actually being the one caught are so slim.

The researchers warn that those odds rise sharply with the naturally forming networks, leaving them open to a guilt by association attack. They found that clued-up eavesdroppers could pick out groups of interest 85% of the time by analyzing just 0.01% of the overall network traffic. There was also a suggestion that Skype users' privacy could be in jeopardy as well, but it is speculative. It suggests that rather than tapping anyone's home line, an agency could setup drones of thousands of active Skype accounts, which presumably would also settle into these commonly occurring groups.

"With P2P networks increasingly under surveillance from private and government organizations," say the researchers. "SwarmScreen provides a practical and effective solution to disrupt [guilt-by-association] attacks". That solution is only available for the Vuze BitTorrent client, and is shown below.

SwarmScreen works by downloading random stuff across the wider P2P network as well as what the client requests. The obviously problem with this is bandwidth wasting, which is why it includes an, "intuitive tuning knob to control the privacy/performance tradeoff - higher privacy may result in some performance loss as some of your bandwidth is allocated to hide your real traffic".

Download Vuze / Azureus from Here.

Download SwarmScreen Plugin from Here.

Permalink to this article | Topic: Lawsuits & Legislation

Windows flaw spells BSOD risk to newer operating systems (8 September 2009)

Vuze now portable, for a price (11 May 2009)

Another study shows P2P users buy plenty of music (22 April 2009)

Skype founders want the company back (11 April 2009)

All Beatles albums to be digitally re-mastered (10 April 2009)

Time Warner to offer uncapped "Turbo" Internet access for $150 (10 April 2009)

Vuze, now playing everywhere (23 March 2009)

Nearly 2 weeks into Pirate Bay trial and we're still waiting for evidence (26 February 2009)

Investigator paid by Warner not available for Pirate Bay trial (24 February 2009)

Pirate Bay admins win half their case in a day (17 February 2009)

« Previous news article
Conficker worm finally stirs -- removal advice

Next news article »
Nintendo rules out price cuts for Wii, DS

Post your comment

Discuss this article!
nonoitall (Member) 10 April 2009 14:46
If my ISP was operated by the MPAA I would be mildly concerned about this. [ + quote]
beanos66 (Junior Member) 11 April 2009 6:37
this sounds more like an advert than a news story to me [ + quote]
Ascrapper (Newbie) 13 April 2009 0:02
this isnt even the whole story. *Quote:* Problem solved, at least in the case of BitTorrent. However, the truly paranoid will be unconvinced, noting the source of funding for Bustamente's group in this project. Yes, you guessed it - none other than the US federal government itself. � [http://www.theregister.co.uk/2009/04/09/p2p_guilt_by_association_attack_countermeasure/] funded by the government? how can you be sure this is just a bs hoax to get people to download vuze? perhaps potentially making it easier to have your privacy compromised? [ + quote] This message has been edited since posting. Last time this message was edited on 13 April 2009 0:09
Mez (Senior Member) 17 April 2009 12:46
nonoitall, I would take it more seriously. This is one more way to make an attack. 'They' whoever 'they' are might be able to hack your computer on some conspericy loophole. [ + quote]