AfterDawn: Tech news

Researchers warn of P2P 'guilt by association' attack

Written by James Delahunty (Google+) @ 10 Apr 2009 9:29 User comments (4)

Researchers warn of P2P 'guilt by association' attack Researchers have warned that regular users of BitTorrent and maybe Skype are risking their privacy due to what they describe as a 'guilt by association' vulnerability. Fabián Bustamante, professor of computer science at Northwestern University, revealed that they have discovered how BitTorrent users form identifiable "communities" over time. The same problem could apply to other technology based on P2P.
"This was particularly surprising because BitTorrent is designed to establish connections at random, so there is no a priori reason for such strong communities to exist," Bustamante says. In a nutshell, it means that users computers tend to connect more often to certain other users machines on P2P networks that was previously thought.

Bustamante says that the research shows that identifying the spontaneous torrent communities would be a "powerful threat to user privacy". For example, users who regularly download and share copyright infringing material could be at risk if investigators started to identify these communities. Most Internet pirates are aware of lawsuits and other deterrents to their activity, but continue to pirate anyway because the odds of actually being the one caught are so slim.

The researchers warn that those odds rise sharply with the naturally forming networks, leaving them open to a guilt by association attack. They found that clued-up eavesdroppers could pick out groups of interest 85% of the time by analyzing just 0.01% of the overall network traffic. There was also a suggestion that Skype users' privacy could be in jeopardy as well, but it is speculative. It suggests that rather than tapping anyone's home line, an agency could setup drones of thousands of active Skype accounts, which presumably would also settle into these commonly occurring groups.

"With P2P networks increasingly under surveillance from private and government organizations," say the researchers. "SwarmScreen provides a practical and effective solution to disrupt [guilt-by-association] attacks". That solution is only available for the Vuze BitTorrent client, and is shown below.



SwarmScreen works by downloading random stuff across the wider P2P network as well as what the client requests. The obviously problem with this is bandwidth wasting, which is why it includes an, "intuitive tuning knob to control the privacy/performance tradeoff - higher privacy may result in some performance loss as some of your bandwidth is allocated to hide your real traffic".

Download Vuze / Azureus from Here.

Download SwarmScreen Plugin from Here.

Previous Next  

4 user comments

110.4.2009 14:46

If my ISP was operated by the MPAA I would be mildly concerned about this.

211.4.2009 6:37

this sounds more like an advert than a news story to me

313.4.2009 0:02
Ascrapper
Inactive

this isnt even the whole story.

Quote:
Problem solved, at least in the case of BitTorrent. However, the truly paranoid will be unconvinced, noting the source of funding for Bustamente's group in this project. Yes, you guessed it - none other than the US federal government itself. ®
[http://www.theregister.co.uk/2009/04/09/p2p_guilt_by_association_attack_countermeasure/] funded by the government? how can you be sure this is just a bs hoax to get people to download vuze? perhaps potentially making it easier to have your privacy compromised?
This message has been edited since its posting. Latest edit was made on 13 Apr 2009 @ 0:09

417.4.2009 12:46

nonoitall, I would take it more seriously. This is one more way to make an attack. 'They' whoever 'they' are might be able to hack your computer on some conspericy loophole.

Comments have been disabled for this article.

News archive