BitTorrent

Prepared By Harsh B. Brahmbhatt

1.1 Introduction
- BitTorrent is a peer-to-peer file sharing protocol used to distribute large amounts of data.
- BitTorrent is one of the most common protocols for transferring large files. - Its main usage is for the transfer of large sized files.

- BitTorrent protocol has been built on a technology which makes it possible to distribute large amounts of data without the need of a high capacity server, and expensive bandwidth. - This is the most striking feature of this file transfer protocol.

1.2 History
- BitTorrent was created by a programmer named Bram Cohen.
- Bram Cohen (born October 12, 1975) is an American computer programmer. - Cohen invented this protocol in April 2001. The first usable version of BitTorrent appeared in October 2002, but the system needed a lot of fine-tuning. BitTorrent really started to take off in early 2003.

2. BitTorrent and Other approaches

2.1 A Typical HTTP File Transfer

2.2 The DAP method 2.3 The BitTorrent Approach

2.1 A Typical HTTP File Transfer

- The most common type of file transfer is through a HTTP server. In this method, a HTTP server listens to the clients requests and serves them. - Here the client can only depend on the lone server that is providing the file. The overall download scheme will be limited to the limitations of that server.

Fig 2.1: HTTP/FTP File Transfer

2.2 The DAP method

- Download Accelerator Plus (DAP) is the world's popular download accelerator. - DAP's key features include the ability to

accelerate downloading of files in FTP and

HTTP protocols, to pause and resume

downloads, and to recover from dropped

internet connections.

2.3 The BitTorrent Approach

In BitTorrent, the data to be shared is divided into many equal-sized portions called pieces.
Each piece is further sub-divided into equalsized sub-pieces called blocks. All clients interested in sharing this data are grouped into a swarm, each of which is managed by a central entity called the tracker.

BitTorrent has revolutionized the way files are shared between people.

- It does not require a user to download a file completely from a single server. - Instead a file can be downloaded from many such users who are indeed downloading the same file. - A user who has the complete file, called the seed will initiate the download by transferring pieces of file to the users. - Once a user has some considerable number of such pieces of a file then even he can start sharing them with other users who are yet to receive those pieces. - This concept enables a client not to depend on a server completely and also it reduces overall load on the server.

Fig 2.2 : BitTorrent File Transfer

3. Working of BitTorrent[4]

4. Terminology

These are the common terms that one would come across while making a typical

BitTorrent file transfer.

Torrent : this refers to the small metadata file you receive from the web server (the one that ends in .torrent.) Meta data here means that the file contains information about the data you want to download, not the data itself. Peer : A peer is another computer on the internet that you connect to and transfer data. Generally a peer does not have the complete file. Leeches : They are similar to peers in that they wont have the complete file.

But the main difference between the two is that a leech will not upload once the file is downloaded.

 Seed : A computer that has a complete copy of a certain torrent. Once a client downloads a file completely, he can continue to upload the file which is called as seeding. This is a good practice in the BitTorrent world since it allows other users to have the file easily. Reseed : When there are zero seeds for a given torrent, then eventually all the peers will get stuck with an incomplete file, since no one in the swarm has the missing pieces. When this happens, a seed must connect 206 to the swarm so that those missing pieces can be transferred. This is called reseeding. Swarm : The group of machines that are collectively connected for a particular file. Tracker : A server on the Internet that acts to coordinate the action of BitTorrent clients. The clients are in constant touch with this server to know about the peers in the swarm.

 Share ratio : This is ratio of amount of a file downloaded to that of uploaded. A ratio of 1 means that one has uploaded the same amount of a file that has been downloaded. Distributed copies : Sometimes the peers in a swarm will collectively have a complete file. Such copies are called distributed copies. Choked : It is a state of an uploader where he does not want to send anything on his link. In such cases, the connection is said to be choked. Interested : This is the state of a downloader which suggests that the other end has some pieces that the downloader wants. Then the downloader is said to be interested in the other end. Snubbed : If the client has not received anything after a certain period, it marks a connection as snubbed, in that the peer on the other end has chosen not to send in a while. Optimistic unchoking : Periodically, the client shakes up the list of uploaders and tries sending on different connections that were previously choked, and choking the connections it was just using. This is called optimistic unchoking.

5. Architecture of BitTorrent
The BitTorrent protocol can be split into the following five main components Metainfo File - a file which contains all details necessary for the protocol to operate. Tracker - A server which helps to manage the BitTorrent protocol. Peers - Users exchanging data via the BitTorrent protocol. Data - The files being transferred across the protocol. Client - The program which sits on a peers computer and implements the protocol

5.1 Metainfo File

- This file is specific to the data they are publishing, and contains all the information about a torrent, such as the data to be included, and IP address of the tracker to connect to.
- Every metainfo file must contain the following information,

 info: A dictionary which describes the file(s) of the torrent. Either for the single file, or the directory structure for more files. Hashes for every data piece, in SHA 1 format are stored here. announce: The announce URL of the tracker as a string The following are optional keys which can also be used: announce-list: Used to list backup trackers creation date: The creation time of the torrent by way of UNIX time stamp (integer seconds since 1-Jan-1970 00:00:00 UTC) comment: Any comments by the author created by: Name and Version of programme used to create the metainfo file

5.2 Tracker
- A tracker is used to manage users participating in a torrent (known as peers).It stored statistics about the torrent, but its main role is allow peers to 'find each other' and start communication.

- Peers know nothing of each other until a response is received from the tracker. Whenever a peer contacts the tracker, it reports which pieces of a file they have. That way, when another peer queries the tracker, it can provide a random list of peers who are participating in the torrent, and have the required piece. - The parameters accepted by the tracker are: info_hash: 20-byte SHA1 hash of the info key from the metainfo file. peer_id: 20-byte string used as a unique ID for the client. port: The port 316 number the client is listed on . uploaded: The total amount uploaded since the client sent the 'started' event to the tracker in base ten ASCII. downloaded: The total amount downloaded since the client sent the 'started' event to the tracker in base ten ASCII.

 tracker id: A string that the client should send back with its next announce.

complete: Number of peers with the complete file.

incomplete: number of non-seeding peers (leechers)

peers: A list of dictionaries including: peer id, IP and ports of all the peers.

5.3 Peers
- Peers are other users participating in a torrent, and have the partial file, or the complete file (known as a seed). - Pieces are requested from peers, but are not guaranteed to be sent, depending on the status of the peer.

6. Vulnerabilities of BitTorrent
6.1 Attacks on BitTorrent
-Pollution attack -DDOS attack -Bandwidth Shaping

6.1.1 Pollution attack

1. The peers receive the peer list from the tracker.
2. One peer contacts the attacker for a chunk of the file. 3. The attacker sends back a false chunk.

4. This false chunk will fail its hash and will be discarded.
5. Attacker requests all chunks from swarm and wastes their upload bandwidth.

6.1.2 DDOS attack

-DDOS stands for Distributed denial of service.
-This attack is possible because of the fact that BitTorrent Tracker has no mechanism for validating peers. -This means there is no way to trace the culprit in these kind of attacks.

- Also attacks of this stature are possible because of the modifications that can be done to the client software. 1. The attacker downloads a large number of torrent files from a web server. 2. The attacker parses the torrent files with a modified BitTorrent client and spoofs his IP address and port number with the victims as he announces he is joining the swarm. 3. As the tracker receives requests for a list of participating peers from other clients it sends the victims IP and port number. 4. The peers then attempt to connect to the victim 500 to try and download a chunk of the file.

6.1.3 Bandwidth Shaping

- Many ISPs dont encourage the use of BitTorrent from their users. - This is because BitTorrent is usually used to transfer large sized files due to which the traffic over the ISPs increase to a large extent. - To avoid such exploding traffic on their servers many ISPs have started to avoid the traffic caused by BitTorrent. This can be done by sniffing the packets that pass through and detecting whether they oblige BitTorrent protocol. - ISPs make use of filters to find out such packets and block them from passing their servers.

6.2 Solutions
6.2.1 Pollution attack
- The peers which perform such attacks are identified by tracing their IPs. Then, such

- IPs are blacklisted to avoid further communication with them. These blacklisted IPs are blocked by denying them connections with other peers.
- This is done by using software like Peer Guardian or moBlock, which download the list of blacklisted IPs from internet.

6.2.2 DDOS attack

- The main solution to this kind of attack is to have clients parse the response from the tracker. In the case where a host (tracker) does not respond to a peers request with a valid BitTorrent protocol message it should be inferred that this host is not running BitTorrent.
- The peer should then exclude hat address from its tracker list, or set a high retry interval for that specific tracker. Another fix would be for web sites hosting torrents to check and report whether all trackers are active, or even remove the on-responding trackers from the tracker list in the torrent. Another measure could be to restrict the size of the tracker list to reduce the effectiveness of such an attack.

6.2.3 Bandwidth Shaping

- There are broadly two approaches followed to counter this type of attacks.
-The first method is to encrypt the packets sent by the means of BitTorrent protocol. By doing this, the filters that sniff packets will not be able to detect such packets belonging to BitTorrent protocol. This means that the filters are fooled by the encrypted packets and thus packets can sneak through such filters.

- Another approach is to make use of tunnels. Tunnels are dedicated paths where the filters are avoided by using VPN software which connects to the unfiltered networks. This results in successfully bypassing the filters and thus the packets are guaranteed to be transmitted across networks.

Thank you .