Wikipedia

BitTorrent protocol encryption: Difference between revisions

Browse history interactively
← Previous edit
Content deleted Content added
VisualWikitext
m copyedit
Bender the Bot (talk | contribs)
Bots
1,064,377 edits
m HTTP to HTTPS for SourceForge
 
(4 intermediate revisions by one other user not shown)
Line 4:
 
==Purpose==
As of January 2005, BitTorrent traffic made up more than a third of total residential internet traffic,<ref>{{cite magazine|url=https://www.wired.com/wired/archive/13.01/bittorrent.html|title=The Bittorrent Effect|magazine=Wired|date=2007-05-30|access-date=2017-03-05|archive-date=2006-03-26|archive-url=https://web.archive.org/web/20060326210400/http://www.wired.com/wired/archive/13.01/bittorrent.html|url-status=live}}</ref> although this dropped to less than 20% as of 2009.<ref>{{cite web|url=http://www.sandvine.com/downloads/documents/2009%20Global%20Broadband%20Phenomena%20-%20Executive%20Summary.pdf|title=2009 Global Broadband Phenomena|publisher=Sandvine.com|date=2009-11-16|url-status=dead|archiveurl=https://web.archive.org/web/20091122162729/http://www.sandvine.com/downloads/documents/2009%20Global%20Broadband%20Phenomena%20-%20Executive%20Summary.pdf|archivedate=2009-11-22|df=}}</ref> Some ISPs deal with this traffic by increasing their capacity whilst others use specialised systems to slow peer-to-peer traffic to cut costs. Obfuscation and encryption make traffic harder to detect and therefore harder to throttle. These systems were designed initially to provide [[anonymity]] or [[confidentiality]], but became required in countries where [[Internet Service Providers]] were granted the power to throttle BitTorrent users and even ban those they believed were guilty of illegal file sharing.
 
==History==
Line 12:
 
===Development of MSE/PE===
In late January 2006 the developers of [[Vuze]] (then known as Azureus) decided to design and simultaneously implement a new, open protocol obfuscation method, called message stream encryption (MSE). It was included in Azureus CVS snapshot 2307-B29 on 19 January 2006.<ref>{{cite web|url=httphttps://sourceforge.net/mailarchive/forum.php?thread_name=200601200753.k0K7rYp0016440%40aelitis.com&forum_name=azureus-commitlog|title=[Azureus-commitlog] CVS Snapshot Azureus2307-B29.jar has been released !|publisher=Sourceforge.net|date=2006-01-19|access-date=2013-04-08|archive-date=2019-09-24|archive-url=https://web.archive.org/web/20190924171204/https://sourceforge.net/p/azureus/mailman/azureus-commitlog/thread/200601200753.k0K7rYp0016440@aelitis.com/|url-status=live}}</ref>
 
This first draft was heavily criticized since it lacked several key features. After negotiations between different BitTorrent developers, a new proposal was written and then implemented into the [[Vuze|Azureus]] and [[μTorrent]] betas within days. In μTorrent, the new protocol was called protocol encryption (PE).
Line 26:
* [[rTorrent]] supports MSE/PE as of rTorrent-0.7.0.<ref>{{cite web |url=http://rakshasa.no/pipermail/libtorrent-devel/2006-December/000982.html |title=[Libtorrent-devel] LibTorrent 0.11.0 and rTorrent 0.7.0 released |publisher=Rakshasa.no mail archive |date=2006-12-13 |access-date=2007-06-10 |archive-url=https://web.archive.org/web/20070502055625/http://rakshasa.no/pipermail/libtorrent-devel/2006-December/000982.html |archive-date=2007-05-02 |url-status=dead }}</ref>
* [[Transmission (BitTorrent client)|Transmission]] supports MSE/PE as of Transmission-0.90.<ref>{{cite web|url=http://transmission.m0k.org/forum/viewtopic.php?t=2631|title=Transmission 0.90 Released! |publisher=Transmission.m0k.org forum|date=2007-10-24|archive-url=https://web.archive.org/web/20071027022525/http://transmission.m0k.org/forum/viewtopic.php?t=2631|archive-date=2007-10-27}}</ref>
* [[Vuze]] (formerly Azureus) supports the final spec since 25 January 2006 (CVS snapshot 2307-B33).<ref>{{cite web|url=httphttps://sourceforge.net/mailarchive/forum.php?thread_name=200601252228.k0PMSnp0024117%40aelitis.com&forum_name=azureus-commitlog|title=[Azureus-commitlog] CVS Snapshot Azureus2307-B33.jar has been released !|publisher=Sourceforge.net|date=2006-01-25|access-date=2013-04-08|archive-date=2019-09-24|archive-url=https://web.archive.org/web/20190924171211/https://sourceforge.net/p/azureus/mailman/azureus-commitlog/thread/200601252228.k0PMSnp0024117@aelitis.com/|url-status=live}}</ref> Azureus version 2.4.0.0 was released 10 February 2006, and was the first stable version of a client to support MSE/PE. However, glitches in Azureus' implementation resulted in improperly encrypted pieces that failed hash checking. The glitches were rectified as of version 2.4.0.2.<ref>{{cite web|url=http://azureus.sourceforge.net/changelog.php?version=2.4.0.2|title=Azureus : Java BitTorrent Client - Changelog|publisher=Azureus.sourceforge.net|access-date=2006-03-20|archive-date=2006-03-20|archive-url=https://web.archive.org/web/20060320195041/http://azureus.sourceforge.net/changelog.php?version=2.4.0.2|url-status=live}}</ref>
* [[μTorrent]] premiered MSE/PE 4 days after Azureus with beta 1.4.1 build 407.<ref>{{cite web|url=http://forum.utorrent.com/viewtopic.php?id=5384|title=μTorrent 1.4.2 beta 435|publisher=uTorrent Announcements|date=2006-01-29|url-status=dead|archive-url=https://web.archive.org/web/20060514085453/http://forum.utorrent.com/viewtopic.php?id=5384|archive-date=2006-05-14}}</ref> μTorrent version 1.5 (build 436) was released on 7 March 2006; it was the first stable version of μTorrent with PE.<ref>[http://forum.utorrent.com/viewtopic.php?id=7199 "μTorrent 1.5 released"] {{webarchive|url=https://web.archive.org/web/20130529090641/http://forum.utorrent.com/viewtopic.php?id=7199 |date=2013-05-29 }}. uTorrent Announcements. 2006-03-07.</ref>
 
Line 46:
 
Analysis of the BitTorrent protocol encryption (a.k.a. MSE) has shown that statistical measurements of packet sizes and packet directions of the first 100 packets in a TCP session can be used to identify the obfuscated protocol with over 96% accuracy.<ref name="breaking">{{cite journal |url=http://www.iis.se/docs/hjelmvik_breaking.pdf |title=Breaking and Improving Protocol Obfuscation |last1=Hjelmvik |first1=Erik |last2=John |first2=Wolfgang |journal=Technical Report |date=2010-07-27 |publisher=Department of Computer Science and Engineering, [[Chalmers University of Technology]] |issn=1652-926X |access-date=2010-08-17 |archive-date=2020-11-11 |archive-url=https://web.archive.org/web/20201111154419/https://internetstiftelsen.se/docs/hjelmvik_breaking.pdf |url-status=live }}</ref>
 
The [[Sandvine]] application uses a different approach to disrupt BitTorrent traffic by making seeding impossible. Sandvine intercepts peer-to-tracker communication to identify peers based on the IP address and port numbers in the peer list returned from the tracker. When Sandvine later sees connections to peers in the intercepted peer lists, it may (according to policy) break these connections by sending counterfeit TCP resets.<ref name=weaver2009/> Various solutions exist to protect against Sandvine's attack including encrypting both peer-to-tracker and peer-to-peer communication, using Microsoft's [[Teredo tunneling|Teredo]] so that TCP connections are tunneled within UDP packets, filtering TCP resets before they reach the TCP layer in the end-host, or switching entirely from a TCP-based transport to a UDP-based transport. Each solution has its trade-offs. Filtering out TCP resets typically requires kernel access, and the participation of the remote peer since Sandvine sends the reset packet to the local and remote peers.
 
==Criticism==
Line 55 ⟶ 57:
 
==References==
{{reflist|colwidth=30em}}|refs=
 
<ref name=weaver2009>{{cite conference
|url=https://www.ndss-symposium.org/wp-content/uploads/2017/09/weav.pdf
|date=9 Feb 2009
|title=Detecting Forged TCP Reset Packets
|author1=Nicholas Weaver|author2=R. Sommer|author3=Vern Paxson
|conference=NDSS Symposium 2009
}}</ref>
 
}}
 
==External links==
Retrieved from "https://en.wikipedia.org/wiki/BitTorrent_protocol_encryption"