Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Researchers Outline Targeted Content Poisoning For P2P Data

timothy posted more than 5 years ago | from the subscribe-to-your-shackles dept.

Security 201

Diomidis Spinellis writes "Two USC researchers published a paper in the prestigious IEEE Transactions on Computers that describes a technique for p2p content poisoning targeted exclusively at detected copyright violators. Using identity-based signatures and time-stamped tokens they report a 99.9 percent prevention rate in Gnutella, KaZaA, and Freenet and a 85-98 percent prevention rate on eMule, eDonkey, and Morpheus. Poison-resilient networks based on the BitTorrent protocol are not affected. Also the system can't protect small files, like a single-song MP3. Although the authors don't say so explicitly, my understanding is that the scheme is only useful on commercial p2p distribution systems that adopt the proposed protocol."

Sorry! There are no comments related to the filter you selected.

This needs to be fought (1, Insightful)

Anonymous Coward | more than 5 years ago | (#28803079)

We need to fight against this kind of tyranny. Make sure to keep ourselves armed with the latest knowledge on how to defeat and subvert these 'poisons'. These corporate moneymongers are sad that they can only buy 3 boats this year instead of two, while we are stuck paying $25 for a CD. The system of money is an ancient and outdated system that needs replaced with a resource based economy anyway, and P2P is a good step in the right direction.

3 is less than 2 (0)

Anonymous Coward | more than 5 years ago | (#28803095)

ur funny

Yeah? Well... (-1, Flamebait)

Anonymous Coward | more than 5 years ago | (#28803199)

you're a smelly nigger

Re:This needs to be fought (0)

Anonymous Coward | more than 5 years ago | (#28803163)

The issue is not 'information wants to be free' ... the issue is 'information is free, deal with it'... I agree with you. Money has been with us for far too long, it's time for a new way in which all that can be free, remains free. From each according to his ability, to each according to his need is the way of the future, and attempts to deny this simple mechanical law of nature will only result in even more suffering for us.

Re:This needs to be fought (4, Funny)

ravenshrike (808508) | more than 5 years ago | (#28803399)

'mechanical law of nature'

I don't think that phrase means what you think it means.

Re:This needs to be fought (1, Funny)

Anonymous Coward | more than 5 years ago | (#28804285)

No one cares what you think.

Re:This needs to be fought (2, Funny)

Freetardo Jones (1574733) | more than 5 years ago | (#28803339)

These corporate moneymongers are sad that they can only buy 3 boats this year instead of two

lolwut? Why would someone be sad that they could afford more boat than they originally expected?

Re:This needs to be fought (1)

Achromatic1978 (916097) | more than 5 years ago | (#28803529)

Maybe if they'd promised their wife and two mistresses a boat each, and one for themselves, thus expecting four boats?

Adopting the proposed protocol? (0)

Anonymous Coward | more than 5 years ago | (#28803083)

Yeah good luck with that.

Re:Adopting the proposed protocol? (4, Insightful)

Joce640k (829181) | more than 5 years ago | (#28803869)

They already tried this about five years ago with poisoned servers. What happened? The Kad search mechanism was adopted and the servers were useless.

The same thing will happen here, the protocol will change, the poisoners will have wasted a lot of money and achieved nothing.
 

Researcher is the wrong word. (5, Insightful)

Darkness404 (1287218) | more than 5 years ago | (#28803091)

I'm not exactly sure "researcher" is the right word here. From the paper

Abstract: Today's peer-to-peer (P2P) networks are grossly abused by Illegal distributions of music, games, video streams, and popular software. These abuses have resulted in heavy financial loss in media and content industry. Collusive piracy is the main source of intellectual property violations within the boundary of P2P networks. This problem is resulted from paid clients (colluders) illegally sharing copyrighted content files with unpaid clients (pirates). Such an on-line piracy has hindered the use of open P2P networks for commercial content delivery. We propose a proactive poisoning scheme to stop colluders and pirates from working together in alleged copyright infringements in P2P file sharing. The basic idea is to detect pirates with identity- based signatures and time-stamped tokens. Then we stop collusive piracy without hurting legitimate P2P clients. We developed a new peer authorization protocol (PAP) to distinguish pirates from legitimate clients. Detected pirates will receive poisoned chunks in repeated attempts. A reputation-based mechanism is developed to detect colluders. The system does not slow down legal download from paid clients. The pirates are severely penalized with no chance to download successfully in finite time. Based on simulation results, we find 99.9% success rate in preventing piracy on file-level hashing networks like Gnutella, KaZaA,Area, LimeWire, etc. Our protection scheme achieved 85-98% prevention rate on part-level hashing networks like eMuel, Shareaz, eDonkey, Morpheus, etc. Our new scheme enables P2P technology for building a new generation of content delivery networks (CDNs). These P2P-based CDNs provide faster delivery speed, higher content availability, and cost-effectiveness than using conventional CDNs built with huge network of surrogate servers.

This isn't unbiased in the least. Sure, arguably it is "research" but calling them researchers from an university makes them seem neutral at best.

Re:Researcher is the wrong word. (5, Insightful)

s-whs (959229) | more than 5 years ago | (#28803147)

] Researcher is the wrong word.

I was thinking the same thing. But not necessarily based on them being biased, but for this: Why would anyone want to 'research' this? I can understand making a protocol resilient to poisoning (same as making a computer resilient to virus attacks, there will always be a-holes trying to mess things up wether legal or illegal), or making it faster, adding some nifty features perhaps. But poisoning to prevent illegal sharing with the pathetic argument that this hinders commercial distribution? What kind of a researcher is that? A RIAA paid one I'd guess. Possibly as valuable as those 'researchers' for tobacco companies who said there was no health problem with smoking.

Re:Researcher is the wrong word. (5, Insightful)

Darkness404 (1287218) | more than 5 years ago | (#28803161)

Exactly, I was reading into the article thinking it would be presented as a vulnerability or proof of concept that could be exploited by the RIAA, not that the entire thing seemed to be written especially for the RIAA.

Re:Researcher is the wrong word. (1, Insightful)

Anonymous Coward | more than 5 years ago | (#28803563)

How much are they charging for the research details? Is the RIAA willing to buy out this information? If its from a university then someone is looking for grant money.

Re:Researcher is the wrong word. (1)

Jurily (900488) | more than 5 years ago | (#28803933)

How much are they charging for the research details? Is the RIAA willing to buy out this information? If its from a university then someone is looking for grant money.

I, for one, welcome our new RIAA-cheating overlords.

Re:Researcher is the wrong word. (4, Insightful)

siloko (1133863) | more than 5 years ago | (#28803903)

Researchers find a topic that interests them and follow through on some hunch. When they have found out something potentially publishable (the meat and potatoes of a researchers career) they big it up. This abstract reads exactly like that - "we did some work and this is why it's the most important work in the world" - the fact that the spiel coincides with the RIAA party line is probably coincidence.

Re:Researcher is the wrong word. (3, Insightful)

Kuroji (990107) | more than 5 years ago | (#28803329)

Well, here's the thing: by having this information out in the open, people can look at how it's done and look at the protocols they use, and find out whether such vulnerabilities could exist. Sure, it might not help anyone right now if they're vulnerable, but it does mean that the protocols that people use in the future are a lot less likely to have such weaknesses that allow for data corruption.

Copyright or not, when you have the ability to corrupt data on a whim, the network is quickly rendered useless.

Re:Researcher is the wrong word. (3, Insightful)

Darkness404 (1287218) | more than 5 years ago | (#28803351)

But it wasn't presented like that though. It would be one thing if it was "Hey, your network can be exploited if you do this, this and this" but instead its "Your network can be exploited by this, this and this, because of this you can do -insert illegal stuff- to get revenge on those evil filesharers". I mean, seriously the stuff you read in 2600 about exploiting things to make a profit seem to have less bias than this. At least a bunch of those articles say "please only use this for information".

Re:Researcher is the wrong word. (2, Insightful)

ZosX (517789) | more than 5 years ago | (#28803469)

Aren't there laws against DOS attacks? If you jammed the RIAA's network you would surely go to jail if caught. They should leave the law enforcement to the police. Its too bad nobody can seem to get them on racketeering. They extort millions (heh, literally apparently) from the american public and at the same time have not paid millions of dollars owed to the artists that they supposedly represent.

Re:Researcher is the wrong word. (2, Insightful)

Darkness404 (1287218) | more than 5 years ago | (#28803479)

Yes, and the RIAA doesn't seem to care. Just look at how they used MediaDefender ( http://en.wikipedia.org/wiki/MediaDefender [wikipedia.org] ).

Re:Researcher is the wrong word. (1)

Anonymous Coward | more than 5 years ago | (#28803331)

moreover, they are from USC, not UCLA.

Re:Researcher is the wrong word. (-1, Offtopic)

yyww2008 (1604531) | more than 5 years ago | (#28803345)

Farming runescape money [myrsmoney.com] in runescape is boring, while you can buy cheap runescape money [myrsmoney.com] at rs2shopping now. Our 24/7 Live support make you get the cheap runescape gold [rs2happy.com] fast by face-to-face trade in runescape 2 wedding dresses. From now on buy cheap runescape gold [rs2happy.com] online & power up your runescape character to the next level.The low prices of runescape money [myrsmoney.com] are well worth the time if you make by yourself.Play runescape Smart & Buy runescape Gold at RS2Shopping!

Re:Researcher is the wrong word. (1)

Darkness404 (1287218) | more than 5 years ago | (#28803373)

Ok, even though this is terribly off topic I feel I have to say this, who the crap plays Runescape anyways? I mean, if your on /. try to at least sell us WoW gold or something, or some MMO people above age 8 actually play.... At least post AC whenever you spam totally irrelevant stuff. I mean it could be argued that the 3nl@rg3 y0ur p3n1s spam you get in your e-mail are more relevant because at least most /.ers actually have one of those....

Re:Researcher is the wrong word. (0)

Anonymous Coward | more than 5 years ago | (#28803615)

I've gotten dragged back into Runescape in the past month, though still as free-to-play. They've actually improved the free-to-play content quite a bit recently. Among the things they've done is limit the amount you can send or recieve in trades of unbalanced value, which hits gold sellers hard, without being a massive hindrance to the legit players.

Re:Researcher is the wrong word. (0)

Anonymous Coward | more than 5 years ago | (#28803375)

You might do better here peddling WoW gold......

Re:Researcher is the wrong word. (4, Funny)

cortesoft (1150075) | more than 5 years ago | (#28803497)

of COURSE they aren't real researchers. The summary writer mistakenly thought the study authors were from UCLA, which would mean they would have been some of the smartest, unbiased, amazing people in the world. However, they were actually from USC, meaning they were spoiled, unprofessional, RIAA lapdogs who also smell.

And yes I happened to go to UCLA, but that is besides the point.

Re:Researcher is the wrong word. (0)

Anonymous Coward | more than 5 years ago | (#28803831)

My best guess is that they did this "research" a while ago.. As most of the networks they clam they can attract are long dead. Limewire, emule are still around but both have extra anti-attract features added to them. Most people like my self run ip blocking software so any block of Ip's found to be actively attracting a network would be added to the block lists. I'll have to take the time to read there paper in detail as clients like emule, if they receive bad blocks from a client that client is automatically denied further pretisapation in the network.

Re:Researcher is the wrong word. (1)

Jurily (900488) | more than 5 years ago | (#28803921)

We developed a new peer authorization protocol (PAP) to distinguish pirates from legitimate clients. Detected pirates will receive poisoned chunks in repeated attempts. A reputation-based mechanism is developed to detect colluders. The system does not slow down legal download from paid clients. The pirates are severely penalized with no chance to download successfully in finite time.

Oh, this cracks me up. Did anyone notice notice how this doesn't mention bittorrent, which AFAIK makes up 90% of the possibly infringing content? Of course, anyone who's seen a torrent client in action knows that clients sending bad data are banned fast.

Now that I think about it, this "researcher" should rank high on the "Best ways to make money and improve your karma" list. He's obviously a better way to drain RIAA money than lawsuits :)

Re:Researcher is the wrong word. (0)

Anonymous Coward | more than 5 years ago | (#28804107)

Fuck the world, you're wrong, they're wrong, we're all wrong. Let's go get some ice cream! Steal from each other! Sure they over-charge, screw the artists over, and rip-off everyone in between, but what would Bono do?

Re:Researcher is the wrong word. (2, Insightful)

Odinlake (1057938) | more than 5 years ago | (#28804167)

... with no chance to download successfully in finite time.

That is mathematically speaking a pretty silly statement (as there obviously is some non-zero chance of obtaining each piece), moreover so considering the next sentence which says they had a 0.1% failure rate.

Re:Researcher is the wrong word. (3, Insightful)

hairyfeet (841228) | more than 5 years ago | (#28804431)

So in other words they just want to steal the P2P networks from those that actually built up the things and turn it into an iTunes store, only one where the cheap bastards won't even have to pay for bandwidth. Nice. Just when I thought they couldn't be even more piggish than they already are. It just goes to prove that just when you think they've scrapped the bottom of the barrel and can't actually go any lower, if you lift up the bottom of the barrel and continue digging, you can get even lower. Nice.

Meanwhile they rob from us and our kids by eliminating the public domain thanks to eternal copyrights, and screw you out of first sale with crap like DMCA and DRM, which they pay to have rammed up our butts with treasonous bribes. Very nice. These bunches are the only ones that can make CEOs at tobacco companies and South American drug lords not seem so scummy.

And for all the countries getting USA eternal copyrights forced down their throats? I'd like to say as an American I'm sorry, we didn't actually want that crap either, but we only have a two party system and both sides have sold out because all our politicians are whores to big business. Maybe you'll have better luck dealing with the multinational cartels than we did.

Actually (4, Interesting)

Renraku (518261) | more than 5 years ago | (#28803101)

Actually, poisoning P2P networks as a commercial venture could be prosecuted as theft-by-deception.

Stealing bandwidth is a crime. Downloading songs isn't, if you aren't profiting form it.

Re:Actually (0)

Anonymous Coward | more than 5 years ago | (#28803211)

If stealing bandwidth is a crime then most P2P users are liable because they're downloading/uploading horribly tagged tracks at only 128kbps. How exactly are you going to take a commercial entity to court over poisoning a P2P network? "Your honor, this company kept me from carrying out copyright infringement!"

Fucking entitlement generation.

Re:Actually (1, Redundant)

nhytefall (1415959) | more than 5 years ago | (#28803609)

Fucking entitlement generation.

Amen.

Re:Actually (0)

Anonymous Coward | more than 5 years ago | (#28803321)

Yeah, because any court of law is really going to seriously listen to a cause from a copyright infringer whining about having his pirated downloads from a P2P network poisoned.

Downloading songs isn't, if you aren't profiting form it.

First of all there is no requirement that you be profiting from copyright infringement for you to have broken the law. And secondly, how exactly would one make a profit from downloading a song?

Re:Actually (1)

bertoelcon (1557907) | more than 5 years ago | (#28803389)

And secondly, how exactly would one make a profit from downloading a song?

Resale of something you got free, ie. radio-copied mixtapes, bootleg cd/dvds, hosting files on a private pay access ftp, etc.

Re:Actually (0)

Anonymous Coward | more than 5 years ago | (#28803439)

Resale of something you got free, ie. radio-copied mixtapes, bootleg cd/dvds, hosting files on a private pay access ftp, etc.

But that would be making money from reselling it or streaming it not from the act of downloading the song itself.

Re:Actually (2, Insightful)

1u3hr (530656) | more than 5 years ago | (#28803747)

And secondly, how exactly would one make a profit from downloading a song?
Resale of something you got free, ie. radio-copied mixtapes, bootleg cd/dvds, hosting files on a private pay access ftp, etc.

Yeah, there are HUGE profits from selling radio copied mix tapes. (Especially if you use the new 8-track format.)

Really, these are things you literally couldn't give away. Anyone who wants these and isn't fussed about copyright has no problem downloading it himself, or swapping with a friend.

Re:Actually (1)

TheLink (130905) | more than 5 years ago | (#28803797)

That's no longer downloading though.

That's distribution.

Re:Actually (1)

houstonbofh (602064) | more than 5 years ago | (#28803749)

First of all there is no requirement that you be profiting from copyright infringement for you to have broken the law. And secondly, how exactly would one make a profit from downloading a song?

This may surprise you, but the law is not the same in every country. In spite of industry attempts...

Re:Actually (1)

timmarhy (659436) | more than 5 years ago | (#28803437)

so those big warnings on every dvd i've ever rented that state copying this dvd is a federal office are lieing? fyi, i know slashdotters never RTFA but you take the cake for not even reading the summary - this doesn't work on small files like songs..

Re:Actually (1)

cboslin (1532787) | more than 5 years ago | (#28803637)

Stealing bandwidth is a crime.

Tell my Cable ISP please. They advertise up to 6Mbps and throttle me back to as low as 4 Kbps. I do see 20 - 30 Kbps regularly, but never more than 100Kbps downstream consistently, yes downstream, except in bursts of 1 sec. I do see bursts of 1 sec up to 1 Mbps, occasionally 1.5Mbps and rarely up to 3 Mbps, but NEVER above 3.5 Mbps, and always for only a second or less at a time, per my DD-WRT logs and bandwidth monitoring.

If its a crime, why are we Americans not bringing a class action lawsuit, as even the FCC states a 768Kbps definition of Hispeed Internet, though they still list 200Kbps - 6 Mbps as the definition in other places.

And Japan has had 100Mbps/100Mbps for $55 per month since 2000, and since 2006 are getting 1Gbps / 1Gbps for Tell my Cable ISP please.

Copyright violators (4, Insightful)

wigaloo (897600) | more than 5 years ago | (#28803127)

Two UCLA researchers published a paper in the prestigious IEEE Transactions on Computers that describes a technique for p2p content poisoning targeted exclusively at detected copyright violators.

What's to prevent poisoning legal p2p? There are plenty of examples of copyrights being inappropriately asserted. The technology itself doesn't discriminate.

Re:Copyright violators (2, Funny)

Darkness404 (1287218) | more than 5 years ago | (#28803441)

Exactly, just go to YouTube and you will see the DMCA abused left and right. (Well, and if you read the comments page you will find the rules of spelling, rules of actually saying something along with the rules of grammar and common sense to be abused too....)

Re:Copyright violators (2, Informative)

TechForensics (944258) | more than 5 years ago | (#28804137)

What's to prevent poisoning legal p2p? There are plenty of examples of copyrights being inappropriately asserted. The technology itself doesn't discriminate.

The article says the method works only on P2P networks that have adopted the authors' proprietary PAP protocol. That's not likely to be many of them.

The dawn of a new age (5, Insightful)

mewsenews (251487) | more than 5 years ago | (#28803139)

Humans had discovered methods to speedily and automatically transmit mountainous volumes of data. It was a new frontier, a utopia where information was shared peacefully between the people who wanted to see it. And what was its downfall? Not the anarchists, or the communists, or the Islamic fundamentalists, but the so called leaders of the free world.

"We had to do it," they said, "there is such a thing as too much freedom."

Re:The dawn of a new age (2, Insightful)

basementman (1475159) | more than 5 years ago | (#28803371)

Get over yourself, the method doesn't do shit to bittorrent, the most popular p2p format so it's basically useless. If anything this will just get idiots off limewire into onto a decent network.

Re:The dawn of a new age (1)

Vectronic (1221470) | more than 5 years ago | (#28803881)

Although I agree (about LimeWire, KaZaA, etc)... the only reason this isn't happening to BitTorrent, is because they haven't figured out how yet, not because they think it's some infallible, untouchable, system nor that they think everyone should be using it instead of the others.

Re:The dawn of a new age (1)

jnnnnn (1079877) | more than 5 years ago | (#28803391)

That was a very moving post.

So everyone should just use BitTorrent. (0)

Anonymous Coward | more than 5 years ago | (#28803143)

If all of the other p2p applications and protocols are vulnerable, as described by this research paper, then to me that gives direction to all pirates about what software they should use.

The other outcome likely is that the other applications/protocols will be improved to prevent such attacks.

This is a very nice and free security vulnerability analysis!

Re:So everyone should just use BitTorrent. (1)

Aklyon (1398879) | more than 5 years ago | (#28803173)

This is a very nice and free security vulnerability analysis!

how nice of them!

Re:So everyone should just use BitTorrent. (2, Insightful)

v1 (525388) | more than 5 years ago | (#28803243)

Poison-resilient networks based on the BitTorrent protocol are not affected.

So, the most effective method of P2P is the one that's immune. Really, Edonkey? who uses that? Find yourself a good private BT tracker and be done with it. There are many to choose from. Not only are they immune to content filtering, but due to ratio requirements and the possibility of getting banned if you misidentify content you upload, they're immune to content poisoning as well as data poisoning and have pretty much guaranteed high speed across the board.

Ratios for overseeded torrents? (1)

tepples (727027) | more than 5 years ago | (#28803297)

Not only are [private BitTorrent trackers] immune to content filtering, but due to ratio requirements and the possibility of getting banned if you misidentify content you upload, they're immune to content poisoning as well as data poisoning and have pretty much guaranteed high speed across the board.

But the sum of share ratios can never exceed 100%. Say I download a file and then leave my client seeding for a week, but almost nobody downloads the file from me because the torrent has a total of three downloaders getting pieces from about 100 other seeds. How do I get to even 90%? Or how strictly does a typical private tracker enforce ratios for older, overseeded torrents?

Re:Ratios for overseeded torrents? (4, Informative)

Bigjeff5 (1143585) | more than 5 years ago | (#28803525)

Have you ever actually used a bittorent client before?

There is no such thing as an overseeded torrent. There are underseeded torrents, and those are frustrating, but there is no such thing as an overseeded torrent. The general idea with upload ratio requirements is that it encourages you to never stop seeding a torrent. If 100 people are seeding and only 3 are downloading, those three get the file extremely fast, and your bandwidth isn't taxed. If you download enough content that you are on a private tracker, then you should have a number of torrents to share. If you aren't downloading all that much, then it will be easy to keep a 100%+ share ratio. If you ARE downloading a lot, you should still be in the 50% range, and eventually you will hit critical mass and the ammount you download won't be able to keep up with the amount you upload.

It's good for everybody. Plus, if a private tracker has a very high seed rate, chances are the required share ratio will be lowered. It creates a win-win situation.

Remember, no such thing as an overseeded torrent. If you download a lot, you WILL share a lot. If you keep sharing after you download, you will soon be sharing more than you download. People move on, quit sharing, lose their computers, etc.

Your share ratio math ignores a lot of things that reduce the amount of data on the network which occur all the time. It's actually pretty easy to exceed 100% share ratios for everybody on the network. If you can't see how it's because you've locked yourself in a tiny box and completely ignored outside factors which remove data and introduce data without affecting increasing the amount of data a person can download. Whenever someone adds a new download to the tracker, the potential share ratio for everyone in the network increases. Whenever a new member joins, the potential share ratio for everyone on the network increases. Eventually it balances out to 100%, but the network is ever changing so it never actually gets there.

Re:Ratios for overseeded torrents? (1)

Freetardo Jones (1574733) | more than 5 years ago | (#28803661)

Or how strictly does a typical private tracker enforce ratios for older, overseeded torrents?

Private trackers enforce a ratio for your cumulative downloads and uploads not on a individual torrent basis.

Wow (3, Funny)

taucross (1330311) | more than 5 years ago | (#28803209)

Poisoning the well. What an insightful revelation. Surely it's never been done before, maybe they should throw a patent on it.

Toy Story quote (1)

bertoelcon (1557907) | more than 5 years ago | (#28803429)

Somebody's poisoned the water hole!

Nothing to do with piracy (0)

Anonymous Coward | more than 5 years ago | (#28803223)

What does this even have to do with piracy? The "researchers" have found a way for a third party to break p2p software when used for its intended purpose. Whatever your motivation is for that, it's a bug in the software, not a feature.

UCLA?! It's USC! (1)

eudean (966608) | more than 5 years ago | (#28803233)

The bios at the end of the paper clearly state that both the Ph.D. student and the professor are from USC, not UCLA.

Two "researchers"? (1)

macraig (621737) | more than 5 years ago | (#28803245)

They sound more like wannabe whores to me. How is this blatant soul-selling behavior legal and prostitution is not?

Re:Two "researchers"? (0)

Anonymous Coward | more than 5 years ago | (#28803333)

And seriously, may I be the first to say:
*COUGH*PROXY*COUGH*

Re:Two "researchers"? (1)

macraig (621737) | more than 5 years ago | (#28803381)

No, you may not! Didn't your momma ever teach you not to proxy^H^H^H^H^Hcough in public?

Freenet is gnutella? (3, Interesting)

Anonymous Coward | more than 5 years ago | (#28803247)

I was curious as to how they were poisoning Freenet, which should be robust against this with its Forward Error Correcting.

According to the paper, Freenet falls under the category of the "Gnutella family" (p.2). The Freenet Project that I know is in no way related to Gnutella.

Are they referring to a different file sharing program by the name of Freenet, or is this statement of theirs just plain inaccurate?

Freenet (4, Interesting)

evanbd (210358) | more than 5 years ago | (#28803249)

The paper won't download here, so I'm asking without RTFA, but how can this work against Freenet [freenetproject.org] ? Do they discuss Freenet in the paper at all? Freenet does chunk-level hashing, and the network enforces that the data matches the hash at all steps. Nodes returning invalid data will rapidly get dropped by their peers. Attacks like this are something that Freenet is explicitly designed to prevent. Also, the anonymity guarantees that Freenet makes would make it hard (potentially very hard) for them to identify a single user, let alone "collusion".

I'm forced to wonder whether the researchers mention Freenet at all, or if the poster is simply lumping Freenet in with other p2p apps that it has very little in common with. (Bittorrent and Freenet should be similar in some ways to their resistance against this attack, but Freenet's strong anonymity guarantees should make it more resistant. The fact that a node engaged in widespread poisoning will have trouble even staying connected makes Freenet even more resistant.)

Re:Freenet (4, Insightful)

Anonymous Coward | more than 5 years ago | (#28803283)

They lump Freenet into the category of "Gnutella-like networks", and say that their attack against gnutella should also work against Freenet since it is Gnutella-like (p.2 and p.12).

In other words, it is as you said, they are lumping it together with other networks.

It makes me question the quality of their research if they think that Freenet is so similar to Gnutella that the same class of attacks would work against both.

Re:Freenet (4, Interesting)

calmofthestorm (1344385) | more than 5 years ago | (#28803517)

This is utterly absurd. The verification on freenet is based on asymmetric crypto. If they haven't broken that, the most they can do is flood the network with corrupt chunks, in which case the software will just start dropping peers who send too many corrupt packets at too high a rate. Translation: you need # of bad guys >> # of good guys to have much of an impact on network quality. And of course it's complete trash against a darknet, but I doubt these guys know what that is.

Given the subject matter, weasel words, and shoddy methodology, I'm about as worried about this as I am about the zombie communist terrorist invasion predicted for 2012.

Re:Freenet (1)

evanbd (210358) | more than 5 years ago | (#28803571)

Most of the data verification on Freenet is based on SHA256. There is a well supported mechanism for signed keys (SSKs), but those are almost always used to simply redirect to the hash-based keys that use SHA256. Signatures in Freenet are based on DSA (slightly different lengths than the standard specifies, but the math is identical).

Never confuse ignorance with determination (2, Insightful)

msimm (580077) | more than 5 years ago | (#28803709)

It's entirely possible that the authors do fundamentally believe in the rights of the copyright industry, but that doesn't mean they might not be frightfully ignorant of any number of closely related technologies.

In fact my experience has shown me that fundamentalists tend to be the most narrowly focused people I meet (whatever their beliefs).

Cuckoo eggs (1)

tepples (727027) | more than 5 years ago | (#28803305)

the network enforces that the data matches the hash at all steps.

But what enforces that the hash matches the title, as opposed to a cuckoo egg [hand-2-mouth.com] ?

Re:Cuckoo eggs (0)

Anonymous Coward | more than 5 years ago | (#28803361)

Most file sharing on Freenet is done through Frost or FMS, both of which are message board software.

It would be pretty easy to detect the fake files, as the users would call it out. On FMS, you can even mark users who supply fakes as untrusted. By rating other people's trust lists, and publishing your own, you form a "web of trust". This was intended to be used against spammers, but would also work well against "Cuckoo eggs".

Re:Cuckoo eggs (1)

evanbd (210358) | more than 5 years ago | (#28803597)

Nothing -- that's a key distribution problem. There are various people working on the general spam problem for Freenet through web of trust type solutions. Those would extend to cuckoo egg type spam as easily as any other spam. Get your keys and your torrents from someone trustworthy. Right now, that's done by message board apps, and people could easily post complaints about or verification of a specific file.

Can't download it? (0)

Anonymous Coward | more than 5 years ago | (#28803343)

Re:Freenet (3, Insightful)

MikShapi (681808) | more than 5 years ago | (#28803711)

Freenet is a hard target. Arguably, the hardest of them all today. It's also the least popular.

The studios are playing a money game. Bang for buck. They want maximal deterrence for minimal spend.

Much like virus-writers aim viruses at the highest targets on the "adoption-by-the-masses"/"soft-bellyness" index, RIAA go-getem's do the same thing.

FastTrack - high adoption, soft belly.
Torrent - high adoption, not-so-soft... and segregated into lots of independent share-specific networks.
Freenet - low adoption, practically impossible to break.

It's a no-brainer. They've got no reason to go for the last. They may be greedy scum, but they're not that stupid with their money. Freenet would need to be adopted by the masses and get a ridiculous amount of media exposure to even pop up on their radar. Their goal is not to technically "stop filesharing" altogether, they realize that's a waste of money and effort. Their goal is to mitigate it by taking pot-shots at just the targets that are easy to break, and leave the harder ones alone (for now).

Being an informed geek, that actually makes me really happy. In a nutshell, It means we won.

Re:Freenet (1)

evanbd (210358) | more than 5 years ago | (#28803743)

Yep. Freenet and TOR are both quite good at what they do (though they solve very different problems). Unfortunately, Freenet has a small userbase (current estimates ~ 10k). I think it needs more applications that work on top of Freenet before it will see more than very slow growth. It would be very interesting to see enough Freenet adoption that people took notice. There's plenty of reason to think it's reasonably secure, but you just don't know until someone actually tries to attack it.

Re:Freenet (0)

Anonymous Coward | more than 5 years ago | (#28803871)

I have read the article (about an hour ago, I don't have it in front of me as I write).

As far as I can remember there was no mention of freenet at all, however the article does cover the effectiveness of the method against different P2P technologies in terms of the chunk verification features of the different P2P technologies, which may be relevant to how this would apply.

First point to note is that the article covers eMule, eDonkey, BitTorrent, Shareaza, Limewire, Azureus and some others calling them all 'networks'. I'm not sure this is appropriate, some of the names signify protocols to me, others signify client programs, and others possibly cover protocols which are only implemented in a single (presumably closed source proprietary) client. Designating a network with the name of a protocol which enables you to join it may be OK, I am not sure the same applies for clients (some of which may be multi-protocol).

Second point is that their approach is to propose extensions to existing protocols which add a permission-to join-and-share feature. They've grafted an extension of this kind onto one of each kind of the base protocols covered, and modelled how well the extension helped them to permit sanctioned sharing but prevent unsanctioned sharing. The applicability of the work appears to be to content delivery networks which attempt to reduce the cost of distribution of paid content by using peer-to-peer software running on customer CPUs to fulfil delivery of content. The applicablilty of their technology appears to require that all peers are running a client supporting their extension, so this is not relevant to poisoning of a community using an open protocol where multiple clients exist and are not all under proprietary control.

Their result appears to show that their poisoning technique works very well against P2P technologies which have to download a whole file before hash verification, fairly well against technolgoies which do hash verifiaction on large chunks, and not well at all against technologies (like BitTorrent) where hash verification is used for every downloaded chunk. On this basis the parent's description of freenet puts it in the class of protocols which would not be a good match for a proprietary CDN vendor would bring ito such a solution.

These "researchers" obviously arent Entourage fans (1)

Cur8or (1220818) | more than 5 years ago | (#28803255)

If they where, they would not be engaging in such pointless research. A little more Turtle and a little less Ari.

Who cares? (0, Troll)

Stickerboy (61554) | more than 5 years ago | (#28803275)

First, the *IAA went after the file-sharing services. "Oh no!" The geeks cried. "File-sharing services have their 2-5% legal uses, too. Why can't they go after the illegal usage?"

Next, the *IAA went after the individual copyright violators. "Oh no!" The geeks cried. "You're being mean! And sometimes the computer owner isn't the actual violator."

And now it seems the *IAA wants to increase the noise-to-signal ratio on P2P to raise the difficulty of illegally downloading copyrighted content. "Oh no!" now the geeks are crying (from the comments prior to mine). "It's harder to get my free shit." (literally)

Seriously, out of the three options presented, I would pick #3 any day of the week... I have no need of the latest trash from the next star of American Drooling Idiot, and it's the least punitive measure they've explored.

If you guys really cared about putting the *IAA out of business, you would stop buying AND downloading their products and encourage others to do the same. Their entire business cycle depends on hype and publicity, it doesn't matter HOW they get it.

"But... but... what about [insert favorite author/performer/director here]? I love their stuff!"

Fuck it. Get some priority, and figure out what's more important to you - your self-gratification or putting them out of business. Unfortunately, everyone, including the *IAA, already knows what the large majority of sheeple will pick.

Re:Who cares? (2, Insightful)

guruevi (827432) | more than 5 years ago | (#28803447)

Plenty of people already do it - heck even the musicians are starting to turn away from RIAA-backing labels. The RIAA however has found another way to keep their businesses alive: government bailouts. Just like GM, Ford, Chrysler and a host of other companies that couldn't cut it in the new world, they are now being funded by the government which just creates a law about who should pay for these old businesses. Who's paying for it now: the radio stations. The government has decided that the radio stations should pay the RIAA for songs they play. Over the years, the labels have paid DJ's to promote their music (payola), gotten free airtime etc. etc. and now they expect the radio stations to pay it all back. They already pushed the internet radio stations to pay more for the right to play any song, now they are pushing the am/fm radio stations to pay for the rights to play any song.

The RIAA has effectively become through lobbying a government agency. They are being allowed to tax anybody who plays or makes public any type of music in any type of way even if the musician or label is not signed with them.

Re:Who cares? (0)

timmarhy (659436) | more than 5 years ago | (#28803461)

dude you reek of yourself.

Re:Who cares? (1)

Stickerboy (61554) | more than 5 years ago | (#28803697)

>dude you reek of yourself.

I'm sorry, did I touch a nerve? Or are you one of those who rail against the *IAAs while rushing like a good little sheep to consume their products?*

*buying OR downloading

Re:Who cares? (0)

Anonymous Coward | more than 5 years ago | (#28803495)

First, note that I do not pirate anything.
Your argument is stupid. I also see people using it against people who don't like the iPhone store limits.
I will explain why:
1) File sharing services have many uses legally, your 2-5% is just bullshit that you made up to prove your point. I have played many legal freeware games that were only mirrored as torrents as the developers didn't want to/couldn't pay for hosting, torrents were a great solution for them. There are many other uses, definitely more than 2-5%, but no, I won't make up numbers.
2) There's nothing wrong with going after the owner of the computer, but you have to prove that they actually did it. I'm fine with people being punished for stealing songs, but $20 per song when you don't have proof that they actually did it (besides it being their computer) is stupid. Sure, a lot of them did it, and they should be punished. Get some evidence and a fair sentence.
3) Pick number 3? No. First off, they are proposing that they detect piracy automatically. I hope that anyone on slashdot would understand that this is not possible. Second, they want DRM things they don't even own. If they want to make their own service and DRM, fuck it, I won't use their service, but if they are trying to get DRM on other peoples crap, I have a problem.
4) You assume we buy/download stuff from the RIAA. I don't know why you assume this, I am aloud to complain that they are trying to fuck up my filesharing wether or not I own their stuff. Then you recommend that we boycott their stuff--then you explain that it won't work. So why recommend it? You just took your own point and nullified it.

In the end, your argument sounds smart and (usually) gets a good rating wherever it is applied, but it really doesn't make sense. All is not binary, you can like music enough to buy it and still have the right to complain that the RIAA is full of shit.

Translation: (1)

Snacktard (1604539) | more than 5 years ago | (#28803311)

Today UCLA researchers enrolled in the RIAA's Junior Achievers program proved that p2p networks Gnutella, KaZaA, Freenet, eMule, eDonkey, and Morpheus are, in fact, still in use. Researchers proceeded to take great joy and pride in kicking a dead horse. Unfortunately they were unable to have any effect on modern incarnations of artificial scarcity reduction technology.

Re:Translation: (1)

calmofthestorm (1344385) | more than 5 years ago | (#28803519)

And the rivers flowed green with grant money.

where's michael jackson's grave? (0)

Anonymous Coward | more than 5 years ago | (#28803457)

i'm wanna take a big shit on it.

Time the *$&*()^ out (2, Funny)

cortesoft (1150075) | more than 5 years ago | (#28803471)

These guys are from USC, not UCLA. As a UCLA graduate, I am extremely upset that anyone would make this mistake. USC students and professors are smelly, unclean, spoiled children who work for the RIAA. UCLA students and professors are the opposite.

Never, EVER, confuse us again.

Re:Time the *$&*()^ out (1)

w0mprat (1317953) | more than 5 years ago | (#28803583)

Hey I resemble that remark!

Yowzer (1)

sonicmerlin (1505111) | more than 5 years ago | (#28803613)

Even researchers should have basic ethics. Research like this can only harm society in the long run.

Poisoning is redundant, the content is poison (1)

syousef (465911) | more than 5 years ago | (#28803633)

...given the absolute rot most people are downloading on the networks. I mean honestly. What could be more poisonous than a Britney Spears song? I'd say let the downloaders have the content. Can't think of anything more poisonous.

Re:Poisoning is redundant, the content is poison (1)

gigabites2 (1484115) | more than 5 years ago | (#28803891)

You're right. Britney Spears' songs are definitely toxic [wikipedia.org] .

wrong end of the stick... (2, Insightful)

bukuman (1129741) | more than 5 years ago | (#28803641)

I read the summary as them finding a way to create a p2p network of 'customers' (clients who pay to be in your p2p network where you deliver paid content) and protecting yourself from the 'customers' who 'collude' (e.g. hacked client s/w?) with non paying client s/w to allow non paying customers to get the content. I don't think it's about subverting an existing network, it's about protecting a network from subversion. If so then the techniques could presumably be used for other purposes, poisoning surveillance perhaps.

Re:wrong end of the stick... (1)

pearl298 (1585049) | more than 5 years ago | (#28803955)

Problem is that this has already been tried for several years and no one has managed to make it work! Emule right now returns 4 bogus "search results" for any global search (not a KAD search!) for example.

How often do you think someone will be fooled by that or any reasonablee derivative.

kazaa=small BT=large (1)

fluffernutter (1411889) | more than 5 years ago | (#28803703)

People use Kazaa for large files? I thought Kazaa was for small files and bittorrent was for large ones. Now I'm confused.

Anonymous Coward (0)

Anonymous Coward | more than 5 years ago | (#28803765)

anyone who still uses Gnutella, KaZaA, Area, LimeWire, eMuel, Shareaz, eDonkey, or Morpheus deserves this. anyone who researches said p2p apps should have their computer taken away, for they shall never understand the internets.

Paper summary (5, Informative)

creidieki (110659) | more than 5 years ago | (#28803827)

As a comp sci grad student, here's what I got from a quick reading of this paper:

Imagine that you're a content provider, with paying users. You've decided to distribute content to your users by running a Gnutella-style network. How do we make sure that only paying users can get our content? After all, it's an open network.

We start by sending some sort of magic timestamp-thing to all of the paying users. I didn't read this part in much detail. Anyway, the paying users can all identify each other somehow. They mention that it maintains privacy.

Some of your paying users (the "Clients") are good, virtuous folk, and they're running the Happy Authorized Gnutella software you gave them. Others (the "Colluders") are running Evil Hacked software. No matter what you do, the Colluders are going to send chunks of your precious data to the "Pirates" (anyone who hasn't paid you).

Normally, we'd expect our Clients to ignore requests from our Pirates. This paper instead suggests: let's obligate the Clients to send poison data to the Pirates! The Pirates won't know which chunks are bad; they'll only find out that the file is corrupt once it's finished downloading. The Pirates won't be able to get a good copy, and they'll give up and go away.

And there's one other great thing: we can set up *fake* Pirates, and check which users aren't giving out the poison they're supposed to! So we've served data to all of the Clients; we've identified all of the Colluders; and we've defeated all of the Pirates.

(Bittorrent has data integrity checks for every chunk, instead of every file; that's why it's not vulnerable to this attack...I mean business model).

In summary: This paper describes a way that a company can charge for distributing their own content on a peer-to-peer network. It only works if they control a centralized "transaction server" thThat's why no one has ever at organizes the entire network, and if they control the software of all the "honest" people. They can't destroy our existing networks with it, and it doesn't prevent anyone from turning around and posting the file to BitTorrent once it's downloaded.

The tone of the paper is definitely not as neutral as I feel it should be. What they're trying to say is "there's no obvious way to charge people for running a Gnutella server, because pirates will eat your lunch. But we think we have a way." But it definitely feels like they're putting moral force behind what's really a network algorithms result.

Re:Paper summary (1)

Anubis IV (1279820) | more than 5 years ago | (#28804253)

As a note though, from a fellow CompSci grad student (though I didn't bother reading the paper), it IS possible to "poison" BitTorrent. I've read a handful of papers on the subject in the past year or two, but most of them focus on things like DHT entry poisoning or other similar techniques, and not on compromising the data itself.

Re:Paper summary (1)

Diomidis Spinellis (661697) | more than 5 years ago | (#28804293)

Very well put. I didn't have space to explain this in the submission's summary, but this is the gist of the paper.

How is this different? (1)

pearl298 (1585049) | more than 5 years ago | (#28803929)

Lets me see if we substitute "not approved by the fearless leader" for "unlawful copyright violator" how does that change the what they are doing?

IMHO this is yet another attempt at FUDD to scare off people who would spread ideas that those in power do not like.

The enormous success of these approaches can easily be seen by a quick check of Emule/Bittorent which shows over 6 million users right now.

My bad. (1)

Kaenneth (82978) | more than 5 years ago | (#28804169)

I once accidently did a minor DoS attack, when I was starting to write my own P2P client for the Kad network used by eMule, etc. it kept returning the same IP in response to every directory lookup.

Sorry to whoever had 127.0.0.1 back then, if your connection went down it was my fault.

(I don't remember the actual IP)

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?