Software improves p2p privacy by hiding in the crowd

Apr 08, 2009

Researchers at the McCormick School of Engineering and Applied Science at Northwestern University have identified a new "guilt-by-association" threat to privacy in peer-to-peer (P2P) systems that would enable an eavesdropper to accurately classify groups of users with similar download behavior. To thwart this threat, they have released publicly available, open source software that restores privacy by masking a user's real download activity in such a manner as to disrupt classification.

P2P systems are incredibly popular, enabling new and important Internet applications such as voice over IP (VoIP) and file sharing. These systems work by establishing network connections between machines that cooperate to perform a common goal. While many researchers have pointed out that the data exchanged over these connections can reveal personal information about users, an interdisciplinary collaboration between Fabián Bustamante, associate professor of electrical engineering and computer science, Luis Amaral, associate professor of chemical and biological engineering, and Roger Guimerà, research assistant professor of chemical and biological engineering, shows that only the patterns of connections — not the data itself — is sufficient to create a powerful threat to user privacy.

The team of researchers, which includes graduate students David Choffnes (electrical engineering and computer science) and Dean Malmgren (chemical and biological engineering), and postdoctoral fellow Jordi Duch (chemical and biological engineering), studied connection patterns in the BitTorrent file-sharing network — one of the largest and most popular P2P systems today. They found that over the course of weeks, groups of users formed communities where each member consistently connected with other community members more than with users outside the community.

"This was particularly surprising because BitTorrent is designed to establish connections at random, so there is no a priori reason for such strong communities to exist," Bustamante says. After identifying this community behavior, the researchers showed that an eavesdropper could classify users into specific communities using a relatively small number of observation points. Indeed, a savvy attacker can correctly extract communities more than 85 percent of the time by observing only 0.01 percent of the total users. Worse yet, this information could be used to launch a "guilt-by-association" attack, where an attacker need only determine the downloading behavior of one user in the community to convincingly argue that all users in the communities are doing the same.

Given the impact of this threat, the researchers developed a technique that prevents accurate classification by intelligently hiding user-intended downloading behavior in a cloud of random downloading. They showed that this approach causes an eavesdropper's classification to be wrong the majority of the time, providing users with grounds to claim "plausible deniability" if accused.

The research team implemented this strategy in software that has already been made available as a seamless extension to the popular Vuze BitTorrent client. The software, named SwarmScreen, downloads randomly-selected content in a way that prevents eavesdroppers from distinguishing it from user-desired content. SwarmScreen allows users to control the impact of these connections on the download performance for the data they want to keep.

More information: SwarmScreen is available for download on the Aqualab website or via the Vuze plugin installation menu. For more details about this work, visit aqualab.cs.northwestern.edu/projects/SwarmScreen.html

Source: Northwestern University (news : web)

Explore further: 'Off-the-shelf' equipment used to digitize insects in 3-D

add to favorites email to friend print save as pdf

Related Stories

Developing a neighborhood watch for the Internet

Nov 24, 2008

Internet network performance problems are not only annoying to users -- they are costly to businesses and network operators. But since the Internet has no built-in monitoring system, network problems often go unnoticed.

BitTorrent gaining more acceptance

Apr 20, 2006

In the world of the Internet, a new idea can be either an asset or a threat. It depends on your perspective. BitTorrent, the popular peer-to-peer file sharing technology, poses exactly this conundrum to Internet service providers ...

The 5 dimensions of online gifts

Jun 13, 2007

Different social media, such as wikis, MySpace, Flickr and various forums have different ways for people to give and receive gifts, according to Swedish scientists. To fully understand online gifting and the successes and ...

Recommended for you

Computer-assisted accelerator design

Apr 22, 2014

Stephen Brooks uses his own custom software tool to fire electron beams into a virtual model of proposed accelerator designs for eRHIC. The goal: Keep the cost down and be sure the beams will circulate in ...

First steps towards "Experimental Literature 2.0"

Apr 21, 2014

As part of a student's thesis, the Laboratory of Digital Humanities at EPFL has developed an application that aims at rearranging literary works by changing their chapter order. "The human simulation" a saga ...

User comments : 0

More news stories

Brazil enacts Internet 'Bill of Rights'

Brazil's president signed into law on Wednesday a "Bill of Rights" for the digital age that aims to protect online privacy and promote the Internet as a public utility by barring telecommunications companies ...

Is nuclear power the only way to avoid geoengineering?

"I think one can argue that if we were to follow a strong nuclear energy pathway—as well as doing everything else that we can—then we can solve the climate problem without doing geoengineering." So says Tom Wigley, one ...

US urged to drop India WTO case on solar

Environmentalists Wednesday urged the United States to drop plans to haul India to the WTO to open its solar market, saying the action would hurt the fight against climate change.

FDA proposes first regulations for e-cigarettes

The federal government wants to prohibit sales of electronic cigarettes to minors and require approval for new products and health warning labels under regulations being proposed by the Food and Drug Administration.

Vermont moves toward labeling of GMO foods

Vermont lawmakers have passed the country's first state bill to require the labeling of genetically modified foods as such, setting up a war between the behemoth U.S. food industry and an American public that overwhelmingly ...