Slashdot Mirror

← Back to Stories (view on slashdot.org)

Researchers Outline Targeted Content Poisoning For P2P Data

Posted by timothy on from the subscribe-to-your-shackles dept.

Diomidis Spinellis writes "Two USC researchers published a paper in the prestigious IEEE Transactions on Computers that describes a technique for p2p content poisoning targeted exclusively at detected copyright violators. Using identity-based signatures and time-stamped tokens they report a 99.9 percent prevention rate in Gnutella, KaZaA, and Freenet and a 85-98 percent prevention rate on eMule, eDonkey, and Morpheus. Poison-resilient networks based on the BitTorrent protocol are not affected. Also the system can't protect small files, like a single-song MP3. Although the authors don't say so explicitly, my understanding is that the scheme is only useful on commercial p2p distribution systems that adopt the proposed protocol."

1 of 201 comments (clear)

  1. Paper summary by creidieki · · Score: 5, Informative

    As a comp sci grad student, here's what I got from a quick reading of this paper:

    Imagine that you're a content provider, with paying users. You've decided to distribute content to your users by running a Gnutella-style network. How do we make sure that only paying users can get our content? After all, it's an open network.

    We start by sending some sort of magic timestamp-thing to all of the paying users. I didn't read this part in much detail. Anyway, the paying users can all identify each other somehow. They mention that it maintains privacy.

    Some of your paying users (the "Clients") are good, virtuous folk, and they're running the Happy Authorized Gnutella software you gave them. Others (the "Colluders") are running Evil Hacked software. No matter what you do, the Colluders are going to send chunks of your precious data to the "Pirates" (anyone who hasn't paid you).

    Normally, we'd expect our Clients to ignore requests from our Pirates. This paper instead suggests: let's obligate the Clients to send poison data to the Pirates! The Pirates won't know which chunks are bad; they'll only find out that the file is corrupt once it's finished downloading. The Pirates won't be able to get a good copy, and they'll give up and go away.

    And there's one other great thing: we can set up *fake* Pirates, and check which users aren't giving out the poison they're supposed to! So we've served data to all of the Clients; we've identified all of the Colluders; and we've defeated all of the Pirates.

    (Bittorrent has data integrity checks for every chunk, instead of every file; that's why it's not vulnerable to this attack...I mean business model).

    In summary: This paper describes a way that a company can charge for distributing their own content on a peer-to-peer network. It only works if they control a centralized "transaction server" thThat's why no one has ever at organizes the entire network, and if they control the software of all the "honest" people. They can't destroy our existing networks with it, and it doesn't prevent anyone from turning around and posting the file to BitTorrent once it's downloaded.

    The tone of the paper is definitely not as neutral as I feel it should be. What they're trying to say is "there's no obvious way to charge people for running a Gnutella server, because pirates will eat your lunch. But we think we have a way." But it definitely feels like they're putting moral force behind what's really a network algorithms result.