TY - JOUR
T1 - Hijacking the Vuze BitTorrent network
T2 - All your hop are belong to us
AU - Chan-Tin, Eric
AU - Heorhiadi, Victor
AU - Hopper, Nicholas
AU - Kim, Yongdae
N1 - Publisher Copyright:
© The Institution of Engineering and Technology 2015.
PY - 2015/7/1
Y1 - 2015/7/1
N2 - Vuze is a popular file-sharing client. When looking for content, Vuze selects from its list of neighbours, a set of 20 nodes to be contacted; the selection is performed such that the neighbours closest to the content in terms of Vuze ID are contacted first. To improve efficiency of its searches, Vuze implements a network coordinate system: from the set of 20 to-be-contacted nodes, queries are sent to the closest nodes in terms of network distance, which is calculated by the difference in network coordinates. However, network coordinate systems are inherently insecure and a malicious peer can lie about its coordinate to appear closest to every peer in the network. This allows the malicious peer to bias next-hop choices for victim peers such that queries will be sent to the attacker, thus hijacking every search query. In our experiments, almost 20% of the search queries are hijacked; the cost of performing this attack is minimal - less than $112/month.
AB - Vuze is a popular file-sharing client. When looking for content, Vuze selects from its list of neighbours, a set of 20 nodes to be contacted; the selection is performed such that the neighbours closest to the content in terms of Vuze ID are contacted first. To improve efficiency of its searches, Vuze implements a network coordinate system: from the set of 20 to-be-contacted nodes, queries are sent to the closest nodes in terms of network distance, which is calculated by the difference in network coordinates. However, network coordinate systems are inherently insecure and a malicious peer can lie about its coordinate to appear closest to every peer in the network. This allows the malicious peer to bias next-hop choices for victim peers such that queries will be sent to the attacker, thus hijacking every search query. In our experiments, almost 20% of the search queries are hijacked; the cost of performing this attack is minimal - less than $112/month.
UR - http://www.scopus.com/inward/record.url?scp=84931027340&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84931027340&partnerID=8YFLogxK
U2 - 10.1049/iet-ifs.2014.0337
DO - 10.1049/iet-ifs.2014.0337
M3 - Article
AN - SCOPUS:84931027340
SN - 1751-8709
VL - 9
SP - 203
EP - 208
JO - IET Information Security
JF - IET Information Security
IS - 4
ER -