Towards Digital Rights Protection in BitTorrent-like P2P Systems Xinwen Zhang Samsung Information Systems America Dongyu Liu and Songqing Chen George Mason University Zhao Zhang Iowa State University Ravi Sandhu University of Texas at San Antonio, MMCN 2008
27
Embed
Towards Digital Rights Protection in BitTorrent-like P2P Systems Xinwen Zhang Samsung Information Systems America Dongyu Liu and Songqing Chen George Mason.
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Towards Digital Rights Protection in BitTorrent-like P2P Systems
Xinwen ZhangSamsung Information Systems America
Dongyu Liu and Songqing ChenGeorge Mason University
Zhao ZhangIowa State University
Ravi SandhuUniversity of Texas at San Antonio,
MMCN 2008
BitTorrent P2PBitTorrent P2PBy the end of 2004, BitTorrent (BT) was accounting for as much as By the end of 2004, BitTorrent (BT) was accounting for as much as 30% of all Internet traffic.30% of all Internet traffic.– P2P traffic is 60% of all Internet trafficP2P traffic is 60% of all Internet traffic– Data from CacheLogicData from CacheLogic
compared to E-mail, FTP and the Web in general.compared to E-mail, FTP and the Web in general.
TrendsTrendsBT Keeps GrowingBT Keeps Growing– In May 2006, the average torrent had 817,588 people In May 2006, the average torrent had 817,588 people
participating. 12 months later, that figure had jumped to participating. 12 months later, that figure had jumped to 1,357,318 seeders and leechers: a 1,357,318 seeders and leechers: a 66 percent66 percent year-over- year-over-year growth rate. year growth rate.
– P2P applications account from anywhere between 50 P2P applications account from anywhere between 50 percent and 90 percent of all Internet traffic percent and 90 percent of all Internet traffic
BitTorrent accounted for between 50 percent to 75 percent BitTorrent accounted for between 50 percent to 75 percent in 2006 in 2006
P2P file sharing Traffic shifts from small file-sizes P2P file sharing Traffic shifts from small file-sizes to huge file-sizesto huge file-sizes– From music to movies, TV shows, and full albumsFrom music to movies, TV shows, and full albums
Current StatusCurrent StatusThere are some legal content sharingThere are some legal content sharing– Open source software distributionsOpen source software distributions
However, most content shared with BT are However, most content shared with BT are not copyright-protected.not copyright-protected.
No practical DRM mechanism built for BTNo practical DRM mechanism built for BT– Due to its highly distributed environment and Due to its highly distributed environment and
Motivation & ChallengesMotivation & ChallengesEnable DRM in BT-like P2P systemEnable DRM in BT-like P2P system– Leverage efficiency of BT for legal content Leverage efficiency of BT for legal content
distributionsdistributions– Enable new business model with P2PEnable new business model with P2P
Challenges: Challenges: – Existing DRM schemes are client-server modelExisting DRM schemes are client-server model– Open platforms of peersOpen platforms of peers– Should be no demanding infrastructure
changesP2P users are “loath to change”.
Approach & FeaturesApproach & FeaturesApproach:Approach:– An re-encryption crypto scheme based on An re-encryption crypto scheme based on asymmetric
encryption algorithm– Each piece is re-encrypted at runtime before a peer uploads it
to any other peer so that the decryption keys are unique for both different peers and difference pieces.
Features: – Leverage the lightly-centralized tracker site to store and Leverage the lightly-centralized tracker site to store and
distribute re-encryption keysdistribute re-encryption keysTypically is trusted by content provider or ownerTypically is trusted by content provider or owner
– Any user can take part in the content distribution while only legitimate users can access the plaintext
BitTorrent’s Basic IdeaBitTorrent’s Basic IdeaTo best utilize parallel downloading, file is treated as many To best utilize parallel downloading, file is treated as many piecespieces::– Using Using SHA-1SHA-1 to ensure every piece’s data integrity to ensure every piece’s data integrity– Using “Using “rarest firstrarest first” strategy for piece selection to speed up ” strategy for piece selection to speed up
distributiondistribution
Using a Using a tit-for-tattit-for-tat algorithm (choking for the lowest speed algorithm (choking for the lowest speed uploader) to encourage uploadinguploader) to encourage uploading
Typically there’re Typically there’re Web serversWeb servers to to serve .torrent metainfo fileserve .torrent metainfo file
TrackerTracker: maintain all peers’ IP/port : maintain all peers’ IP/port information, so each peer can find information, so each peer can find othersothers
Downloaders Downloaders (leecher/seed) as peers (leecher/seed) as peers connected to each otherconnected to each other
Distribute .torrent file:Post .torrent file to any web server for people to download
Computing using CompleteDir
Serving as a seedas long as possible
Running BitTorrent Downloader with the .torrent file
Content Publisher
Overall ArchitectureOverall Architecture
Web page with link to .torrent
A
B
C
Peer
[Leech]
Downloader
“US”
Peer
[Seed]
Peer
[Leech]
TrackerWeb Server
.torr
ent
Overall ArchitectureOverall Architecture
Web page with link to .torrent
A
B
C
Peer
[Leech]
Downloader
“US”
Peer
[Seed]
Peer
[Leech]
Tracker
Get-announce
Web Server
Overall ArchitectureOverall Architecture
Web page with link to .torrent
A
B
C
Peer
[Leech]
Downloader
“US”
Peer
[Seed]
Peer
[Leech]
Tracker
Response-peer list
Web Server
Overall ArchitectureOverall Architecture
Web page with link to .torrent
A
B
C
Peer
[Leech]
Downloader
“US”
Peer
[Seed]
Peer
[Leech]
Tracker
Shake-hand
Web Server
Shake-hand
Overall ArchitectureOverall Architecture
Web page with link to .torrent
A
B
C
Peer
[Leech]
Downloader
“US”
Peer
[Seed]
Peer
[Leech]
Tracker
pieces
pieces
Web Server
Overall ArchitectureOverall Architecture
Web page with link to .torrent
A
B
C
Peer
[Leech]
Downloader
“US”
Peer
[Seed]
Peer
[Leech]
Tracker
piecespieces
pieces
Web Server
Overall ArchitectureOverall ArchitectureWeb page with link to .torrent
A
B
C
Peer
[Leech]
Downloader
“US”
Peer
[Seed]
Peer
[Leech]
Tracker
Get-announce
Response-peer list
piecespieces
pieces
Web Server
Enable DRM for BTEnable DRM for BTOverall DRM requirements: Overall DRM requirements: – Encrypted contentEncrypted content– Flexible policy management (e.g., through license file)Flexible policy management (e.g., through license file)– Usage trackingUsage tracking
Three different DRM modelsThree different DRM models– Model 1: encode policy in object
Static policy, no update, no tracking– Model 2: separated policy file with object
Same object copy for all users (same encryption key)Break-once-run-everywhere
– Model 3: separate policy from object, and each user obtains a different copy of the object
each object is encrypted with a different keyOr each encrypted object has a unique IDStrong trackingStrongest DRM schemeStrongest DRM scheme
Case Study: Windows Media Digital Rights ManagementCase Study: Windows Media Digital Rights Management
Enable Strong DRM in BTEnable Strong DRM in BT
Overall requirements: Overall requirements: – Confidentiality of data transition between any
two peers– no-linkable content secrecy– Immune to passive attacks with intercepted
messages.– Immune to compromised peers.– Immune to collusion between any number of
peers.
Some Naive SolutionsSome Naive SolutionsSymmetric key algorithm– Each pair of peers shares a symmetric key– Key management is an issue– a peer can share a file piece only after
decryption, which makes the system vulnerable to the attack that a malicious peer could upload/distribute plain file pieces to others
Traditional public-key algorithm– Each peer has a public/private key pair.– Same problems
Secure BT scheme for Strong DRMSecure BT scheme for Strong DRM
PerformancePerformanceCryptography performanceCryptography performance– PEnc is only performed by the initial seed.PEnc is only performed by the initial seed.– PDec is only performed when playingPDec is only performed when playing– Selective encryption and pre-processing can increase Selective encryption and pre-processing can increase
the speed. the speed.
PerformancePerformanceCommunication overhead measurenent in PlanetLab:Communication overhead measurenent in PlanetLab:– 4 dedicated seeds are set up with an uploading speed of 200
KB/s.– Randomly selected 120 PlanetLab nodes are used as
downloaders,from Asia, Europe, and United States.
– The object is a 640-MB file. Both the seeds and the tracker are running Celeron CPU 2.4 GHz with 1 GB memory, and Linux Fedora 2.6.9 and Python 2.3.4.
– Change piece size to simulate different download traffic from seeds.
512KB vs. 120 nodes256KB vs. 240 nodes128KB vs. 480 nodes64KB vs. 960 nodes32KB vs. 1920 nodes
PerformancePerformanceSlightly increase on tracker response time for single Slightly increase on tracker response time for single download requestdownload request
Less than 10% system throughput decreaseLess than 10% system throughput decrease
ConclusionsConclusionsBT high efficiency has not been leveraged to distribute the majority of copyrighted digital content over the Internet. We propose a security mechanism based on the existing BT infrastructureto enable copyright protection. We have implemented a prototype system and conducted real experiments in PlanetLab. The evaluation results show that our scheme can still achieve comparable content distribution efficiency to the original BT system. – That is, to enable DRM, our proposed scheme causes less than
10% degradation of the system throughput.
We are further optimizing the system performanceWe are exploring DRM mechanism on tracker-less BT We are exploring DRM mechanism on tracker-less BT systemssystems