PI-to-PI: a Solution towards Secure Peer to Peer Communication Network Majd Ghareeb, Marwa Rammal, Ali Nahle, Mohamad Raad and Ali Bazzi Computer and Communication Engineering International University of Beirut 146404 Mazraa, Beirut, Lebanon
[email protected] Abstract— File sharing is a corner stone application of network computing. The most popular way to achieve an efficient file sharing through the Internet is to use Peer-to-Peer (P2P) protocols via applications such as BitTorrent. However, BitTorrent is an open file sharing service that allows files to be shared widely without the consent, or control, of the original publisher of the work. Such a fact is undesirable for a lot of organizations and institutions since it raises copyright and content ownership issues. In this paper we propose an efficient BitTorrent-like protocol that aims at privatizing the P2P network such that control over the distribution of copyrighted material can be achieved. This is done by limiting the user set to those authorized based on their machines MAC addresses and by using dedicated equipment, i.e. the Raspberry PI board.
Keywords—Secure file sharing; P2P; BitTorrent; Raspberry PI
I.
INTRODUCTION
As an evident result of the rapid development in communication technology, huge sizes of content files are available nowadays over Internet. Different methods have been proposed to distribute this content among users across the world using rapid, efficient and secured methods. Client-server communication mode is the traditional data distribution method of files over Internet such as FTPlike (File transfer Protocol) protocols that involve the different users to retrieve desired data from a single server [1]. This is important for the client side where disk space is limited, and for the server, on the other side, having files centralized makes the process of updating data faster and easier. However, the main problem raised from the central server is the centralization of information, which makes it susceptible to centralized control. Besides, server will form a single point of failure in the system and will increase system dispose to Denial of Service (DOS) security problem. As a solution to cope with these drawbacks, peer-to-peer appears. Peer to peer or P2P file sharing has become a hot topic since early 2000 with the advent of Napster [2]. Napster was the first P2P file sharing application; it was the famous and immensely popular music exchange system, where only sharing of MP3 files was possible. At its peak, Napster had approximately 70 million users that had downloaded about 2.79 billion songs. However, Napster was shut down after 2
years due to copyright infringement [1,3]. The developers of Napster had argued that they were not responsible for the infringement of the copyright owners’ rights because they were not participating in sharing music files but it was the responsibility of users [4]. However, this argument did not save Napster, but fortunately, it opened the way to more advanced approaches to P2P file sharing applications. So just what is peer-to peer networking (P2P)? P2P is a network or a file sharing service that allows users to share their files, photos, videos, and other content with an easy and efficient way over the internet with a simple software application that runs over each peer machine. Recently, P2P networks’ communications have accounted for approximately 70% of overall internet traffic, according to IPOQUE internet study [1]. With P2P networking, all computers on the network function both as a client and a server permitting users to communicate directly with one another rather than through a central server like a website, providing a more scalable and reliable network. Thus, P2P applications leverage resources of the clients who provide services to each other. Moreover, the most popular P2P applications are file-sharing systems that exploit the connectivity and bandwidth of the participants, where s single peer is able to find and download data from multiple sources simultaneously. This decentralized approach improves the download speed of the participants and ensures high content availability [6]. Despite the good side of P2P networks where everyone is able to use it, including simple internet users, artists, video makers, writers, students, academic professors, etc. its main problem was its inefficiency in distributing files over the Internet, in which, it does eat up a lot of bandwidth, leading to overloading the network. The evolution of P2P [7] applications from Napster (centralized distribution of files) to Gnutella (decentralized distribution of files) did not completely overcome this problem. In Gnutella, peers were first connected directly, without the need of central server, to a flat overlay network, in which every peer was equal. And the malfunction of any node did not cause any trouble to other nodes in the system (no single point of failure). However, with Gnutella, information was discovered more slowly, and since
queries flood the network it leads to non scalability problem and thus inefficiency in query traffic. Fortunately, here appeared the hybrid model of P2P networks, which was the BitTorrent. As a solution for the P2P internet resource consuming issue, Bram Cohen's BitTorrent [3], has been proposed and adopted as the most popular protocol for P2P file sharing communications. With this protocol, every person downloading a file contributes with a bit of its bandwidth by exchanging portions of the file they want with other downloaders. That is, as you download one portion, you upload another, more precisely; it enforces bandwidth contributions from the peers by employing a tit-for-tat exchange strategy, which reduces freeloading. BitTorrent [3,4] is the most popular P2P file sharing protocol. It became so popular in this last decade where it accounts for almost 35% of all internet traffic and more than 50% of all P2P network traffic [8]. BitTorrent is a hybrid architecture using both client/server and P2P networks. Peers are required to contact an index server (tracker) in order to receive the list of peers participating in the file swarming session that actually have the requested file, this indicates the client/server mode. While, the actual distribution of the file is based on the communication between peers directly, where many of those act as a client and a server by downloading and uploading files at the same time; this indicates the use of P2P mode. Hence, BitTorrent overcomes the non-scalability and inefficiency of the traditional distribution networks (client/server and P2P networks). However, the major problem of Bittorrent and P2P systems in general is the abuse of the network by some clients for the distribution of content without the agreement of the content's owner. With Bittorrent, one would allow anyone in the world to copy files directly from his computer. This could be a single file, a whole folder, or even the entire hard drive [6]. This legitimacy problem has forced a lot of organizations and universities to prevent the usage of P2P file sharing service in their authority. While, others instead of banning P2P systems, they set a lot of precautions to prevent the breaking of the copy right law. Different researches have been done to address this legitimacy problem of P2P communication networks. One proposed approach is to limit the system to an authorized list of users and resources based on given constraints. These constraints could be related to software or hardware equipment used by the users. However, many of these solutions tend to introduce cumbersome limitations on the user to access content, such as multiple sign-in pages, multiple redirections and so on. Motivated by the importance of file sharing systems from the one hand, and of their security concerns from the other hand, in this paper we present a Bittorrent- like file sharing protocol that has been design and implemented based on the Raspberry PI platform [9,10]. After this introduction, we give
an overview about the proposed system and the level of security provided by it. Then, we present the design of the system and the implementation of its different roles. II.
PI-TO-PI SYSTEM OVERVIEW
Despite the relevance of P2P applications usage for file sharing, a lot of universities and organizations prevent or restrict their usage inside their authority because of the legitimate issues caused by them. The objective of our system is to improve the security of P2P file sharing system by restricting the list of users to only authorized ones. Hence, any organization or education institute that needs to share large number of files among their users, such as videos, audio records, slides, books, etc, will be able to do that via an efficient, low cost, high speed, scalable and secure file sharing system that is offered only by and for authorized users with access credentials to the organization system. So in order to download or to upload to the system, users will be restricted by having an organization identifier (Id and password), where the created torrent files will be extended with specific metadata that is readable only to the authorized clients. To apply these restrictions inside and outside the authority, it would not be enough to limit the IP addresses of the users by an authorized list. And thus, restriction will be done based on their computers MAC addresses. Hence, users will not be allowed to participate in the file sharing swarm unless he/she are using recognized MAC addresses. Furthermore, and in order not to be limited by the usage of a single machine that could be not easily portable, the proposed system allows the usage of a mini-computer ship (e.i. Raspberry Pi) that helps users to access the Pi-to-Pi swarm that is dedicated for the organization whenever and wherever they are. Raspberry Pi is a single-board, low-cost, highperformance computer that was developed by the UK Raspberry Pi Foundation for educational and later on for a lot of applications and projects [9]. To implement our project, we have chosen to use Raspberry Pi 3 model B, which is the latest edition of this series, a powerful mini-computer with tremendous connectivity options. It has A 1.2GHz 64-bit quad-core ARMv8 CPU with 1GB RAM 4 USB ports, 40 GPIO pins, Full HDMI port, Ethernet port, Combined 3.5mm audio jack and composite video and a Camera interface (CSI). Pi-to-Pi system utilizes three layers of isolation. The first limits access to content based on a known user ID. The second layer is based on the hardware (i.e. the MAC address of the device participating in the file sharing swarm) and the third is based on a modification introduced to the torrent files ensuring that such files cannot be downloaded using a typical BitTorrent client. So in order to download authorized content, or to upload to dedicated clients, users are restricted by having an identifier.
III.
SYSTEM DESIGN AND IMPLEMENTATION
Pi-to-Pi torremt system has a server component, which is controlled by the administrator, and a client application in which users can interact. The server contains the registration information and access rights. The client application runs on each host and retrieves a list of available files based on the user's credentials. The user controls which files are downloaded in the current version, although it is possible for the client to simply join swarms. That is, the decision as to which swarm to join can be made independent of the user. The purpose of this level of control is to ensure traceability regarding the distribution of content. Since the client is deployed on a small multipurpose computing platform, the content can be consumed on that platform. As such, it is possible to disallow the movement of that content off that platform (through copying for example).
Such an approach allows much better traceability of how data was accessed. There are two steps that need to be taken for a client to join a swarm: the first is for the "Checker Server" to authenticate the user using the above described database, and the second is for the same server to contact a Tracker which determines if the used torrent file has the correct metadata to allow the client to participate in the swarm. Figure1 shows an overview of the server checking scenarios. Scenarios 1 and 2 are for sign-in authentication, while scenarios 3 and 4 are for the session authentication.
A. BitTorrent-Like Protocol Typically, there are four critical elements in a BitTorrent network, the torrent file, seeders, leechers and the tracker. The .torrent file is the description of the file to be downloaded (name, size, partitioning size) as well as the information needed to contact the tracker server (URL or IP). It is generated by the file originator and uploaded to a web server where file downloaders can retrieve the .torrent file and uses it to learn about the tracker server. The Tracker is the only part that is not shared in the Torrent node, rather it actively keeps track of the peer set (all seeders and leechers) downloading a given torrent file. In the file swarming activity, peers that have downloaded the complete torrent file are named “Seeders”, while others having only part of the file are called “Leechers”. In our application the torrent file is extended such that the new metadata in the file includes the ID attribute for authorizing the organization users. To implement these changes the BT MeanLine3.9 library which is written in Python was used as the starting point. These changes enable the creation of a private file swarming application, only available to authorized users, as described above.
Figure 1: Checker Server Architecture Scenarios
C. Client Side Implementation The client is used for creating a torrent file as well as sharing and downloading files. An authentic user needs to provide an ID and password through the client to access the torrent files. In order to be authenticated, the application does two checks in order to allow the user to enter the application. Figure 2 illustrates the authentication process.
B. Server Side Implementation The server has the functional responsibility of maintaining a list of authorized users and the list of available torrent swarms that each user is permitted to participate in. This list is actually maintained on a physically separate database accessed by the server. Such a separation adds an additional layer of isolation between the P2P network (which has continuous contact with the server) and the database (which has the critical set of information regarding access rights). The maintenance of the information on the database is the responsibility of the system administrator. This separation between the database and the P2P network means that in order to corrupt the authentication related information an attacker has to pass through the tracking server – since connections from other hosts are not permitted by the implemented system.
Figure 2: SIGN In Authentication Process
D. File Swarming When a user wants to upload/download a torrent file the system checks his authentication before processing any shared file in order to avoid the security problems as mentioned previously. This authentication is done by reading the metadata of the file being downloaded and checking the authorized MAC and IP addresses of the clients machines being downloaded from. Once the .torrent file is created, the user uploads the file for seeding. Any authenticated peer that wants to download this file, will be sent the list of IP addresses of the hosts participating in that swarm. On the other hand, if the user wants to download a torrent file, thus becomes a leecher, the client allows the user to browse torrent files for which that user/host combination has access, and once a file is chosen the client will display the metadata information of the selected torrent file then start downloading.
availability of low cost, general purpose computing hardware such as the Raspberry PI. In the described system, even if an attacker changes the MAC address, the tracker keeps a track of all the sessions opened by saving each session in a SESSION table in the database enabling a check of the consistency of the MAC and IP address pair representing the host. This helps prevent incorrect content distribution except in the case where a hosts network identity has been completely cloned. Of course it is possible for the hardware to be stolen. Such a problem can be addressed by having appropriate business or operational processes in place. For example, the institution responsible for issuing the required hardware may require users to bring in their hardware for periodic inspections.
REFERENCES [1]
IV.
DISCUSSION AND CONCLUSION
The main objective of the proposed system was to insure a level of authentication to P2P file sharing system that will in its turn insure the accessibility to the content only by authorized people. Although this is more restrictive than having completely open content platforms, it is a necessary restriction in many cases to obtain distribution rights from content owners. The approach taken by the described system is to modify popular and open applications and protocols to form closed P2P networks, the participants in which are known to the system administrator. Specifically, a modified torrent file has been designed which carries extra metadata that limits access to a specific set of users and hosts. It is important to note that access is provided to approved user/host pairs only and not to specific hosts or specific users individually. The host is identified by its MAC address and the user is identified by the user ID and password. This approach was made possible because of the
Majd GHAREEB, Soufiane ROUIBIA, Benoît PARREIN, Mohamad RAAD, Cedric THAREAU, "P2PWeb: a Client/Server and P2P Hybrid Architecture for Content Delivery over Internet," IEEE ICM, Beirut, Lebanon, 2013. [2] Hendrik Schulze; Klaus Mochalski, "Internet Study 2/2009," IPOQUE, 2009. [3] B. Cohen, "Incentives Build Robustness in BitTorrent," bitconjurer.org, May 22, 2003. [4] Ryan Toole,Vinod Vokkarane, "BitTorrent Architecture and Protocol," University of Massachusetts Dartmouth, Dartmouth, April 17, 2006. [5] N. Lake, "BitTorrent Technology How and Why it works," McCaster University , 1280 Main St W, Hamilton, ON L8S 4L8, Canada 2005. [6] http://www.i-safe.org, "Peer to Peer Networking," i-Safe America, Inc., Carlsbad, Washington, D.C, established in 1998. [7] M. Mike, "The Survey Of The Technologies Of Peer-To-Peer," College of Computer, Georgia Tech, Georgia. [8] N. Lake, "BitTorrent Technology How and Why it works," McCaster University , 1280 Main St W, Hamilton, ON L8S 4L8, Canada 2005. [9] Raspberry Pi “ https://www.raspberrypi.org/”, [Mar. 30, 2017 ]. [10] A The Raspberry Pi Education Manual, The Chartered institute for IT, in collaboration with BSC, December, 2012.
