Forensic Identification of Anonymous Sources in OneSwarm

OneSwarm is a p2p system for anonymous file sharing. We quantify the system’s vulnerability to three attacks that identify the sources of files. First, we detail and prove that a timing attack allows a single attacker to investigate all its neighbors for possession of specific files. We prove the attack is possible due to OneSwarm’s design and is unthwarted by changes made to OneSwarm since we released our attack. Second, we show that OneSwarm is much more vulnerable to a collusion attack than previously reported, and we quantify the attack’s success given a file’s popularity, a factor not evaluated earlier. Third, we present a novel application of a known TCP-based attack. It allows a single attacker to identify whether a neighbor is the source of data or a proxy for it. Each of these attacks can be repeated as attackers quit and rejoin the network. We present these attacks in the context of forensics and the investigation of child pornography. We show that our attacks meet the higher standards required of law enforcement for criminal investigations.

[1]  梁 啓超,et al.  庸言 = The justice , 2022 .

[2]  B. Cohen,et al.  Incentives Build Robustness in Bit-Torrent , 2003 .

[3]  J. Wolak,et al.  Child-Pornography Possessors Arrested in Internet-Related Crimes: Findings From the National Juvenile Online Victimization Study. , 2005 .

[4]  Clay Shields,et al.  Forensic investigation of peer-to-peer file sharing networks , 2010, Digit. Investig..

[5]  Jeannie R. Albrecht,et al.  Measurement and analysis of child pornography trafficking on P2P networks , 2013, WWW.

[6]  Raphaëlle Nollez-Goldbach Measurement and Analysis of P2P Activity Against Paedophile Content , 2008 .

[7]  Larry L. Peterson,et al.  Experiences building PlanetLab , 2006, OSDI '06.

[8]  Clémence Magnien,et al.  Quantifying paedophile activity in a large P2P system , 2012, Inf. Process. Manag..

[9]  Brian Neil Levine,et al.  Measuring a year of child pornography trafficking by U.S. computers on a peer-to-peer network. , 2014, Child abuse & neglect.

[10]  Jacky C. Chu,et al.  Availability and locality measurements of peer-to-peer file systems , 2002, SPIE ITCom.

[11]  Brian Neil Levine,et al.  Efficient Tagging of Remote Peers during Child Pornography Investigations , 2014, IEEE Transactions on Dependable and Secure Computing.

[12]  Michael L. Bourke,et al.  The use of tactical polygraph with sex offenders , 2015 .

[13]  Paul F. Syverson,et al.  Anonymous connections and onion routing , 1998, IEEE J. Sel. Areas Commun..

[14]  Gene Tsudik,et al.  Towards an Analysis of Onion Routing Security , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[15]  Tadayoshi Kohno,et al.  Challenges and Directions for Monitoring P2P File Sharing Networks - or - Why My Printer Received a DMCA Takedown Notice , 2008, HotSec.

[16]  Micah Adler,et al.  Defending anonymous communications against passive logging attacks , 2003, 2003 Symposium on Security and Privacy, 2003..

[17]  Brian Neil Levine,et al.  Forensic investigation of the OneSwarm anonymous filesharing system , 2011, CCS '11.

[18]  Dirk Grunwald,et al.  Low-resource routing attacks against tor , 2007, WPES '07.

[19]  Rob Sherwood,et al.  Misbehaving TCP receivers can cause internet-wide congestion collapse , 2005, CCS '05.

[20]  Stefan Savage,et al.  TCP congestion control with a misbehaving receiver , 1999, CCRV.

[21]  Brian Neil Levine,et al.  Effective Digital Forensics Research Is Investigator-Centric , 2011, HotSec.

[22]  Thomas E. Anderson,et al.  Privacy-preserving P2P data sharing with OneSwarm , 2010, SIGCOMM '10.

[23]  John R. Douceur,et al.  The Sybil Attack , 2002, IPTPS.

[24]  Micah Sherr,et al.  Users get routed: traffic correlation on tor by realistic adversaries , 2013, CCS.

[25]  Ian T. Foster,et al.  Mapping the Gnutella Network , 2002, IEEE Internet Comput..

[26]  By Ty,et al.  DON ' T CACHE OUT YOUR CASE : PROSECUTING CHILD PORNOGRAPHY POSSESSION LAWS BASED ON IMAGES LOCATED IN TEMPORARY INTERNET FILES , 2015 .