Experimentation on Local Cluster Testbed

where: x = arbitrary piece;

td=average download time of x without attack;

t′

d=average download time of an ongoing attack.

In the following experimental evaluation, the Figures show the aver- age download time which I have measured and the paragraphs use the delay ratio metric to put the results into perspective.

5.4.1 Experimentation on Local Cluster Testbed

In this experiment, I attacked the initial seeder with 1, 2, 3 and 4 at- tackers and compared the results to an experiment without an at- tacker. I repeated this experiment for every seeding algorithm dis- cussed in Section 5.2.2. The upload limit from the seeder was set to 1, 5 and 10 Mbps. Leechers did not have upload or download limits. All results are the average values of ten iterations.

5.4 experimental evaluation 65

Results of the Experiment with a Seeder with 1 Mbps

0 1 2 3 4 200 400 600 800 Number of Attackers A verage Do wnload Time (s)

(a) Bandwidth Attack

0 1 2 3 4 200 400 600 800 Number of Attackers (b) Allowed Fast Attack

Seeding Algorithms: RR FU AL LW RF

Figure 5.1: File transfer of a 100 MiB file with a piece size of 64 KiB via Bit- Torrent with a seeder that has a 1 Mbps upload limit. (a) A nor- mal bandwidth attack. (b) A bandwidth attack combined with the Allowed Fast Attack. The error bars show 95 % confidence intervals. Source: own representation based on own survey. 5.4.1.1 Seeder with 1 Mbps Upload Limit

Figure5.1shows the average download time with an increasing num- ber of attackers. My initial observations of Figure 5.1 (a) note that

RR is the most vulnerable algorithm. With one attacker, the delay ra-

tio d ofRRincreased by 42.17 %, with two attackers by 105.60 %, with

three attackers by 328.76 %, and with four attackers by 414.80 %. This is the highest increase and can be explained by the fact that the RR

implementation in libtorrent was incorrect and favored attackers, as explained in Section5.3.2. The allowed fast attack did not significantly increases inRR, compared to the normal bandwidth attack.

5.4.1.2 Seeder with 5 Mbps Upload Limit

Figure 5.2 depicts an attack against a seeder with a 5 Mbps upload limit. Contrary to the attack against the seeder with a 1 Mbps upload limit, the most vulnerable algorithm is not RR, rather it is FU. This indicates that the programming error is only visible when the seeder

Results of the Experiment with a Seeder with 5 Mbps 0 1 2 3 4 100 200 300 Number of Attacker A verage Do wnload Time (s)

(a) Bandwidth Attack

0 1 2 3 4

100 200 300

Number of Attacker (b) Allowed Fast Attack

Seeding Algorithms: RR FU AL LW RF

Figure 5.2: File transfer of a 100 MiB file with a piece size of 64 KiB via Bit- Torrent with a seeder that has 5 Mbps upload limit. (a) A normal bandwidth attack. (b) A bandwidth attack combined with the al- lowed fast attack. The error bars show 95 % confidence intervals. Source: own representation based on own survey.

has low bandwidth capabilities. The d of FU increased by 60.64 %

with one bandwidth attacker and by 385.41 % with four attackers. As written in Section 5.4.1, leechers and attackers have the same band- width capabilities. Nevertheless, the attacker is able to request more pieces than competitive leechers using the simple attack script in Al- gorithm5.2.

The next most adversely impacted algorithm is AL. The d of AL

during a bandwidth attack with one attacker is not significantly dif- ferent from the experiment without attacker. However, d with two attackers reaches 25.52 %, three attackers 62.21 %, and four attackers 182.99 %. Similar to the experiment with a 1 Mbps limit against AL,

the allowed fast attack increases the impact. The allowed fast attack achieves, against AL, the following d values respectively to the num-

ber of attackers: 19.45 %, 68.05 %, 197.44 % and 212.31 %. As in the previous experiment, the seeding algorithmsRF andLWare affected

the least. The d ofLWincreases 33.93 % during a normal bandwidth attack with four attacker and 72.19 % during an allowed fast attack.

5.4 experimental evaluation 67 The d of RF also increases by 50.74 % during a normal bandwidth

attack and by 98.44 % with an allowed fast attack with four attackers.

5.4.1.3 Seeder with 10 Mbps Upload Limit

Results of the Experiment with a Seeder with 10 Mbps

0 1 2 3 4 100 200 300 Number of Attacker A verage Do wnload Time (s)

(a) Bandwidth Attack

0 1 2 3 4

100 200 300

Number of Attacker (b) Allowed Fast Attack

Seeding Algorithms: RR FU AL LW RF

Figure 5.3: File transfer of a 100 MiB file with a piece size of 64 KiB via Bit- Torrent with a seeder that has 10 Mbps upload limit. (a) A nor- mal bandwidth attack. (b) A bandwidth attack combined with the allowed fast attack. The error bars shows 95 % confidence intervals. Source: own representation based on own survey. Finally, I repeated the experiment with a seeder with a 10 Mbps up- load limit (Figure5.3). In general, the more bandwidth seeder has, the more resilient it is against bandwidth attacks. In this experiment, the most vulnerable algorithm was again FU. The d ofFU with one, two,

three, and four bandwidth attackers increased by 23.29 %, 86.36 %, 242.97 %, and 229.54 %, respectively. In and allowed fast extension attack with three attackers, the d was degraded by 349.94 %. The sec- ond most vulnerable algorithm was theALseeding algorithm, similar

to the experiment using a 5 Mbps limit. An attack with one attacker increased the d by 97.66 % and by 409.15 % with four attackers. With four attackers, the d of the broken RR implementation increases by

5.4.1.4 Launching Bandwidth Attacks in Sybil Mode

In a Sybil attack, an attacker injects multiple fake peers, all of which are under the control of the attacker, into a network (see Section3.1.1) [Dou02]. This section evaluates the efficacy of the proposed allowed fast attack in Sybil mode.4_{In this experiment, I increased the number}

of attackers and reduced the number of leechers with every iteration until I had the same number of attackers and leechers. Figure 5.4

depicts the results with a seeder with 5 Mbps upload capacity.

Results of a Sybil Attack with a Seeder with 5 Mbps

10 20 30 40 50 60 70 80 90 100 0 200 400 600 800 1,000

Percentage of Attackers in Swarm

A verage Do wnload Time (s) W/o FU AL LW RR RF

Figure 5.4: File transfer of a 100 MiB file with a piece size of 64 KiB via Bit- Torrent with a seeder that has a 5 Mbps upload limit. A Sybil attack in which I increased the number of attackers and reduced the number of leechers with every iteration. Source: own repre- sentation based on own survey.

The Sybil attack shows that as more attackers are injected into the swarm, the impact of the attack becomes progressively severe. When 25 % from the swarm are attackers, it is possible to increase the av- erage download time for all peers by up to more than 500 % if the seeder uses FU, ALor RR. The seeding algorithms LWor RF also con-

cede a d of more than 250 %. If there are half as many attackers as leechers, the d of the leechers increases by up to 700 % if a seeder

4 This is a realistic scenario as botnets are available for hire for as little as $0.50 per

5.4 experimental evaluation 69 makes use of FU,AL, or RR. However, if a seeder usesLWor RF then

this value is more than 300 %. If an attacker introduces the same num- ber of attackers as leechers, then the most vulnerable algorithms FU, ALandRRincrease the average download time by up to 1000 %. The effect onRRis the worst with a d increase of 1561.18 %. InLWandRF,

the d increases by more than 500 %.