aalto1 untyped-item.component.html
Securing data authentication with cryptographic signatures in BitTorrent
Loading...
URL
Journal Title
Journal ISSN
Volume Title
School of Electrical Engineering |
Master's thesis
Electronic archive copy is available via Aalto Thesis Database.
Checking the digitized thesis and permission for publishing
Instructions for the author
Instructions for the author
Authors
Date
Major/Subject
Mcode
S-38
Degree programme
Language
en
Pages
xi + 58
Series
Abstract
BitTorrent is a scalable and popular Peer-to-Peer protocol for swapping large files over the Internet since its introduction in 2001. To validate a source file, which is chopped into small pieces, a traditional approach is to compute a hash for each piece by the SHA-1 hash function and include these hashes as metadata in a torrent file. The pieces are valid only until they have been verified by the hashes. However, the size of the torrent file relatively increases by the hashes, when the piece size decreases. Although, a larger piece size can lead to smaller piece hashes, more bandwidth and time will be consumed for re-transmitting the larger pieces if errors occur during downloading. In the case of live streaming, the piece hashes cannot be computed because the source contents cannot distribute in advance when the torrent file is created. Therefore, the lack of piece hashes makes it possible to deliberately attack and spam streaming because the peers cannot authenticate streaming data.
In this thesis, we propose a novel signature-authenticated proposal to facilitate data authentication by replacing the piece hashes in current BitTorrent protocols. Additionally, new metadata of public keys is included in the torrent file, while the signatures are stored separately in a file. We implement an open source BitTorrent client using cryptographic signatures to authenticate data. The experimental results show that signatures in BitTorrent provide strong security while decreasing the size of the torrent file, the overhead of signatures also performs reasonable. Furthermore, we argue that using cryptographic signatures is a feasible approach for securing data authentication in live streaming.