Securing data authentication with cryptographic signatures in BitTorrent

Thumbnail Image

URL

Journal Title

Journal ISSN

Volume Title

School of Electrical Engineering | Master's thesis
Checking the digitized thesis and permission for publishing
Instructions for the author

Authors

Date

2010

Department

Tietoliikenne- ja tietoverkkotekniikan laitos

Major/Subject

Tietoverkkotekniikka

Mcode

S-38

Degree programme

Language

en

Pages

xi + 58

Series

Abstract

BitTorrent is a scalable and popular Peer-to-Peer protocol for swapping large files over the Internet since its introduction in 2001. To validate a source file, which is chopped into small pieces, a traditional approach is to compute a hash for each piece by the SHA-1 hash function and include these hashes as metadata in a torrent file. The pieces are valid only until they have been verified by the hashes. However, the size of the torrent file relatively increases by the hashes, when the piece size decreases. Although, a larger piece size can lead to smaller piece hashes, more bandwidth and time will be consumed for re-transmitting the larger pieces if errors occur during downloading. In the case of live streaming, the piece hashes cannot be computed because the source contents cannot distribute in advance when the torrent file is created. Therefore, the lack of piece hashes makes it possible to deliberately attack and spam streaming because the peers cannot authenticate streaming data. In this thesis, we propose a novel signature-authenticated proposal to facilitate data authentication by replacing the piece hashes in current BitTorrent protocols. Additionally, new metadata of public keys is included in the torrent file, while the signatures are stored separately in a file. We implement an open source BitTorrent client using cryptographic signatures to authenticate data. The experimental results show that signatures in BitTorrent provide strong security while decreasing the size of the torrent file, the overhead of signatures also performs reasonable. Furthermore, we argue that using cryptographic signatures is a feasible approach for securing data authentication in live streaming.

Description

Supervisor

Manner, Jukka

Thesis advisor

Savolainen, Petri

Keywords

peer-to-peer, BitTorrent, data authentication, peer, cryptographic signature, hash function, live streaming

Other note

Citation

Permanent link to this item

https://urn.fi/URN:NBN:fi:aalto-2020122357292

Collections

[dipl] Sähkötekniikan korkeakoulu / ELEC