The dining cryptographers problem: unconditional sender and recipient untraceability
Journal of Cryptology
Untraceable electronic mail, return addresses, and digital pseudonyms
Communications of the ACM
Freenet: a distributed anonymous information storage and retrieval system
International workshop on Designing privacy enhancing technologies: design issues in anonymity and unobservability
The free haven project: distributed anonymous storage service
International workshop on Designing privacy enhancing technologies: design issues in anonymity and unobservability
Usability and privacy: a study of Kazaa P2P file-sharing
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Kademlia: A Peer-to-Peer Information System Based on the XOR Metric
IPTPS '01 Revised Papers from the First International Workshop on Peer-to-Peer Systems
Responder Anonymity and Anonymous Peer-to-Peer File Sharing
ICNP '01 Proceedings of the Ninth International Conference on Network Protocols
Tor: the second-generation onion router
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Conducting and Optimizing Eclipse Attacks in the Kad Peer-to-Peer Network
NETWORKING '09 Proceedings of the 8th International IFIP-TC 6 Networking Conference
Long term study of peer behavior in the KAD DHT
IEEE/ACM Transactions on Networking (TON)
Active measurement of routing table in Kad
CCNC'09 Proceedings of the 6th IEEE Conference on Consumer Communications and Networking Conference
Privacy-preserving P2P data sharing with OneSwarm
Proceedings of the ACM SIGCOMM 2010 conference
Large-scale monitoring of DHT traffic
IPTPS'09 Proceedings of the 8th international conference on Peer-to-peer systems
Exposing the lack of privacy in file hosting services
LEET'11 Proceedings of the 4th USENIX conference on Large-scale exploits and emergent threats
Hi-index | 0.00 |
Today peer-to-peer (P2P) file sharing networks help tens of millions of users to share contents on the Internet. However, users' private files in their shared folders might become accessible to everybody inadvertently. In this paper, we investigate this kind of user privacy exposures in Kad, one of the biggest P2P file sharing networks, and try to answer two questions: Q1. Whether and to what extent does this problem exist in current systems? Q2. Are attackers aware of this privacy vulnerability and are they abusing obtained private infortion? We build a monitoring system called Dragonfly based on the eclipse mechanism to passively monitor sharing and downloading events in Kad. We also use the Honeyfile approach to share forged private information to observe attackers' behaviors. Based on Dragonfly and Honeyfiles, we give affirmative answers to the above two questions. Within two weeks, more than five thousand private files related to ten sensitive keywords were shared by Kad users, and over half of them come from Italy and Spain. Within one month, each honey file was downloaded for about 40 times in average, and its inner password information was exploited for 25 times. These results show that this privacy problem has become a serious threat for P2P users. Finally, we design and implement Numen, a plug-in for eMule, which can effectively protect user private files from being shared without notice.