Hijacking the Vuze BitTorrent network: All your hop are belong to us

Eric Chan-Tin, Victor Heorhiadi, Nicholas Hopper, Yongdae Kim

Research output: Contribution to journalArticlepeer-review

2 Scopus citations

Abstract

Vuze is a popular file-sharing client. When looking for content, Vuze selects from its list of neighbours, a set of 20 nodes to be contacted; the selection is performed such that the neighbours closest to the content in terms of Vuze ID are contacted first. To improve efficiency of its searches, Vuze implements a network coordinate system: from the set of 20 to-be-contacted nodes, queries are sent to the closest nodes in terms of network distance, which is calculated by the difference in network coordinates. However, network coordinate systems are inherently insecure and a malicious peer can lie about its coordinate to appear closest to every peer in the network. This allows the malicious peer to bias next-hop choices for victim peers such that queries will be sent to the attacker, thus hijacking every search query. In our experiments, almost 20% of the search queries are hijacked; the cost of performing this attack is minimal - less than $112/month.

Original languageEnglish (US)
Pages (from-to)203-208
Number of pages6
JournalIET Information Security
Volume9
Issue number4
DOIs
StatePublished - Jul 1 2015

Bibliographical note

Publisher Copyright:
© The Institution of Engineering and Technology 2015.

Fingerprint Dive into the research topics of 'Hijacking the Vuze BitTorrent network: All your hop are belong to us'. Together they form a unique fingerprint.

Cite this