-
Project Maelstrom: Forensic Analysis of the BitTorrent-Powered Browser
Authors:
Jason Farina,
M-Tahar Kechadi,
Mark Scanlon
Abstract:
In April 2015, BitTorrent Inc. released their distributed peer-to-peer powered browser, Project Maelstrom, into public beta. The browser facilitates a new alternative website distribution paradigm to the traditional HTTP-based, client-server model. This decentralised web is powered by each of the visitors accessing each Maelstrom hosted website. Each user shares their copy of the website's source…
▽ More
In April 2015, BitTorrent Inc. released their distributed peer-to-peer powered browser, Project Maelstrom, into public beta. The browser facilitates a new alternative website distribution paradigm to the traditional HTTP-based, client-server model. This decentralised web is powered by each of the visitors accessing each Maelstrom hosted website. Each user shares their copy of the website's source code and multimedia content with new visitors. As a result, a Maelstrom hosted website cannot be taken offline by law enforcement or any other parties. Due to this open distribution model, a number of interesting censorship, security and privacy considerations are raised. This paper explores the application, its protocol, sharing Maelstrom content and its new visitor powered "web-hosting" paradigm.
△ Less
Submitted 2 October, 2015;
originally announced October 2015.
-
Network investigation methodology for BitTorrent Sync: A Peer-to-Peer based file synchronisation service
Authors:
Mark Scanlon,
Jason Farina,
M-Tahar Kechadi
Abstract:
High availability is no longer just a business continuity concern. Users are increasingly dependant on devices that consume and produce data in ever increasing volumes. A popular solution is to have a central repository which each device accesses after centrally managed authentication. This model of use is facilitated by cloud based file synchronisation services such as Dropbox, OneDrive, Google D…
▽ More
High availability is no longer just a business continuity concern. Users are increasingly dependant on devices that consume and produce data in ever increasing volumes. A popular solution is to have a central repository which each device accesses after centrally managed authentication. This model of use is facilitated by cloud based file synchronisation services such as Dropbox, OneDrive, Google Drive and Apple iCloud. Cloud architecture allows the provisioning of storage space with "always-on" access. Recent concerns over unauthorised access to third party systems and large scale exposure of private data have made an alternative solution desirable. These events have caused users to assess their own security practices and the level of trust placed in third party storage services. One option is BitTorrent Sync, a cloudless synchronisation utility provides data availability and redundancy. This utility replicates files stored in shares to remote peers with access controlled by keys and permissions. While lacking the economies brought about by scale, complete control over data access has made this a popular solution. The ability to replicate data without oversight introduces risk of abuse by users as well as difficulties for forensic investigators. This paper suggests a methodology for investigation and analysis of the protocol to assist in the control of data flow across security perimeters.
△ Less
Submitted 3 June, 2015;
originally announced June 2015.
-
Digital Evidence Bag Selection for P2P Network Investigation
Authors:
Mark Scanlon,
M-Tahar Kechadi
Abstract:
The collection and handling of court admissible evidence is a fundamental component of any digital forensic investigation. While the procedures for handling digital evidence take much of their influence from the established policies for the collection of physical evidence, due to the obvious differences in dealing with non-physical evidence, a number of extra policies and procedures are required.…
▽ More
The collection and handling of court admissible evidence is a fundamental component of any digital forensic investigation. While the procedures for handling digital evidence take much of their influence from the established policies for the collection of physical evidence, due to the obvious differences in dealing with non-physical evidence, a number of extra policies and procedures are required. This paper compares and contrasts some of the existing digital evidence formats or "bags" and analyses them for their compatibility with evidence gathered from a network source. A new digital extended evidence bag is proposed to specifically deal with evidence gathered from P2P networks, incorporating the network byte stream and on-the-fly metadata generation to aid in expedited identification and analysis.
△ Less
Submitted 30 September, 2014;
originally announced September 2014.
-
The Case for a Collaborative Universal Peer-to-Peer Botnet Investigation Framework
Authors:
Mark Scanlon,
M-Tahar Kechadi
Abstract:
Peer-to-Peer (P2P) botnets are becoming widely used as a low-overhead, efficient, self-maintaining, distributed alternative to the traditional client/server model across a broad range of cyberattacks. These cyberattacks can take the form of distributed denial of service attacks, authentication cracking, spamming, cyberwarfare or malware distribution targeting on financial systems. These attacks ca…
▽ More
Peer-to-Peer (P2P) botnets are becoming widely used as a low-overhead, efficient, self-maintaining, distributed alternative to the traditional client/server model across a broad range of cyberattacks. These cyberattacks can take the form of distributed denial of service attacks, authentication cracking, spamming, cyberwarfare or malware distribution targeting on financial systems. These attacks can also cross over into the physical world attacking critical infrastructure causing its disruption or destruction (power, communications, water, etc.). P2P technology lends itself well to being exploited for such malicious purposes due to the minimal setup, running and maintenance costs involved in executing a globally orchestrated attack, alongside the perceived additional layer of anonymity. In the ever-evolving space of botnet technology, reducing the time lag between discovering a newly developed or updated botnet system and gaining the ability to mitigate against it is paramount. Often, numerous investigative bodies duplicate their efforts in creating bespoke tools to combat particular threats. This paper outlines a framework capable of fast tracking the investigative process through collaboration between key stakeholders.
△ Less
Submitted 30 September, 2014;
originally announced September 2014.
-
BitTorrent Sync: Network Investigation Methodology
Authors:
Mark Scanlon,
Jason Farina,
M-Tahar Kechadi
Abstract:
The volume of personal information and data most Internet users find themselves amassing is ever increasing and the fast pace of the modern world results in most requiring instant access to their files. Millions of these users turn to cloud based file synchronisation services, such as Dropbox, Microsoft Skydrive, Apple iCloud and Google Drive, to enable "always-on" access to their most up-to-date…
▽ More
The volume of personal information and data most Internet users find themselves amassing is ever increasing and the fast pace of the modern world results in most requiring instant access to their files. Millions of these users turn to cloud based file synchronisation services, such as Dropbox, Microsoft Skydrive, Apple iCloud and Google Drive, to enable "always-on" access to their most up-to-date data from any computer or mobile device with an Internet connection. The prevalence of recent articles covering various invasion of privacy issues and data protection breaches in the media has caused many to review their online security practices with their personal information. To provide an alternative to cloud based file backup and synchronisation, BitTorrent Inc. released an alternative cloudless file backup and synchronisation service, named BitTorrent Sync to alpha testers in April 2013. BitTorrent Sync's popularity rose dramatically throughout 2013, reaching over two million active users by the end of the year. This paper outlines a number of scenarios where the network investigation of the service may prove invaluable as part of a digital forensic investigation. An investigation methodology is proposed outlining the required steps involved in retrieving digital evidence from the network and the results from a proof of concept investigation are presented.
△ Less
Submitted 30 September, 2014;
originally announced September 2014.
-
BitTorrent Sync: First Impressions and Digital Forensic Implications
Authors:
Jason Farina,
Mark Scanlon,
M-Tahar Kechadi
Abstract:
With professional and home Internet users becoming increasingly concerned with data protection and privacy, the privacy afforded by popular cloud file synchronisation services, such as Dropbox, OneDrive and Google Drive, is coming under scrutiny in the press. A number of these services have recently been reported as sharing information with governmental security agencies without warrants. BitTorre…
▽ More
With professional and home Internet users becoming increasingly concerned with data protection and privacy, the privacy afforded by popular cloud file synchronisation services, such as Dropbox, OneDrive and Google Drive, is coming under scrutiny in the press. A number of these services have recently been reported as sharing information with governmental security agencies without warrants. BitTorrent Sync is seen as an alternative by many and has gathered over two million users by December 2013 (doubling since the previous month). The service is completely decentralised, offers much of the same synchronisation functionality of cloud powered services and utilises encryption for data transmission (and optionally for remote storage). The importance of understanding BitTorrent Sync and its resulting digital investigative implications for law enforcement and forensic investigators will be paramount to future investigations. This paper outlines the client application, its detected network traffic and identifies artefacts that may be of value as evidence for future digital investigations.
△ Less
Submitted 29 September, 2014;
originally announced September 2014.
-
A Framework for Genetic Algorithms Based on Hadoop
Authors:
Filomena Ferrucci,
M-Tahar Kechadi,
Pasquale Salza,
Federica Sarro
Abstract:
Genetic Algorithms (GAs) are powerful metaheuristic techniques mostly used in many real-world applications. The sequential execution of GAs requires considerable computational power both in time and resources. Nevertheless, GAs are naturally parallel and accessing a parallel platform such as Cloud is easy and cheap. Apache Hadoop is one of the common services that can be used for parallel applicat…
▽ More
Genetic Algorithms (GAs) are powerful metaheuristic techniques mostly used in many real-world applications. The sequential execution of GAs requires considerable computational power both in time and resources. Nevertheless, GAs are naturally parallel and accessing a parallel platform such as Cloud is easy and cheap. Apache Hadoop is one of the common services that can be used for parallel applications. However, using Hadoop to develop a parallel version of GAs is not simple without facing its inner workings. Even though some sequential frameworks for GAs already exist, there is no framework supporting the development of GA applications that can be executed in parallel. In this paper is described a framework for parallel GAs on the Hadoop platform, following the paradigm of MapReduce. The main purpose of this framework is to allow the user to focus on the aspects of GA that are specific to the problem to be addressed, being sure that this task is going to be correctly executed on the Cloud with a good performance. The framework has been also exploited to develop an application for Feature Subset Selection problem. A preliminary analysis of the performance of the developed GA application has been performed using three datasets and shown very promising performance.
△ Less
Submitted 15 December, 2013; v1 submitted 30 November, 2013;
originally announced December 2013.
-
TreeP: A Tree-Based P2P Network Architecture
Authors:
B. Hudzia,
M-T. Kechadi,
A. Ottewill
Abstract:
In this paper we proposed a hierarchical P2P network based on a dynamic partitioning on a 1-D space. This hierarchy is created and maintained dynamically and provides a gridmiddleware (like DGET) a P2P basic functionality for resource discovery and load-balancing.This network architecture is called TreeP (Tree based P2P network architecture) and is based on atessellation of a 1-D space. We show…
▽ More
In this paper we proposed a hierarchical P2P network based on a dynamic partitioning on a 1-D space. This hierarchy is created and maintained dynamically and provides a gridmiddleware (like DGET) a P2P basic functionality for resource discovery and load-balancing.This network architecture is called TreeP (Tree based P2P network architecture) and is based on atessellation of a 1-D space. We show that this topology exploits in an efficient way theheterogeneity feature of the network while limiting the overhead introduced by the overlaymaintenance. Experimental results show that this topology is highly resilient to a large number ofnetwork failures.
△ Less
Submitted 29 August, 2006;
originally announced August 2006.
-
Entity Based Peer-to-Peer in a Data Grid Environment
Authors:
B. Hudzia,
L. McDermott,
T. N. Illahi,
M-T. Kechadi
Abstract:
During the last decade there has been a huge interest in Grid technologies, and numerous Grid projects have been initiated with various visions of the Grid. While all these visions have the same goal of resource sharing, they differ in the functionality that a Grid supports, the grid characterisation, programming environments, etc. In this paper we present a new Grid system dedicated to deal wit…
▽ More
During the last decade there has been a huge interest in Grid technologies, and numerous Grid projects have been initiated with various visions of the Grid. While all these visions have the same goal of resource sharing, they differ in the functionality that a Grid supports, the grid characterisation, programming environments, etc. In this paper we present a new Grid system dedicated to deal with data issues, called DGET (Data Grid Environment and Tools). DGET is characterized by its peer-to-peer communication system and entity-based architecture, therefore, taking advantage of the main functionality of both systems; P2P and Grid. DGET is currently under development and a prototype implementing the main components is in its first phase of testing. In this paper we limit our description to the system architectural features and to the main differences with other systems.
△ Less
Submitted 29 August, 2006;
originally announced August 2006.
-
A Study of Sequence Distribution of a Painted Globule as a Model for Proteins with Good Folding Properties
Authors:
M-T. Kechadi,
R. G. Reilly,
K. A. Dawson,
Yu. A. Kuznetsov,
E. G. Timoshenko
Abstract:
In this paper we present a method to study the folding structure of a simple model consisting of two kinds of monomers, hydrophobic and hydrophilic. This method has three main steps: an efficient simulation method to bring an open sequence of homopolymer to a folded state, the application of a painting method called (regular hull) to the folded globule and the refolding process of the obtained c…
▽ More
In this paper we present a method to study the folding structure of a simple model consisting of two kinds of monomers, hydrophobic and hydrophilic. This method has three main steps: an efficient simulation method to bring an open sequence of homopolymer to a folded state, the application of a painting method called (regular hull) to the folded globule and the refolding process of the obtained copolymer sequence. This study allows us to suggest a theoretical function of disorder distribution for copolymer sequences that give rise to a compacted and well micro-phase separated globule.
△ Less
Submitted 23 April, 2001;
originally announced April 2001.