Discussion:
[libtorrent] Private DHT Swarm
Sivachandran Paramasivam
2016-08-26 12:07:02 UTC
Permalink
Hi,

I am trying to form a private DHT swarm using my own DHT router. But
whenever I run the DHT router/nodes I see many "get_peers" request from
nodes which are not part of my private swarm.

Is there a way to filter DHT nodes that can communicate with my node? IP
filter doesn't work as nodes use dynamic IP. I am thinking of using node
fingerprint to identify nodes that are part of my private swarm and ban
other nodes. But I don't know how to achieve this with libtorrent.

Thanks,
Sivachandran Paramasivam
------------------------------------------------------------------------------
t***@infinite-source.de
2016-08-26 15:33:45 UTC
Permalink
In managed environments it's probably easier to just setup a tracker
than trying to fiddle with the DHT.

Also note that the DHT itself generally does not store any sensitive
data (well, except BEP44 payloads, but those have to be used explicitly
and can be easily encrypted), so "private swarm" does not mean you need
a private DHT if you just whitelist BT peers instead.

- The 8472
Post by Sivachandran Paramasivam
Hi,
I am trying to form a private DHT swarm using my own DHT router. But
whenever I run the DHT router/nodes I see many "get_peers" request from
nodes which are not part of my private swarm.
Is there a way to filter DHT nodes that can communicate with my node? IP
filter doesn't work as nodes use dynamic IP. I am thinking of using node
fingerprint to identify nodes that are part of my private swarm and ban
other nodes. But I don't know how to achieve this with libtorrent.
Thanks,
Sivachandran Paramasivam
------------------------------------------------------------------------------
_______________________________________________
Libtorrent-discuss mailing list
https://lists.sourceforge.net/lists/listinfo/libtorrent-discuss
------------------------------------------------------------------------------
Arvid Norberg
2016-08-27 01:32:56 UTC
Permalink
one idea I've been thinking about for quite a while now, to sort of get
private DHT swarms is this:

1. require all peers to use bittorrent protocol encryption / message stream
encryption
2. announce to the DHT, not under the info-hash, but under a salter or
double-hashed info-hash.

The idea is that in the "encryption" protocol, the info-hash is used as a
shared secret. If you don't know the info-hash, you won't be able to
connect to a peer that requires protocol encryption. By announcing to a key
derived from the info-hash (through a one-way function), you cannot deduce
the info-hash simply by eaves dropping on the DHT.

The main hurdle is that if just a single peer is buggy or malicious (or
doesn't support this feature), the info-hash will leak and the whole thing
will break down.
To avoid just having a client unintentionally leak the info-hash by simply
not supporting the feature, it will have to introduce some kind of
breakage, to prevent non-supporting clients to even participate. I'm not
sure what the best way to do that is though.
Post by t***@infinite-source.de
In managed environments it's probably easier to just setup a tracker
than trying to fiddle with the DHT.
Also note that the DHT itself generally does not store any sensitive
data (well, except BEP44 payloads, but those have to be used explicitly
and can be easily encrypted), so "private swarm" does not mean you need
a private DHT if you just whitelist BT peers instead.
- The 8472
Post by Sivachandran Paramasivam
Hi,
I am trying to form a private DHT swarm using my own DHT router. But
whenever I run the DHT router/nodes I see many "get_peers" request from
nodes which are not part of my private swarm.
Is there a way to filter DHT nodes that can communicate with my node? IP
filter doesn't work as nodes use dynamic IP. I am thinking of using node
fingerprint to identify nodes that are part of my private swarm and ban
other nodes. But I don't know how to achieve this with libtorrent.
Thanks,
Sivachandran Paramasivam
------------------------------------------------------------
------------------
Post by Sivachandran Paramasivam
_______________________________________________
Libtorrent-discuss mailing list
https://lists.sourceforge.net/lists/listinfo/libtorrent-discuss
------------------------------------------------------------
------------------
_______________________________________________
Libtorrent-discuss mailing list
https://lists.sourceforge.net/lists/listinfo/libtorrent-discuss
--
Arvid Norberg
------------------------------------------------------------------------------
t***@infinite-source.de
2016-08-27 09:21:28 UTC
Permalink
The cryptographic primitives used in MSE are too weak to provide real
security. They're just adequate for obfuscation.

Additionally, transport-level encryption does not provide protection for
at-rest data, which may be useful to let untrusted nodes (e.g. cheap
seedboxes) to participate.

Hence my encrypted torrent proposal.

https://github.com/bittorrent/bittorrent.org/pull/20
Post by Arvid Norberg
one idea I've been thinking about for quite a while now, to sort of get
1. require all peers to use bittorrent protocol encryption / message stream
encryption
2. announce to the DHT, not under the info-hash, but under a salter or
double-hashed info-hash.
The idea is that in the "encryption" protocol, the info-hash is used as a
shared secret. If you don't know the info-hash, you won't be able to
connect to a peer that requires protocol encryption. By announcing to a key
derived from the info-hash (through a one-way function), you cannot deduce
the info-hash simply by eaves dropping on the DHT.
The main hurdle is that if just a single peer is buggy or malicious (or
doesn't support this feature), the info-hash will leak and the whole thing
will break down.
To avoid just having a client unintentionally leak the info-hash by simply
not supporting the feature, it will have to introduce some kind of
breakage, to prevent non-supporting clients to even participate. I'm not
sure what the best way to do that is though.
Post by t***@infinite-source.de
In managed environments it's probably easier to just setup a tracker
than trying to fiddle with the DHT.
Also note that the DHT itself generally does not store any sensitive
data (well, except BEP44 payloads, but those have to be used explicitly
and can be easily encrypted), so "private swarm" does not mean you need
a private DHT if you just whitelist BT peers instead.
- The 8472
Post by Sivachandran Paramasivam
Hi,
I am trying to form a private DHT swarm using my own DHT router. But
whenever I run the DHT router/nodes I see many "get_peers" request from
nodes which are not part of my private swarm.
Is there a way to filter DHT nodes that can communicate with my node? IP
filter doesn't work as nodes use dynamic IP. I am thinking of using node
fingerprint to identify nodes that are part of my private swarm and ban
other nodes. But I don't know how to achieve this with libtorrent.
Thanks,
Sivachandran Paramasivam
------------------------------------------------------------
------------------
Post by Sivachandran Paramasivam
_______________________________________________
Libtorrent-discuss mailing list
https://lists.sourceforge.net/lists/listinfo/libtorrent-discuss
------------------------------------------------------------
------------------
_______________________________________________
Libtorrent-discuss mailing list
https://lists.sourceforge.net/lists/listinfo/libtorrent-discuss
------------------------------------------------------------------------------
Continue reading on narkive:
Loading...